IBM Crypto Education Community

Back to discussions
Expand all | Collapse all

Extract Public key from a certificate

  • 1.  Extract Public key from a certificate

    Posted Tue November 05, 2019 06:47 AM

    Hi,

        As part of an apple pay project we are given a base 64 digital certificate and need to extract the public key. I can see that the ICSF dialogues can extract a public key from a DER format digital certificate. Is that something  that could be done from a program. The other obvious answer is to use OPENSSL, but I was wondering if we have another solution. The example is:-

     

    -----BEGIN CERTIFICATE-----
    MIIEEjCCA7igAwIBAgIIEccnFAKsD+UwCgYIKoZIzj0EAwIwgYExOzA5BgNVBAMMMlRlc3QgQXBwbGUgV29ybGR3aWRlIERldmVsb3
    BlcnMgUmVsYXRpb25zIENBIC0gRUNDMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwb
    GUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTkwODA3MjA1NzA5WhcNMjEwNzEzMDI1ODAwWjBtMTYwNAYDVQQDDC1lY2MtY3J
    5cHRvLXNlcnZpY2VzLWVuY2lwaGVybWVudF9VQzYtSW5NZW1vcnkxETAPBgNVBAsMCEFwcGxlUGF5MRMwEQYDVQQKDApBcH
    BsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABC4+XM9rmrBL56IvP6zP3nPIfocVU5SjS
    BVAiolsoYo3TaxmmvO/
    YiD8hjdn9K9HUHxbwiH8ShmHTa85tAdOPrijggIrMIICJzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNbW1Vrl//
    3CfDTDQ969aHZcNqm+ME8GCCsGAQUFBwEBBEMwQTA/
    BggrBgEFBQcwAYYzaHR0cDovL29jc3AtdWF0LmNvcnAuYXBwbGUuY29tL29jc3AwNC10ZXN0d3dkcmNhZWNjMIIBHQYDVR0gBIIBF
    DCCARAwggEMBgkqhkiG92NkBQEwgf4wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieS
    BhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvb
    mRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNg
    YIKwYBBQUHAgEWKmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzBBBgNVHR8EOjA4MDagNKAyhjBod
    HRwOi8vY3JsLXVhdC5jb3JwLmFwcGxlLmNvbS9hcHBsZXd3ZHJjYWVjYy5jcmwwHQYDVR0OBBYEFK0uo8t+NMLt7kNoTicRH8xJMz
    nQMA4GA1UdDwEB/
    wQEAwIDKDASBgkqhkiG92NkBicBAf8EAgUAMAoGCCqGSM49BAMCA0gAMEUCIQCKEXnIsY2PZqMF2xHKehKgp/ZywZ/9/
    TZ+AnpOA6mI/AIgTI94NSaIn7DLd47QTK760WILDOr0EdOHiExJMZwYp7c=
    -----END CERTIFICATE-----

     

    needs to produce:-

     

    Public Key in uncompressed format (65 bytes):


    042E3E5CCF6B9AB04BE7A22F3FACCFDE73C87E87155394A34815408A896CA18A374DAC669AF3BF6220FC863767F4AF47507C
    5BC221FC4A19874DAF39B4074E3EB8   

     

    Any help would be appreciated

    Regards Darren

    DarrenSmith


  • 2.  Re: Extract Public key from a certificate

    Posted Fri December 13, 2019 02:47 PM

    Hi Darren,

    ICSF has no capability to retrieve a public key from a Base64 encoded certificate.

     

    Are you able to convert the Base64 encoded certificate to DER encoding at all? Then, you could programmatically invoke the PKCS #11 CSFPTRC callable service to create a PKCS #11 object and invoke CSFPGAV on the PKCS #11 object to extract the public key.

     

     

    Eysha Shirrine