Is it possible to get only the public key in hex format through openssl? I've used the command:
openssl x509 -in a.pem -text -noout
That just prints the certificate, where public key is available in hex format, but I cannot parse that. This command for instance:
openssl x509 -in a.pem -pubkey -noout
returns the public key in the following format:
-----BEGIN PUBLIC KEY-----
#######
####===
-----END PUBLIC KEY----
Is there a better way to do this? I'm expecting output in a hexadecimal format.
Since (after discussion) it is a self-signed key already in Base64 (Armored ASCII) format, a tool like tomeko.net is enough to encode it in hex.
Original answer:
From this article, for a trusted certificate:
Parsing public keys form a X.509 certificate and representing them as a Hex number turned out simple and easy.
openssl x509 -modulus -noout < pub.cer | sed s/Modulus=/0x/
Just replace pub.cer with the certificate file you want to parse
This uses the modulus option.
The result should be something like:
0xB1E057678343....
Note: the above applies to an X.509v3 file which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line (ie an actual PEM file).
If you get the following error it means that you are trying to view a DER encoded certificate:
unable to load certificate
PEM routines:PEM_read_bio:no start line:pem_lib.c:
Expecting: TRUSTED CERTIFICATE
For a der file, note also that the public key in DER format (which is a way of expressing X.509 objects as a sequence of bytes) includes more than just the modulus, but also the exponent (usually short) and the algorithm identifier
Convert the certificate from DER to PEM first:
openssl x509 -inform der -in certificate.cer -out certificate.pem
Then try again