IBM Crypto Education Community

IBM Crypto Education Community

IBM Crypto Education Community

Join the IBM Crypto Education community to explore and understand IBM cryptography technology. This community is operated and maintained by the IBM Crypto Development team.

 View Only
Back to discussions
Expand all | Collapse all

Extract Public key from a certificate

  • 1.  Extract Public key from a certificate

    Posted Tue November 05, 2019 06:47 AM

    Hi,

        As part of an apple pay project we are given a base 64 digital certificate and need to extract the public key. I can see that the ICSF dialogues can extract a public key from a DER format digital certificate. Is that something  that could be done from a program. The other obvious answer is to use OPENSSL, but I was wondering if we have another solution. The example is:-

     

    -----BEGIN CERTIFICATE-----
    MIIEEjCCA7igAwIBAgIIEccnFAKsD+UwCgYIKoZIzj0EAwIwgYExOzA5BgNVBAMMMlRlc3QgQXBwbGUgV29ybGR3aWRlIERldmVsb3
    BlcnMgUmVsYXRpb25zIENBIC0gRUNDMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwb
    GUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTkwODA3MjA1NzA5WhcNMjEwNzEzMDI1ODAwWjBtMTYwNAYDVQQDDC1lY2MtY3J
    5cHRvLXNlcnZpY2VzLWVuY2lwaGVybWVudF9VQzYtSW5NZW1vcnkxETAPBgNVBAsMCEFwcGxlUGF5MRMwEQYDVQQKDApBcH
    BsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC4+XM9rmrBL56IvP6zP3nPIfocVU5SjS
    BVAiolsoYo3TaxmmvO/
    YiD8hjdn9K9HUHxbwiH8ShmHTa85tAdOPrijggIrMIICJzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNbW1Vrl//
    3CfDTDQ969aHZcNqm+ME8GCCsGAQUFBwEBBEMwQTA/
    BggrBgEFBQcwAYYzaHR0cDovL29jc3AtdWF0LmNvcnAuYXBwbGUuY29tL29jc3AwNC10ZXN0d3dkcmNhZWNjMIIBHQYDVR0gBIIBF
    DCCARAwggEMBgkqhkiG92NkBQEwgf4wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieS
    BhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvb
    mRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNg
    YIKwYBBQUHAgEWKmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzBBBgNVHR8EOjA4MDagNKAyhjBod
    HRwOi8vY3JsLXVhdC5jb3JwLmFwcGxlLmNvbS9hcHBsZXd3ZHJjYWVjYy5jcmwwHQYDVR0OBBYEFK0uo8t+NMLt7kNoTicRH8xJMz
    nQMA4GA1UdDwEB/
    wQEAwIDKDASBgkqhkiG92NkBicBAf8EAgUAMAoGCCqGSM49BAMCA0gAMEUCIQCKEXnIsY2PZqMF2xHKehKgp/ZywZ/9/
    TZ+AnpOA6mI/AIgTI94NSaIn7DLd47QTK760WILDOr0EdOHiExJMZwYp7c=
    -----END CERTIFICATE-----

     

    needs to produce:-

     

    Public Key in uncompressed format (65 bytes):


    042E3E5CCF6B9AB04BE7A22F3FACCFDE73C87E87155394A34815408A896CA18A374DAC669AF3BF6220FC863767F4AF47507C
    5BC221FC4A19874DAF39B4074E3EB8   

     

    Any help would be appreciated

    Regards Darren

    DarrenSmith


  • 2.  Re: Extract Public key from a certificate

    Posted Fri December 13, 2019 02:47 PM

    Hi Darren,

    ICSF has no capability to retrieve a public key from a Base64 encoded certificate.

     

    Are you able to convert the Base64 encoded certificate to DER encoding at all? Then, you could programmatically invoke the PKCS #11 CSFPTRC callable service to create a PKCS #11 object and invoke CSFPGAV on the PKCS #11 object to extract the public key.

     

     

    Eysha Shirrine


Related Content