Re: Format of the Public/Private key BLOB

PEM certs are just b64 encoded binary DER certs with header and
footer lines.
You can generate these programatically in capi using CryptBinaryToString()
(for XP + only) or just do some manual b64 encoding and manually adding
headers/footers.
- Mitch


"maryzhang" <maryzhang@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:88B1E34B-0754-4DBB-9BCF-C220DF2A6087@xxxxxxxxxxxxxxxx
Mitch,

Thank you very much!
I'm working on a project which needs exchange info between windows using
CryptAPI and Linux using Openssl.

And I need send root cert's serial number and issuer info from openssl to
Win CryptAPI:
I just found that the serial number from "openssl x509 -in cert -noout
-serial"
is in Hex and reversed order to that of CryptAPI. So I've to change the
order back, right?

Also how can I use Widnows CryptAPI to generate PEM format instead of
default DER format?

Thanks!

Mary

"Mitch Gallant" wrote:

probably not. Most cryptoapps use big-endian ordered key parts.
CryptoAPI keyblobs (as stated below) are special Microsoft formats
and have key parts in little-endian order.
If you stick standard X509 certs, Java or OpenSSL you will amost
certainly never have to worry about the endianness.
- Mitch Gallant

"maryzhang" <maryzhang@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:08942759-C70D-49ED-B839-5DA06DC44CFF@xxxxxxxxxxxxxxxx
Hi, Laszlo

If I send the certificate in b64 format to Linux using openssl, and then
extract the public key using "openssl x509", do I still need convert the
public key to big endian?

Thanks!

Mary


"lelteto" wrote:

One note: the values in the public / private key blob are in little endian
byte order. If you need to pass it into some other system (Cryptoki, OpenSSL,
etc) you would need to convert them to big endian.

Laszlo Elteto
SafeNet, Inc.

""Jeffrey Tan[MSFT]"" wrote:

Hi Shankar,

Thanks for your post.

The format of this BLOB varies depending on the BLOB type requested in the
dwBlobType parameter. For the format for PRIVATEKEYBLOBs, PUBLICKEYBLOBs,
and SIMPLEBLOBs, it is documented in the "Base Provider Key BLOBs" link
below:
"Base Provider Key BLOBs"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/s
ecurity/base_provider_key_blobs.asp

Hope this helps

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.







.

Relevant Pages

  • Re: Format of the Public/Private key BLOB
    ... CryptAPI and Linux using Openssl. ... default DER format? ... it is documented in the "Base Provider Key BLOBs" link ...
    (microsoft.public.platformsdk.security)
  • Re: Format of the Public/Private key BLOB
    ... I have a PEM file with private key to decrypt it. ... CryptAPI and Linux using Openssl. ... default DER format? ...
    (microsoft.public.platformsdk.security)
  • Re: base64 decode help needed
    ... strcpy copies a string _with its null terminator_. ... a string literal used as initializer for an exact-bound char array; ... your problem is with OpenSSL functionality, ... OTOH, b64 is so simple, you don't really need OpenSSL to do it. ...
    (comp.lang.c)
  • Re: TERM type of openssh client
    ... So it's just a format issue. ... complicated format for storing the keys. ... I am not capable enough to contribute, but putty is a nice client. ... > don't already have half of the OpenSSL library available to read it ...
    (comp.security.ssh)
  • Re: TERM type of openssh client
    ... PuTTY itself will probably never read OpenSSH or ssh.com keys; ... I think PuTTY's key format is nicer than OpenSSH's, ... doesn't need OpenSSL to read it! ...
    (comp.security.ssh)