python-rsa icon indicating copy to clipboard operation
python-rsa copied to clipboard

Published 20 hours ago verified publisher icon sybrenstuvel

Documentation issue: load_pkcs1_openssl_der and load_pkcs1_openssl_pem

Open owlstead opened this issue 2 years ago • 4 comments

These aren't OpenSSL specific constructs, they are SPKI or SubjectPublicKeyInfo structures as specified in X.509 for the ASN.1 part and RFC 7468 for the PEM part. So the text in https://stuvel.eu/python-rsa-doc/reference.html is not correct.

owlstead avatar Jan 08 '23 16:01 owlstead

The specific part of RFC 7468 appears to be here. Based on this question, I can see where the names load_pkcs1_openssl_der and load_pkcs1_openssl_pem may have came from. It might be too late to change the function names for backwards compatibility reasons. However, the documentation can still be updated along with a note explaining this issue.

Some other notes, for myself (reference):

  • One file format begins with BEGIN PUBLIC KEY and the other BEGIN RSA PUBLIC KEY
  • When the RSA part is omitted, the file has to additionally specify the OID (which the library checks for here)

myheroyuki avatar Jan 09 '23 13:01 myheroyuki

@owlstead could you suggest a text that would be correct?

sybrenstuvel avatar Apr 23 '23 14:04 sybrenstuvel

https://stackoverflow.com/questions/17733536/how-to-convert-a-private-key-to-an-rsa-private-key

Coder-Rahul-Y avatar Mar 19 '24 20:03 Coder-Rahul-Y

@sybrenstuvel Sorry for the late reply, flew under the radar for some time.

classmethod load_pkcs1_openssl_der(keyfile: bytes) → rsa.key.PublicKey

    Loads a SubjectPublicKeyInfo (SPKI) encoded public key [as specified in the X.509v3 specifications](https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.7). If the keyfile parameter doesn't contain an RSA algorithm identifier and an embedded PKCS#1 encoded public key then the method will throw a TypeError or a ValueError (TODO: check which exceptions can be thrown by the parsing code).

    Parameters

        keyfile – contents of a DER-encoded file that contains the public key
    Returns

        a PublicKey object

classmethod load_pkcs1_openssl_pem(keyfile: bytes) → rsa.key.PublicKey

    Loads a PEM encoded SubjectPublicKeyInfo (SPKI) public key [as specified in the X.509v3 specifications](https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.7). If the keyfile parameter doesn't contain an RSA algorithm identifier and an embedded PKCS#1 encoded public key then the method will throw a TypeError or a ValueError (TODO: check which exceptions can be thrown by the parsing code).

    These files can be recognized in that they start with BEGIN PUBLIC KEY rather than BEGIN RSA PUBLIC KEY as defined in [RFC 7468 on PKIX textual encodings](https://www.rfc-editor.org/rfc/rfc7468#page-14)

    The content of the file before the “—–BEGIN PUBLIC KEY—–” and after the “—–END PUBLIC KEY—–” lines is ignored.

    Parameters

        keyfile (bytes) – contents of a PEM-encoded file that contains the public key.
    Returns

        a PublicKey object

This may needs some additional formatting, let's first agree on the contents. I'm not sure what this has to do with files directly but that's less important I guess.

owlstead avatar Mar 19 '24 21:03 owlstead