I have an EC Public Key (i think it is pkcs#8 PEM but not really sure because i am not much familiar with these terms):
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE10Hdyc6k1jVb0ex4xYgbmxfF07+PLyuK
PNHsmOjQqm1FDYifXb4xnDrTcjJbzb/y4+zWg1RIsHe3xqdN+zo3QJcm3GwbZp18
CMegoNmpmAP35l9djXMV9cY1cg/iDmbs
-----END PUBLIC KEY-----
Now i need to convert it into DER.
First i entered the following command:
openssl ec -pubin -pubout -in key.pem -text
and got this output:
read EC key
Public-Key: (384 bit)
pub:
04:d7:41:dd:c9:ce:a4:d6:35:5b:d1:ec:78:c5:88:
1b:9b:17:c5:d3:bf:8f:2f:2b:8a:3c:d1:ec:98:e8:
d0:aa:6d:45:0d:88:9f:5d:be:31:9c:3a:d3:72:32:
5b:cd:bf:f2:e3:ec:d6:83:54:48:b0:77:b7:c6:a7:
4d:fb:3a:37:40:97:26:dc:6c:1b:66:9d:7c:08:c7:
a0:a0:d9:a9:98:03:f7:e6:5f:5d:8d:73:15:f5:c6:
35:72:0f:e2:0e:66:ec
ASN1 OID: secp384r1
NIST CURVE: P-384
It is exactly what i want, as you can see, that command displays a sequence of HEX-numbers which is exactly what i want.
But when i try to save this output into a file using this command:
openssl ec -pubin -in key.pem -out out.der -outform DER
it saves something different (it just decodes the base64 inside the ---begin-- and ----end---- blocks and saves the result into a file which is not desired for me).
Can anyone help me how to convert that public key into raw-signature/binary and vice versa? i really need it and besides that, may i know how to convert a raw-signature into a PEM public key like that ?
Thanks in advance.
Can anyone help me how to convert that public key into raw-signature/binary...
The posted key is a PEM encoded key in X.509/SPKI format for curve secp384r1. This can be converted into a DER encoded key with the posted OpenSSL statement:
openssl ec -pubin -in key.pem -out out.der -outform DER
This conversion corresponds to the removal of header, footer, all line breaks and Base64 decoding of the rest.
At the end of the DER encoded key is the public key in uncompressed format (referred to as pub in the OpenSSL printout via -text option). The uncompressed format for secp384r1 has a length of 97 bytes (0x04|<x>|<y>; <x> and <y> are the coordinates of the EC point, each 384/8=48 bytes long).
Therefore, to extract the uncompressed key from the DER encoded key, only the last 97 bytes need to be taken.
...and vice versa?
The first 23 bytes contain length information and algorithm OIDs. This byte sequence is curve-specific and its length information specifies a key in uncompressed format (i.e. the byte sequence of a different curve and/or a key in compressed format would be different). It can therefore be used as a prefix to convert a secp384r1 key in uncompressed format into a DER encoded key in X.509/SPKI format.
...but it would be better if there is any standard command using openssl...
OpenSSL does not (to my knowledge) support the direct conversion of PEM/DER encoded public keys into the uncompressed (or compressed) format or vice versa.
For the sake of completeness: With the option -conv_form compressed in the OpenSSL statement above, the compressed format (<a>|<x>, with <a> = 0x02 for even <y> and <0x03> for odd <y>) can be used instead of the uncompressed format. This has a length of 49 bytes for secp384r1.
A DER (or PEM) encoded key can be easily analyzed when decoded with an ASN.1/DER parser, e.g. here for the posted key.