[pycrypto] extract RSA public from X509 certificate file

Dolf Andringa dolfandringa at gmail.com
Fri Aug 19 10:55:02 CST 2011


Hey Everyone,

I am playing around with PyCrypto and public key encryption using RSA.
The thing is that I already have an RSA private key, and an X509 certificate
which contains the RSA public key belonging to the private key.

I succesfully exported the public key starting with the private key file
like this.

from Crypto.PublicKey import RSA
from Crypto import Random
privkey1=RSA.importKey(open('/path/to/private.key','r').read())
pubkey1=privkey1.publickey()
print pubkey1.exportKey(format='PEM')

When I compare the print output with the output of the openssl tool which
can extrac the public key from an x509 certificate file with the following
command
openssl x509 -inform pem -in /path/to/certificate.crt -pubkey -noout

The public keys are indeed the same, so the exporting with pycrypto and
extracting with openssl produce the same public key.
But is it possible to use pycrypto (or another library) to extract the
public key from the certificate file (like openssl does)?

Another question is the following:

rng=Random.new().read

This works fine:
privkey1.decrypt(pubkey1.encrypt(s,rng))

But this raises a typeError:
pubkey1.decrypt(privkey1.encrypt(s,rng))

But the keys are symmetric right? So it should be possible to encrypt
something with the private key and decypt that with the public key. It
doesn't make sense to do this since then anyone can decrypt the data, which
you just encrypted with the private key, making encryption useless in the
first place. But the difference between RSA public and private keys is only
the name. Which one is public, and which one is private is just a matter of
choice, not a technical difference right? So why then does the PyCrypto
library raise a TypeError in the first case?
Cheers,

Dolf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.dlitz.net/pipermail/pycrypto/attachments/20110819/33eab5bc/attachment.htm 


More information about the pycrypto mailing list