Search code examples
opensslcryptographypublic-key-encryptionkey-management

Convert binary key to ASN1(PEM) format

  1. Given a private key; generate a keyfile that contains both the private and public keys.
  2. Given a public key; generate a keyfile that contains only the public key.

for example if the prime256v1 private key is 3A6B2EAA0D9F25A9E455983FEB5BB947528121911BF3B76BE5661C89DBF24B26 I need to generate keyfiles like this:

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGS ... wte3itBKOo5yW79F1ynWaOdIUZZvWbTAto0
-----END PRIVATE KEY-----

How can I do this with common tools, like fi. openssl or python

Solution

  • The simplest way I found was using python import ecdsa...

    import ecdsa

# get key information from somewhere
pubbin = b'vb\x8e\x1c\x84\xefy5T\x8a\xe5\xd6,{\xb3\xad(\x96L\xf7\x94\xf08zi~\xec\x19\xcd\xd9\x8fF\nM^\x19\x08~\xf7!n\xd8\x9c)\x83\x1an\xe88\xc8\xde\x88\xef4\xf1\x1d?A\xf3m\x80\xb2\xa5\xd5'
keybin = b':k.\xaa\r\x9f%\xa9\xe4U\x98?\xeb[\xb9GR\x81!\x91\x1b\xf3\xb7k\xe5f\x1c\x89\xdb\xf2K&'

# load binary key info
pub = ecdsa.VerifyingKey.from_string(pubbin, curve=ecdsa.NIST256p)
key = ecdsa.SigningKey.from_string(keybin, curve=ecdsa.NIST256p)

# do something with key material
assert pub.to_pem() == b'-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdmKOHITveTVUiuXWLHuzrSiWTPeU\n8Dh6aX7sGc3Zj0YKTV4ZCH73IW7YnCmDGm7oOMjeiO808R0/QfNtgLKl1Q==\n-----END PUBLIC KEY-----\n'
assert key.to_pem() == b'-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIDprLqoNnyWp5FWYP+tbuUdSgSGRG/O3a+VmHInb8ksmoAoGCCqGSM49\nAwEHoUQDQgAEdmKOHITveTVUiuXWLHuzrSiWTPeU8Dh6aX7sGc3Zj0YKTV4ZCH73\nIW7YnCmDGm7oOMjeiO808R0/QfNtgLKl1Q==\n-----END EC PRIVATE KEY-----\n'

    extracting key information can be done in a similar way.

    import ecdsa

# get key material in pem form
pubpem=b'-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdmKOHITveTVUiuXWLHuzrSiWTPeU\n8Dh6aX7sGc3Zj0YKTV4ZCH73IW7YnCmDGm7oOMjeiO808R0/QfNtgLKl1Q==\n-----END PUBLIC KEY-----\n'
keypem=b'-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIDprLqoNnyWp5FWYP+tbuUdSgSGRG/O3a+VmHInb8ksmoAoGCCqGSM49\nAwEHoUQDQgAEdmKOHITveTVUiuXWLHuzrSiWTPeU8Dh6aX7sGc3Zj0YKTV4ZCH73\nIW7YnCmDGm7oOMjeiO808R0/QfNtgLKl1Q==\n-----END EC PRIVATE KEY-----\n'

# extract binary key material
pub = ecdsa.VerifyingKey.from_pem(pubpem)
key = ecdsa.SigningKey.from_pem(keypem)

# do something with key material
assert pub.to_string() == b'vb\x8e\x1c\x84\xefy5T\x8a\xe5\xd6,{\xb3\xad(\x96L\xf7\x94\xf08zi~\xec\x19\xcd\xd9\x8fF\nM^\x19\x08~\xf7!n\xd8\x9c)\x83\x1an\xe88\xc8\xde\x88\xef4\xf1\x1d?A\xf3m\x80\xb2\xa5\xd5'
assert key.to_string() == b':k.\xaa\r\x9f%\xa9\xe4U\x98?\xeb[\xb9GR\x81!\x91\x1b\xf3\xb7k\xe5f\x1c\x89\xdb\xf2K&'

    for reference:

    https://pypi.org/project/ecdsa/

    https://github.com/tlsfuzzer/python-ecdsa