Generate DER format public key from PEM format certificate and PEM format public key

I made the following steps before getting struck

1) I got the certificate of a server using

 s_client -connect hostname.org:443 -showcerts

The certificates looks good

-----BEGIN CERTIFICATE-----
MIIICTCCBvGgAwIBAgIQA8mdxgOCgSdtPdwJY/c3FzANBgkqhkiG9w0BAQsFADBk
MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ
and so on
-----END CERTIFICATE-----

2) I saved it as myCert.pem file.(I am not sure if i should have saved it as .cer file )

3) I extracted the public key in PEM format, form the above saved certificate file, using

openssl x509 -pubkey -noout -in myCert.pem > pubkey.pem

The PEM format public key looks good too

Now I am trying to decode this PEM format public key to der format. How can i do it?

Solution

The PEM encoded file is the header, the footer, and base64-encoded contents (which, for certs and keys and stuff, is BER/DER encoded data).

When OpenSSL writes data it uses the constraints from DER (as far as I've seen), so for OpenSSL-written data you just need to base64-decode the contents. openssl base64 -d will do that (ignoring the PEM header/footer)

openssl base64 -d -in pubkey.key -out pubkey.der

If you were worried that the PEM contents were legal BER but not legal DER (for example, that it used indefinite-length constructed values), you could ask OpenSSL to read and write it.

openssl rsa -pubin -in pubkey.key -outform der -out pubkey.der

or, programmatically

FILE* fp = fopen("pubkey.key", "r");
EVP_PKEY* pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
fclose(fp);
fp = fopen("pubkey.der", "wb");
i2d_PUBKEY_fp(fp, pkey);
fclose(fp);
EVP_PKEY_free(pkey);

Optionally with error checking.