How to decode private key from PEM and how to extract the Public Key

finlaydotb · July 25, 2023, 10:30am

I am trying to load a private key in PEM file, and then extract the public key portion. Unfortunately I have not had any success with this, and I have not found a crate that can help with this.

After closed and down voted questions on StackOverflow:

How do I obtain the public key from private key in Rust? - Stack Overflow
private key - How to fix implementation of `pkcs8::der::Decode` is not general enough error in Rust - Stack Overflow

I am here to ask for pointers. How may I load a PEM file that contains a private key, and extract the public portion, with the option to even export it as a PEM file?

H2CO3 · July 25, 2023, 11:00am

There's a pem crate.

finlaydotb · July 25, 2023, 11:02am

I'll give this a try now. Hopefully this will be the crate I am looking for...

finlaydotb · July 25, 2023, 11:05am

Not sure if this fits my needs. A quick look at the documentation I can't find how to extract the public key from the private key for instance.

H2CO3 · July 25, 2023, 11:08am

You'd presumably use parse_many() and compare tags.

finlaydotb · July 25, 2023, 12:32pm

Does not look like it. parse_many() returns Pem in pem - Rust and looking through that, it does not provide the functionality needed.

It is interesting that it is this hard to get this done.

I am using RSA, so I even checked the RSA rust crate out rsa - Rust and that also does not seem to have a way to decode keys from pem files!

H2CO3 · July 25, 2023, 12:41pm

I'm not sure we are talking about the same thing. Slightly adapting the example found in the documentation, you could just perform a naïve linear search on all returned entries and pick whichever one you need: Rust Explorer

riking · July 25, 2023, 10:36pm

They're almost certainly asking for a library that will do the math on the private key to generate a fresh copy of the public part.

tbfleming · July 26, 2023, 1:09am

Every time I've used PEM, the tools which created the cert created separate files for the public and private parts. I've only had to recover public keys from private keys while developing Blockchain libraries and tools, which have their own (not PEM) formats.

Is there a reason you need to do public key recovery with PEM? Note that ECC is the only widespread algorithm which can do public key recovery, and it's not the only algorithm commonly used with PEM. ECC also requires some extra bits stored with the private key to indicate which of up to 4 solutions is the published public key; I doubt PEM stores those bits.

tbfleming · July 26, 2023, 1:46am

RSA doesn't support public key recovery. It's not a crate issue; the math to do that just doesn't efficiently exist.

simonbuchan · July 26, 2023, 3:00am

The statement that you can't get the public key from a key file is a bit strong: Can I get a public key from an RSA private key? - Information Security Stack Exchange

But it's not a standard functionality you should expect in a library.

H2CO3 · July 26, 2023, 5:51am

Okay, so there are two (actually, three) separate issues here:

Parsing and emitting PEM files with arbitrary content.
- This is exactly what the pem crate is for.
Mathematically computing (not "extracting from a file") an RSA public key given only the information of the private key.
- This is impossible (or at least, as strong a problem as breaking RSA and factoring are)
Extracting only the public key from a file that contains information about both the private and the public key, which some systems confusingly just call a "private key".
- This is possible, but you'll have to parse the internal, possibly DER-encoded ASN.1 structure of the file. In which case, this has borderline nothing to do with PEM.

Which one of these 3 problems are you trying to solve?

riking · July 26, 2023, 8:59pm

hm? no, an RSA private key should store (e, d, p-1, q-1) and you can do (p-1+1) * (q-1+1) to recover N.

Or e = 65537 might be implied in your format and it doesn't need storage.

But the above text is correct: This isn't a PEM problem.

tbfleming · July 26, 2023, 11:20pm

You're adding a requirement to RSA. An RSA implementation only has to store (d, n) for the private key, which isn't enough to calculate e for the public key.

simonbuchan · July 27, 2023, 1:57am

Although even then e is typically tiny (I don't think I've seen anything other than 3 or 65537?), so in practice you can still pull it off.

tbfleming · July 27, 2023, 2:37am

Good point. It is recoverable.

H2CO3 · July 27, 2023, 5:55am

No. d and n are the minimal information necessary for a usable private key.

finlaydotb · July 27, 2023, 9:24am

No 2. And I was able to do this using the openssl crate. The private_key_from_pem and public_key_to_pem methods did the job

H2CO3 · July 27, 2023, 9:36am

Okay, so it's actually #3 (OpenSSL's "private" key files contain information for the private and the public key).

Assuming you meant public_key_from_pem, this sounds like it solves your original question exactly. If that is not the case, could you elaborate what problem it doesn't solve that you still need to address?

finlaydotb · July 27, 2023, 9:38am

No more problems. Using the combination of those two methods, I was able to do what I wanted.