Guy Rutenberg » x.509 http://www.guyrutenberg.com Keeping track of what I do Wed, 16 Jun 2010 19:53:40 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Extract Public Key from X.509 Certificate as Hex http://www.guyrutenberg.com/2009/01/01/extract-public-key-from-x509-certificate-as-hex/ http://www.guyrutenberg.com/2009/01/01/extract-public-key-from-x509-certificate-as-hex/#comments Thu, 01 Jan 2009 20:29:04 +0000 Guy http://www.guyrutenberg.com/?p=204 X.509 certificates are common way to exchange and distribute public key information. For example, most Open Social containers use the OAuth RSA-SHA1 signature method, and distribute their public keys in the X.509 format.

While working on an AppEngine application, I needed to verify requests from such containers. However, there is (currently) no pure python library able of parsing the certificates. This meant that I needed extract the public key out of the certificate manually, and store it in some parsed way inside the Python code.

Fortunately, parsing public keys form a X.509 certificate and representing them as a Hex number turned out simple and easy.

openssl x509 -modulus -noout < pub.cer | sed s/Modulus=/0x/

Just replace pub.cer with the certificate file you want to parse. For example (I’ve used Orkut’s certificate):

$ openssl x509 -modulus -noout < pub.1199819524.-1556113204990931254.cer | sed s/Modulus=/0x/
0xB1E057678343866DB89D7DEC251899261BF2F5E0D95F5D868F81D600C9A101C9E6DA20606290228308551ED3ACF9921421DCD01EF1DE35DD3275CD4983C7BE0BE325CE8DFC3AF6860F7AB0BF32742CD9FB2FCD1CD1756BBC400B743F73ACEFB45D26694CAF4F26B9765B9F65665245524DE957E8C547C358781FDFB68EC056D1

and all I’ve to do is to copy the result into my Python code (isn’t Python’s unbounded integers great?).

]]> http://www.guyrutenberg.com/2009/01/01/extract-public-key-from-x509-certificate-as-hex/feed/ 5