All geek questions in one place

Retrieving data from an RSA public key

I am working on a project that includes reading the public key data used to sign the Android APK. I can successfully extract signatures as public keys. When I look into the pubkey binaries created by this, I see some plain text such as name and city.

How can I safely retrieve this name / city information embedded in a public key using PHP (or even Java or C #)? And, I hope, do it so that I know exactly what these fields are (i.e. not blindly capturing the text, but knowing which line is the city and which is the name)

To clarify: I do not have a private key or certificate file. I am currently not interested in signing or encrypting anything, I would just like to extract the plaintext inside the pubkey without using kludgy approaches like regex.

Update: Here's a sample (base64-encoded) public key from one of my APKs

MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg==
+6
source share
3 answers

The string you are inserting into is the base x509 64-bit certificate, not just the public key.

You need to analyze the Distinguished Name fields to get the information you need.

Here is a C # example:

 using System; using System.Security.Cryptography.X509Certificates; namespace Sample { class Program { static void Main(string[] args) { string base64EncodedX509 = "MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg=="; var rawBytes = Convert.FromBase64String(base64EncodedX509); X509Certificate cert = new X509Certificate(rawBytes); // Parse the distinguished name to get your desired fields Console.WriteLine(cert.Subject); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US Console.WriteLine(cert.Issuer); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US } } } + 9IUxyL / 89CPaN84R / 1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R / nnKrsMcQ + 9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp + UrP8zWm1YHQf5I / P9VBjlkgwFyNKr0TxP4t / qS08oGX2wvZg =="; using System; using System.Security.Cryptography.X509Certificates; namespace Sample { class Program { static void Main(string[] args) { string base64EncodedX509 = "MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg=="; var rawBytes = Convert.FromBase64String(base64EncodedX509); X509Certificate cert = new X509Certificate(rawBytes); // Parse the distinguished name to get your desired fields Console.WriteLine(cert.Subject); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US Console.WriteLine(cert.Issuer); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US } } }
+3
source

"The pubkey binaries created by this" is an X.509 certificate.

Almost any platform supports reading X.509 certificates and creates a structure from them from which you can reliably extract the "subject name" and often extended information, which includes an email address or host name.

For example, if you have OpenSSL installed, use the following command:

 openssl x509 -text -noout -inform der -in <yourfilehere>

You can extract specific fields with additional parameters. For example, adding -subject gives:

subject = / C = US / ST = RI / L = Narragansett / CN = Colin O'Dell

+1
source

I'm not sure about php, but maybe this feature could be your friend. There is a whole section of ssl-related functions that may come in handy if you play with certificates.

0
source

Source: https://habr.com/ru/post/890075/

More articles:


All Articles