Extract Public Key from X.509 Certificate as Hex

X.509 certificates are common way to exchange and distribute public key information. For example, most Open Social containers use the OAuth RSA-SHA1 signature method, and distribute their public keys in the X.509 format.

While working on an AppEngine application, I needed to verify requests from such containers. However, there is (currently) no pure python library able of parsing the certificates. This meant that I needed extract the public key out of the certificate manually, and store it in some parsed way inside the Python code.

Fortunately, parsing public keys form a X.509 certificate and representing them as a Hex number turned out simple and easy.

openssl x509 -modulus -noout < pub.cer | sed s/Modulus=/0x/

Just replace pub.cer with the certificate file you want to parse. For example (I’ve used Orkut’s certificate):

$ openssl x509 -modulus -noout < pub.1199819524.-1556113204990931254.cer | sed s/Modulus=/0x/

and all I’ve to do is to copy the result into my Python code (isn’t Python’s unbounded integers great?).

8 thoughts on “Extract Public Key from X.509 Certificate as Hex”

  1. I am trying to do the same with another opensocial container and getting following error:

    C:\Program Files\GnuWin32\bin>openssl x509 -modulus -noout < lokalistenPublicKey
    v1.pem | sed s/Modulus=/0x/
    unable to load certificate
    3476:error:0906D06C:PEM routines:PEM_read_bio:no start line:./crypto/pem/pem_lib
    .c:647:Expecting: TRUSTED CERTIFICATE

    Can you help?

  2. Hi,

    It looks like the certificate you have is not in the right format, or it might be corrupted. Which container are you trying to use?

  3. http://lokalisten.de/

    I found a public key on developer forum from one of lokalisten.de team member, here are its contents:


  4. [root@hadoop_m ca]# openssl x509 -in client4.crt -pubkey

  5. I think command should be:
    openssl x509 -modulus -noout -in pub.cer | sed ‘s/Modulus=/0x/’

  6. It’s completely equivalent, mine reads the certificate from stdin, yours specifies it on the command line…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.