Guy Rutenberg

Keeping track of what I do

Extract Public Key from X.509 Certificate as Hex

with 5 comments

X.509 certificates are common way to exchange and distribute public key information. For example, most Open Social containers use the OAuth RSA-SHA1 signature method, and distribute their public keys in the X.509 format.

While working on an AppEngine application, I needed to verify requests from such containers. However, there is (currently) no pure python library able of parsing the certificates. This meant that I needed extract the public key out of the certificate manually, and store it in some parsed way inside the Python code.

Fortunately, parsing public keys form a X.509 certificate and representing them as a Hex number turned out simple and easy.

openssl x509 -modulus -noout < pub.cer | sed s/Modulus=/0x/

Just replace pub.cer with the certificate file you want to parse. For example (I’ve used Orkut’s certificate):

$ openssl x509 -modulus -noout < pub.1199819524.-1556113204990931254.cer | sed s/Modulus=/0x/
0xB1E057678343866DB89D7DEC251899261BF2F5E0D95F5D868F81D600C9A101C9E6DA20606290228308551ED3ACF9921421DCD01EF1DE35DD3275CD4983C7BE0BE325CE8DFC3AF6860F7AB0BF32742CD9FB2FCD1CD1756BBC400B743F73ACEFB45D26694CAF4F26B9765B9F65665245524DE957E8C547C358781FDFB68EC056D1

and all I’ve to do is to copy the result into my Python code (isn’t Python’s unbounded integers great?).

Share and Enjoy:
  • del.icio.us
  • StumbleUpon
  • Digg
  • Facebook
  • Mixx
  • Google Bookmarks
  • Simpy

Written by Guy

January 1st, 2009 at 11:29 pm

Posted in Tips

Tagged with

«
»

5 Responses to 'Extract Public Key from X.509 Certificate as Hex'

Subscribe to comments with RSS or TrackBack to 'Extract Public Key from X.509 Certificate as Hex'.

  1. I am trying to do the same with another opensocial container and getting following error:

    C:\Program Files\GnuWin32\bin>openssl x509 -modulus -noout < lokalistenPublicKey
    v1.pem | sed s/Modulus=/0x/
    unable to load certificate
    3476:error:0906D06C:PEM routines:PEM_read_bio:no start line:./crypto/pem/pem_lib
    .c:647:Expecting: TRUSTED CERTIFICATE

    Can you help?

    Axrdhm

    17 Mar 09 at 08:14

  2. Hi,

    It looks like the certificate you have is not in the right format, or it might be corrupted. Which container are you trying to use?

    Guy

    17 Mar 09 at 14:12

  3. http://lokalisten.de/

    I found a public key on developer forum from one of lokalisten.de team member, here are its contents:

    —–BEGIN PUBLIC KEY—–
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZzI/zgAlC2cYWJBoXhpJOmeB+
    djBDLhncgYlNQLNLjkS1L2cc9SLJUPz3dXmFxie6x8rxdB4XxEG8bsDejDptJe9S
    /zrymlH5OgFEqyas+qqo58xHnCFGX8FVbbHOmMEj9qom3HK+QUgNrA7zcP0rXuB5
    OzleBGV3OsvMgTQzVwIDAQAB
    —–END PUBLIC KEY—–

    Axrdhm

    17 Mar 09 at 18:09

  4. It looks like the key wasn’t copied correctly and has some parts missing, or is not in the x509 format.

    Take a look at Orkut’s key:
    http://sandbox.orkut.com/46/o/pub.1199819524.-1556113204990931254.cer

    Their key is much longer and has different headers.

    Guy

    20 Mar 09 at 09:56

  5. [root@hadoop_m ca]# openssl x509 -in client4.crt -pubkey
    —–BEGIN PUBLIC KEY—–
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8umK3S5fOhGJsu4mi7VtikLL2
    sQ1xNkmmhzq/dHgc020JUq2ZhqM0R7nwBpopilPHU6sVnF0xTMHHhM/68maqZ+vu
    Uz3byFCTvTLWpbCTx6ysMGfIq43Du0xzSQaSRFBqFecJ5P5EeKewhdnyB/SUqDgI
    Zvbgq8d3E/H0b4yzAQIDAQAB
    —–END PUBLIC KEY—–

    max

    11 May 10 at 05:59

Leave a Reply