Search code examples
gorsapkix

golang x509.MarshalPKIXPublicKey vs x509.MarshalPKCS1PublicKey()


Can anyone help me understand the difference between MarshalPKIXPublicKey() and MarshalPKCS1PublicKey()?

according to the comment: // MarshalPKIXPublicKey serialises a public key to DER-encoded PKIX format.

// MarshalPKCS1PublicKey converts an RSA public key to PKCS#1, ASN.1 DER form.

what is a DER-encoded PKIX format ?

Thanks


Solution

  • You don't make clear how much you don't (or do) understand. To start from the basics:

    ASN.1 (Abstract Syntax Notation One) is a general scheme for defining the structure of data to be communicated or interchanged between systems or programs.

    DER (Distinguished Encoding Rules) is a scheme defined to encode ASN.1 data to sequences of bytes that can be communicated and/or stored, and decode those sequences of bytes back to ASN.1 data losslessly.

    PKCS1 aka RFCs 2313,2437,3447,8017 (Public Key Cryptography Standard #1) is a standard that defines a range of things about using the RSA algorithm, among which Appendix A defines an ASN.1 structure named RSAPublicKey to represent an RSA public key, which like any ASN.1 structure can be DER-encoded.

    MarshalPKCS1PublicKey converts an RSA public key to PKCS#1, ASN.1 DER form.

    clearly means the DER encoding of the ASN.1 structure for an RSA public key in PKCS1.

    PKIX (Public Key Infrastructure X.509) is an Internet variant (formally, a profile) of the X.509 standard originally defined by then-CCITT now-ITU-T, currently in rfc5280. X.509, and PKIX, primarily defines a format for a public-key certificate which binds a public-key to an identity along with other metadata. To do this it has to contain a representation of a public-key that can handle multiple public-key algorithms, which is done using the SubjectPublicKeyInfo structure which, fairly simply, consists of an AlgorithmIdentifier that identifies the algorithm, plus a BIT STRING that contains the actual public-key value in an algorithm-dependent manner. The algorithm-dependent part for RSA is specified in rfc3279 sec 2.3.1 and as you see it is the RSAPublicKey strucuture from PKCS1, DER encoded.

    Thus 'DER-encoded PKIX format' of an RSA public key means the DER encoding of a PKIX/X.509 SubjectPublicKeyInfo structure containing the algorithmIdentifier for RSA (OID 1.2.840.113549.1.1.1 and parameters NULL) and a BIT STRING containing the DER encoded PKCS1 RSAPublicKey.

    Related or similar (although most include private not public and/or PEM not DER):
    How to store/retrieve RSA public/private key
    How do we convert a String from PEM to DER format
    Problem transmiting a RSA public key, javaME , bouncy castle
    Generating RSA keys in PKCS#1 format in Java
    How to generate PKCS#1 RSA keys in PEM Format?
    Converting RSA keys into SubjectPublicKeyInfo Form from BigIntegers
    Convert a X509 Public key to RSA public key
    Load public key to create rsa object for public encryption
    and cross-stack:
    https://crypto.stackexchange.com/questions/19149/what-is-the-technical-name-for-a-public-key-container-in-der-format
    https://crypto.stackexchange.com/questions/54121/rsa-key-differences-openssl-cli-vs-openssl-ssl-h-c-function