Search code examples
opensslrsapkipempfx

Creating PEM, pfx,... from private modulus,

i received the following from some legacy system when i asked for private key: MODULUS, PUBLIC EXP, PRIVATE EXP, PRIME_P, PRIME_Q, PARAM_P, PARAM_Q, Q_MOD_INV

All of this data is in hex, how can i convert this to a openssl PEM file or PFX ?

Thank you and best regards!

Solution

  • Generate RSA key with openssl:

    openssl genrsa -out rsa.pem 2048

    Convert RSA key from PEM format to DER format:

    openssl rsa -inform PEM -in rsa.pem -outform DER -out rsa.der

    Open file rsa.der in ASN.1 Editor:

    File rsa.der opened in ASN.1 Editor

    ASN.1 structure of RSA private key is defined in PKCS#1 (RFC 3447):

      RSAPrivateKey ::= SEQUENCE {
      version           Version,
      modulus           INTEGER,  -- n
      publicExponent    INTEGER,  -- e
      privateExponent   INTEGER,  -- d
      prime1            INTEGER,  -- p
      prime2            INTEGER,  -- q
      exponent1         INTEGER,  -- d mod (p-1)
      exponent2         INTEGER,  -- d mod (q-1)
      coefficient       INTEGER,  -- (inverse of q) mod p
      otherPrimeInfos   OtherPrimeInfos OPTIONAL
  }

    Edit required fields in ASN.1 Editor (right click the item and choose "Edit in hex mode") and paste your data following this mapping:

      MODULUS = modulus
  PUBLIC EXP = publicExponent
  PRIVATE EXP = privateExponent
  PRIME_P = prime1
  PRIME_Q = prime2
  PARAM_P = exponent1
  PARAM_Q = exponent2
  Q_MOD_INV = coefficient

    Edit based on the comments: Individual parts of the private key are big integers. When the leftmost bit of the value is 1 (or leftmost byte equals or is bigger than 0x80) then 0x00 byte needs to be preppended to the value to indicate it is positive number.

    Finally save the modified file and convert it from DER format to PEM format with openssl:

    openssl rsa -inform DER -in rsa.der -outform PEM -out rsa.pem