What is needed to convert ASN.1 data to a public key? For example, how to determine the OID?

This code refers to the DKIM signature verification used in anti-spam efforts.

I have a byte[] from s1024._domainkey.yahoo.com which is encoded in ASN.1, but I don’t know if it contains only one information in order to materialize the public key.

Based on this class , it looks like I can convert the ASN.1 key to the X509Certificate public key, but I need to provide the OID and some ASN.1-encoded parameters.

In this example, I have metadata that key ASN1:

  • RSA encoded key (ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey for RFC3447)
  • Used with sha1 sha256 hash algorithms
  • Uses the OID related to the following table from section A.2 of RFC3447 (although I do not know how to turn this information into a full OID)
 /* * 1.2.840.113549.1 * MD2 md2WithRSAEncryption ::= {pkcs-1 2} MD5 md5WithRSAEncryption ::= {pkcs-1 4} SHA-1 sha1WithRSAEncryption ::= {pkcs-1 5} SHA-256 sha256WithRSAEncryption ::= {pkcs-1 11} SHA-384 sha384WithRSAEncryption ::= {pkcs-1 12} SHA-512 sha512WithRSAEncryption ::= {pkcs-1 13} */ 

Code example

 string pubkey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB"; byte[] pubkeyByteArray = Convert.FromBase64String(pubkey); AsnEncodedData aData = new AsnEncodedData(pubkeyByteArray); // OID must not be null, but it is here. What is it? System.Security.Cryptography.X509Certificates.PublicKey pubKeyRdr = new System.Security.Cryptography.X509Certificates.PublicKey(aData.Oid, null, aData); E9UGSXau / 2P8LjnTD8V4Unn + 2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP + sBK0VKeTATL2Yr / S3bT / xhy + 1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj / + XcwIDAQAB"; string pubkey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB"; byte[] pubkeyByteArray = Convert.FromBase64String(pubkey); AsnEncodedData aData = new AsnEncodedData(pubkeyByteArray); // OID must not be null, but it is here. What is it? System.Security.Cryptography.X509Certificates.PublicKey pubKeyRdr = new System.Security.Cryptography.X509Certificates.PublicKey(aData.Oid, null, aData); 

Question

  • Which OID should be used?
  • What are examples of ASN.1 parameters?
+3
source share
2 answers

Update

This is the data that you provided during the analysis using the @erickson link provided:

 SEQUENCE (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 1.2.840.113549.1.1.1 NULL BIT STRING (1 elem) SEQUENCE (2 elem) INTEGER(1024 bit) INTEGER 65537 

The reason the previous code throws an ASN1 bad tag value met. exception ASN1 bad tag value met. , is that aData contains the wrong data (contains all the data above). From what I saw, this is how the 3 arguments break down into System.Security.Cryptography.X509Certificates.PublicKey .

  • The first parameter is the OID, which is the OBJECT identifier above.
  • The second parameter is the public key parameters. In the parsing above, you can see that it is NULL.
  • The third parameter is the actual value of the public key. It is made up of the third sequence above. The sequence has 2 integers, a module of 1024 bits, followed by a public indicator.

I tested it using the following code. I could not find a built-in method for analyzing data without writing a DER parser.

 Oid oid = new Oid("1.2.840.113549.1.1.1"); AsnEncodedData keyValue = new AsnEncodedData(getBytes("30818902818100EB11E7B4462E09BB3F907E2598BA2FC4F541925DABBFD8FF0B8E74C3F15E149E7FB6140655184DE42F6DDBCDEA142D8BF83DE95E07781F98988324E294DCDB392F82890145078C5C0379BB7434FFAC04AD1529E4C04CBD98AFF4B76D3FF1872FB5C6D8F8464755EDF5714E7E7A2DBE2E7549F0BB12B85796F93DD38A8FFF97730203010001")); AsnEncodedData keyParam = new AsnEncodedData(new byte[] {05, 00}); PublicKey pubKeyRdr = new System.Security.Cryptography.X509Certificates.PublicKey(oid, keyParam, keyValue); System.Diagnostics.Debug.WriteLine(pubKeyRdr.Key.KeyExchangeAlgorithm); System.Diagnostics.Debug.WriteLine(pubKeyRdr.Key.KeySize); "30818902818100EB11E7B4462E09BB3F907E2598BA2FC4F541925DABBFD8FF0B8E74C3F15E149E7FB6140655184DE42F6DDBCDEA142D8BF83DE95E07781F98988324E294DCDB392F82890145078C5C0379BB7434FFAC04AD1529E4C04CBD98AFF4B76D3FF1872FB5C6D8F8464755EDF5714E7E7A2DBE2E7549F0BB12B85796F93DD38A8FFF97730203010001")); Oid oid = new Oid("1.2.840.113549.1.1.1"); AsnEncodedData keyValue = new AsnEncodedData(getBytes("30818902818100EB11E7B4462E09BB3F907E2598BA2FC4F541925DABBFD8FF0B8E74C3F15E149E7FB6140655184DE42F6DDBCDEA142D8BF83DE95E07781F98988324E294DCDB392F82890145078C5C0379BB7434FFAC04AD1529E4C04CBD98AFF4B76D3FF1872FB5C6D8F8464755EDF5714E7E7A2DBE2E7549F0BB12B85796F93DD38A8FFF97730203010001")); AsnEncodedData keyParam = new AsnEncodedData(new byte[] {05, 00}); PublicKey pubKeyRdr = new System.Security.Cryptography.X509Certificates.PublicKey(oid, keyParam, keyValue); System.Diagnostics.Debug.WriteLine(pubKeyRdr.Key.KeyExchangeAlgorithm); System.Diagnostics.Debug.WriteLine(pubKeyRdr.Key.KeySize); 

It outputs RSA-PKCS1-KeyEx and 1024 .

+6
source

You have a SubjectPublicKeyInfo structure. It looks like this:

 Sequence { Sequence { Oid: 1.2.840.113549.1.1.1 Parameters: null } KeyValue: blah blah } 

The key for RSA keys is 1.2.840.113549.1.1.1.

There are no parameters for the RSA key, so this value is null.

However, I do not see any API on AsnEncodedData to parse the elements and get what you need.

+1
source

Source: https://habr.com/ru/post/1014334/


All Articles