create RSA key in a specific format using openssl

0
votes

We created a RSA key pair using ICSF in Mainframes. The public key generated in hex format is of size 580 chars and the structure is split into

Prefix - 18 char (9 bytes) - 3082010A0282010100

Public modulus - 512 char(256 bytes) AA5DA28FEDADE7FEAD8C610E4C16E54FD415FEA173518BD9ADC3C7EB332E86E973B7F6E9BF90F277FD4B6A15E736C566857AA58F8C5415E1F606DBF74FAFCBCAE99A4E77AF7F4958E163E2159C6083826D203AD75685A53AFBC7221CDEF23FA68CE41270A1756AC5814A09713A7EB941CD61055143C37FC7AF1E0E6F1539CEEA49F331A0BEC0453F6B6A47A37F66EDDF5F308AED5E5172CD8768CF43CD024E7988905B0C22CAA888E3162E74E93FC292EB905EA050E2DC503AB92E9FE3C6CDACFCDE0D243A40F7E1578E097D65D7848387D1A33374AF93EEF3906B6CB07E5160BF5927E9B49FA68BE27D86AAFCD81EA12E83194BBD1CDEB5E52EB96DD63D0CA9

Exponent - 10 char(5 bytes) - 0203010001

SHA1 hash - 40 char(20 bytes) - CDC0B4A4253110D6E4A15DF536257A7B89B4231D

We have to create a RSA key pair and the public key has to be in the same format as above. We tried this using openssl, but the public key created is in different format.

  1. Generate key pair $openssl genrsa -out priv1.key 2048
  2. Extract the public key in pem format $openssl rsa -in priv1.key -text > priv1.pem
  3. Convert the base64 pem to hex.

What is this format called? With openssl, how can we generate rsa key pair so that the public key is in the above format?

1
opensslrsa

1 Answers

1
votes

Everything except the SHA1 hash is just an ASN.1 encoded PKCS#1 public key. If you have openssl 1.0.0 or later, you can create this as follows:

crow@mac:~$ openssl genrsa 2048 -out key.pem
crow@mac:~$ openssl rsa -in key.pem -RSAPublicKey_out -outform DER 2> /dev/null | xxd -p > hex.txt
crow@mac:~$ cat hex.txt
3082010a0282010100be4a968090c6f608a4151fcf65dfe842e818a8cf56
33e31ad1a912bfd5c453a89360a71b8d72786fbda131ebc3cc03cc742b5c
cbb1b9621cdee34e8c1c25ca125961dc7c5fd1cb18832402ecfb4b0b1bf7
c1b3dd666c0a789d9d721bfc13d4affb2bab0c0122a695ac3288786cb3f3
1a3d56969dbc164e4ef5f4a0319b175e5de29525a84816bbc837d892b9ba
6e3e462fe7a0ca0820ece4148cc76764c978ae2d41159fc4bb55cff31c53
de55511d825b59e07767ee90d184aa0017e99077c09a9badeab7770a401e
afec27f3abc98d141b50a7e4ba8c1c232af0df4ea83c8377f3ad360c17fd
fe762d4ec4502cc4c0dd81ba1df6fc499b490332f21ab511910203010001
crow@mac:~$

Notice that the first 9 bytes and the last 5 bytes are identical with your "prefix" and "exponent" in the question.

The hash is then just appended onto the end, and it's just a SHA1 hash of the same DER-encoded public key you just hex-encoded (i.e. take the hash of the raw ASN.1, not of the hex-encoded text file) e.g.

crow@mac:~$ openssl rsa -in key.pem -RSAPublicKey_out -outform DER | openssl dgst -sha1 | cut -f 2 -d ' ' >> hex.txt