tags:

views:

439

answers:

5
+1  Q: 

Convert RSA public key, from XML to PEM (PHP)

How convert RSA public key, from XML to PEM (PHP)?

+1  A: 

There is no standard for storing RSA public keys in XML. So the manner of conversion will depend on the XML you have.

Borealid  2010-08-25 16:18:55
There is a W3C recommendation that specifies this: http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
Bruno  2010-08-25 16:22:16
@Bruno: Post an answer!
GregS  2010-08-26 00:53:37
@GregS, OK, I've just done that.
Bruno  2010-08-26 14:15:26
A: 

Maybe you should have a look here:

http://stackoverflow.com/questions/3368137/how-can-i-create-a-cryptrsa-object-from-modulus-exponent-and-private-exponent

Extract the two base64-encoded strings, convert and pass to PEAR::Crypt_RSA, then export as text file, then openssl convert?

http://www.mail-archive.com/[email protected]/msg17007.html

mario  2010-08-25 16:30:53
+1  A: 

we know

.pem - (Privacy Enhanced Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"

X.509

The SignatureValue element contains the Base64 encoded signature result - the signature generated with the parameters specified in the SignatureMethod element - of the SignedInfo element after applying the algorithm specified by the CanonicalizationMethod.

XML_Signature

so we end up with

$xml = simplexml_load_file($xmlFile); // or simplexml_load_string

$pem = "-----BEGIN CERTIFICATE-----\n";
$pem .= $xml->SignatureValue;
$pem .= "\n-----END CERTIFICATE-----";

// save to file

if your xml-file isn't a XML_Signature

$xml = simplexml_load_file($xmlFile); // or simplexml_load_string
$pem = "-----BEGIN CERTIFICATE-----\n";
$pem .= $xml->nodeWithWantedValue; // use base64_encode if needed
$pem .= "\n-----END CERTIFICATE-----";
maggie  2010-08-25 16:34:30
Maybe it's the variable name that's misleading, but the signature value and the certificate (which you're putting in between the BEGIN/END CERTIFICATE) are two different things. In addition, the original question was about public keys, not certificate. In the XML Signature spec, the public key is split between modulus and exponent.
Bruno  2010-08-25 16:41:28
since we don't have any information about the mysterious xml... see it as an example. will modify the code to reflect that more clearly
maggie  2010-08-25 16:49:44
Sure, but if it's the RSAKeyValue XML DSig format, you still need to reconstruct the ASN.1 structure and re-encode in into base-64 before putting it in between BEGIN/END PUBLIC KEY. It's not just a matter of extracting the text from the XML. @mario's pointers would help then.
Bruno  2010-08-25 16:55:10
i always try to "think simple" if there is no clear definition. but of course your right.
maggie  2010-08-25 17:14:59
+2  A: 

I'm assuming that by XML format, you mean XML DSig RSAKeyValue, and that by PEM format you mean what OpenSSL exports in between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----.

You need first to extract the modulus and public exponent from the XML.

   <RSAKeyValue>
     <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
      jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
      5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
     </Modulus>
     <Exponent>AQAB</Exponent>
   </RSAKeyValue>

You can easily convert these into a bit string using base64_decode.

Once this is done, you need to build the ASN.1 public key structure somehow.

What OpenSSL exports between BEGIN/END PUBLIC KEY is an X.509 SubjectPublicKeyInfo structure.

SubjectPublicKeyInfo ::= SEQUENCE {
   algorithm AlgorithmIdentifier,
   subjectPublicKey BIT STRING }

The subjectPublicKey is made of a sequnce is described in the PKCS#1 spec:

RSAPublicKey ::= SEQUENCE {
   modulus INTEGER,
   publicExponent INTEGER
}

The algorithm (an AlgorithmIdentifier) is also described in the PKCS#1 spec (see section A.1):

rsaEncryption
OBJECT IDENTIFIER ::= { pkcs-1 1 }

This structure needs to be serialized in DER form, then base64-encoded and then placed between the BEGIN/END delimiters.

I don't know of any PHP library to do the ASN.1/DER encoding unfortunately (the rest is relatively easy, but dealing with ASN.1 tends to be tedious).

The PHP/PEAR Crypt_RSA module can construct RSA public keys from modulus and exponent, but its toString() method uses a custom format (just the base64-encoding of the result of PHP serialize on the array structure, which has nothing to do with the ASN.1/DER encoding).

Bruno  2010-08-26 14:12:48
A: 

Here's an example of how to read XML RSA keys in PHP:

http://www.frostjedi.com/phpbb/viewtopic.php?f=46&amp;t=18085

fruzer  2010-10-02 17:24:26

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases