{"id":4534,"date":"2020-04-06T17:54:32","date_gmt":"2020-04-06T15:54:32","guid":{"rendered":"http:\/\/www.laurentmarot.fr\/wordpress\/?p=4534"},"modified":"2021-08-17T16:53:38","modified_gmt":"2021-08-17T14:53:38","slug":"mais-pourquoi-ma-cle-commence-toujours-par-migf","status":"publish","type":"post","link":"https:\/\/www.laurentmarot.fr\/wordpress\/?p=4534","title":{"rendered":"Mais pourquoi ma cl\u00e9 commence toujours par MIGf… ?"},"content":{"rendered":"

Read that f… RFC 1421 : Privacy Enhancement for Internet Electronic Mail<\/a><\/p>\n

and follow those precious links :<\/p>\n

https:\/\/lapo.it\/asn1js<\/a>
\nhttps:\/\/docs.microsoft.com\/en-us\/windows\/win32\/seccertenroll\/about-encoded-length-and-value-bytes<\/a>
\nhttp:\/\/javadoc.iaik.tugraz.at\/iaik_jce\/current\/iaik\/x509\/PublicKeyInfo.html<\/a>
\nhttps:\/\/medium.com\/@bn121rajesh\/understanding-rsa-public-key-70d900b1033c<\/a><\/p>\n

# Generate 1024 bit Private key\r\n$ openssl genrsa -out myprivate.pem 1024\r\n# Separate the public part from the Private key file.\r\n$ openssl rsa -in myprivate.pem -pubout > mypublic.pem\r\n# Display the contents of private key\r\n$ cat myprivate.pem\r\n\r\n-----BEGIN RSA PRIVATE KEY-----\r\nMIICXQIBAAKBgQDRFNU++93aEvz3cV8LSUP9ib3iUxT7SufdVXcgVFK9M3BYzvro\r\nA1uO\/parFOJABTkNhTPPP\/6mjrU2CPEZJ1zIkpaSNJrrhpp\/rNMO9nyLYPGs9Mfd\r\nBiWUPmHW5mY1oD0ye4my0tEsHOlgHC8AhA8OtiHr6IY0agXmH\/y5YmSWbwIDAQAB\r\nAoGAAj\/IH3pUI6FqqTrF+\/gYzCRsL4AXTLC8l8vwkR93GGPyRHJNjqtik8I3WrXJ\r\nzUiBGZ0iNouIsL\/+QQuNlGiw\/c5i2X3nTntREDS9xs2M0x+MWD\/5qI1sn0Qk0HNP\r\nBbDczlvO8wXNFGIHiTiPVEawoeNwhMqJDyGcbsEOZp2pLokCQQDvlMBU6dOeOP9a\r\njnENFSlrvzNR0nugFeoGmfq6s4Czz2QtUd9baKqBfEBSdJskwFVHgxbFA1Dc7iFu\r\nrJkoQEeFAkEA32j9ibSVryxLvWUZngKNwo2xE+wcYDAYVBMsYC3OBU3FXhVkFD06\r\nZVnJsY\/4bd2VdQI+bI2KV99aHutMJG2WYwJABMn2ZjweTMVa5VZ\/kAFiSJMT1Yjd\r\ni7+kY+lkB6Na6T02BWnjixI2hkwThRJrn3pwufM2201Lqn7gEDRHA3T1eQJBAKZG\r\n1RUNo6558HEo8vUIf4vCu33RaJkqkqDYmFmJHeISrQfGMfNiUrkmJ5iRR9w1ZExu\r\n\/Bj9C281XDTQ+Z3PNnMCQQCan+pvj0OZH6o0PAMJGBBwRECPpfZ6mUjwA2YD3g61\r\nMHjtIYmKKGmn64Qs8zQ4mNEDboQqyaov3Ij\/I6c0ZQlc\r\n-----END RSA PRIVATE KEY-----\r\n\r\n<\/pre>\n
Privacy Enhanced Mail (PEM)<\/strong><\/p>\n
Privacy Enhanced Mail (PEM) is a Base64 encoded Distinguished Encoding Rules(DER)
\nPEM file is human readable as it uses 64 printable characters for encoding.
\nIt is easy to share PEM file.<\/p>\n
 <\/p>\n
Display the contents of public key PEM file<\/strong><\/p>\n
# Display the contents of public key PEM file\r\n$ cat mypublic.pem\r\n\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRFNU++93aEvz3cV8LSUP9ib3i\r\nUxT7SufdVXcgVFK9M3BYzvroA1uO\/parFOJABTkNhTPPP\/6mjrU2CPEZJ1zIkpaS\r\nNJrrhpp\/rNMO9nyLYPGs9MfdBiWUPmHW5mY1oD0ye4my0tEsHOlgHC8AhA8OtiHr\r\n6IY0agXmH\/y5YmSWbwIDAQAB\r\n-----END PUBLIC KEY-----<\/pre>\n
 <\/p>\n
<\/a>Distinguished Encoding Rules (DER) format of public key<\/strong><\/p>\n
DER is encoded in Type-Length-Value (TLV) format.
\nDER is in binary format for PEM file and follows certain structure for public key.<\/p>\n
# Convert PEM file to DER format using openssl rsa\r\n$ openssl rsa -pubin -inform PEM -in mypublic.pem -outform DER -out mypublic.der\r\n# Dump the DER file in hex format.\r\n$ xxd -g 1 -u mypublic.der | cut -c -57\r\n00000000: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01<\/span>\r\n00000010: 05 00 03 81 8D 00 30 81 89 02 81 81 00 D1 14 D5<\/span>\r\n00000020: 3E FB DD DA 12 FC F7 71 5F 0B 49 43 FD 89 BD E2<\/span>\r\n00000030: 53 14 FB 4A E7 DD 55 77 20 54 52 BD 33 70 58 CE<\/span>\r\n00000040: FA E8 03 5B 8E FE 96 AB 14 E2 40 05 39 0D 85 33<\/span>\r\n00000050: CF 3F FE A6 8E B5 36 08 F1 19 27 5C C8 92 96 92<\/span>\r\n00000060: 34 9A EB 86 9A 7F AC D3 0E F6 7C 8B 60 F1 AC F4<\/span>\r\n00000070: C7 DD 06 25 94 3E 61 D6 E6 66 35 A0 3D 32 7B 89<\/span>\r\n00000080: B2 D2 D1 2C 1C E9 60 1C 2F 00 84 0F 0E B6 21 EB<\/span>\r\n00000090: E8 86 34 6A 05 E6 1F FC B9 62 64 96 6F<\/span> 02 03 01<\/span>\r\n000000a0: 00 01<\/span><\/pre>\n
 <\/p>\n
Structured DER file content<\/strong><\/p>\n
1:30 81 9F \/\/ Type: 30 (SEQUENCE) Length: 0x9F\r\n2:| 30 0D \/\/ Type: 30 (SEQUENCE) Length: 0x0D\r\n3:| | 06 09 \/\/ Type: 06 (OBJECT_IDENTIFIER) Length: 0x09\r\n4:| | - 2A 86 48<\/span> \/\/ 9 bytes OID value. HEX encoding of\r\n5:| | - 86 F7 0D<\/span> \/\/ 1.2.840.113549.1.1.1<\/span>\r\n6:| | - 01 01 01<\/span>\r\n7:| | 05 00 \/\/ Type: 05 (NULL) Length: 0x00\r\n8:| 03 81 8D \/\/ Type: 03 (BIT STRING) Length: 0x8D\r\n9:| | - 00 \/\/ Number of unused bits in last content byte\r\n10:| | 30 81 89 \/\/ Type: 30 (SEQUENCE) Length: 0x89\r\n11:| | | 02 81 81 \/\/ Type: 02 (INTEGER) Length: 0x81\r\n12:| | | - 00<\/span> \/\/ Leading ZERO of integer\r\n13:| | | - D1 14 D5 3E FB DD DA 12 FC F7 71 5F 0B 49 43 FD<\/span>\r\n14:| | | - 89 BD E2 53 14 FB 4A E7 DD 55 77 20 54 52 BD 33<\/span>\r\n15:| | | - 70 58 CE FA E8 03 5B 8E FE 96 AB 14 E2 40 05 39<\/span>\r\n16:| | | - 0D 85 33 CF 3F FE A6 8E B5 36 08 F1 19 27 5C C8<\/span>\r\n17:| | | - 92 96 92 34 9A EB 86 9A 7F AC D3 0E F6 7C 8B 60<\/span>\r\n18:| | | - F1 AC F4 C7 DD 06 25 94 3E 61 D6 E6 66 35 A0 3D<\/span>\r\n19:| | | - 32 7B 89 B2 D2 D1 2C 1C E9 60 1C 2F 00 84 0F 0E<\/span>\r\n20:| | | - B6 21 EB E8 86 34 6A 05 E6 1F FC B9 62 64 96 6F<\/span>\r\n21:| | | 02 03 \/\/ Type: 02 (INTEGER) Length: 0x3\r\n22:| | | - 01 00 01<\/span> \/\/ Public Exponent. Hex for 65537<\/pre>\n
 <\/p>\n
DER file contains Object Identifier, Modulus and Public exponent in HEX format.<\/p>\n
Lines 4, 5, 6 is the HEX encoding of OID<\/span>.
\nLines 13 to 20 is the modulus (n).<\/span>
\nLine 22 is the public exponent.<\/span><\/p>\n
\"Javascript<\/a>
Javascript ASN.1 decoder<\/p><\/div>\n
Modulus and Public exponent from public key using openssl<\/strong><\/p>\n
# Get Modulus and Public exponent from public PEM file\r\n$ openssl rsa -pubin -inform PEM -text -noout < mypublic.pem\r\n\r\nPublic-Key: (1024 bit)\r\nModulus:\r\n00:d1:14:d5:3e:fb:dd:da:12:fc:f7:71:5f:0b:49:<\/span>\r\n43:fd:89:bd:e2:53:14:fb:4a:e7:dd:55:77:20:54:<\/span>\r\n52:bd:33:70:58:ce:fa:e8:03:5b:8e:fe:96:ab:14:<\/span>\r\ne2:40:05:39:0d:85:33:cf:3f:fe:a6:8e:b5:36:08:<\/span>\r\nf1:19:27:5c:c8:92:96:92:34:9a:eb:86:9a:7f:ac:<\/span>\r\nd3:0e:f6:7c:8b:60:f1:ac:f4:c7:dd:06:25:94:3e:<\/span>\r\n61:d6:e6:66:35:a0:3d:32:7b:89:b2:d2:d1:2c:1c:<\/span>\r\ne9:60:1c:2f:00:84:0f:0e:b6:21:eb:e8:86:34:6a:<\/span>\r\n05:e6:1f:fc:b9:62:64:96:6f<\/span>\r\nExponent: 65537 (0x10001<\/span>)<\/pre>\n
Exponent and modulus printed by openssl rsa matches with the Public exponent and modulus from DER file content.<\/p>\n
\"RSA<\/a>
RSA key representation<\/p><\/div>\n
 <\/p>\n
Object Identifier<\/strong><\/p>\n
OID describes the object. It is a series of nodes separated by period.<\/p>\n
OID Value: 1.2.840.113549.1.1.1<\/span><\/p>\n
OID description: Identifier for RSA encryption for use with Public Key Cryptosystem One defined by RSA Inc.<\/p>\n
OID Encoding rules:<\/p>\n
1 – The first two nodes of the OID are encoded onto a single byte. The first node is multiplied by the decimal 40 and the result is added to the value of the second node.
\n2 – Node values less than or equal to 127 are encoded on one byte.
\n3 – Node values greater than or equal to 128 are encoded on multiple bytes. Bit 7 of all bytes except the rightmost byte is set to one. Bits 0 through 6 of each byte contains the encoded value.<\/p>\n
\"OID<\/a>
OID Encoding Example \u00a9 Rajesh Bondugula<\/p><\/div>\n
 <\/p>\n
Representing length in ASN.1 encoding<\/strong><\/p>\n
If number of value bytes is < 128 (0x80) then length is represented in 1 byte. In this case most significant bit is 0. (Ex: Line 2: 0x81=10000001 => 1 octet, Line 3 in structured DER content above<\/a>)<\/p>\n
If number of value bytes is >= 128 (0x80) then length is represented in multiple bytes. Most significant bit (bit 7) of first byte is 1 indicating multiple byte length. Bits 0\u20136 represent number of subsequent bytes for length. (Ex:\u00a0 Line 1: 0x82=10000010 => 2 octets, Line 4 in structured DER content above<\/a>)<\/p>\n
 <\/p>\n
References<\/strong><\/p>\n
DER encoding of ASN.1 types (MSDN)
\nPublic Key Info structure (Java doc)<\/p>\n
 <\/p>\n
[ajout de ao\u00fbt 2021 suite plaintes]<\/span><\/p>\n
– Mais du coup … tu n’as pas r\u00e9pondu\u00a0 la question ?
\n[lm] C’est pas faux, mais si tu r\u00e9vises le fonctionnement de l’encodage base 64<\/a>, \u00e0 partir d’un contenu DER qui commence toujours par la m\u00eame syntaxe:<\/p>\n
xxd -r -p <<<30819F | base64\r\nMIGf<\/strong><\/span><\/pre>\n
 <\/p>\n\n","protected":false},"excerpt":{"rendered":"
Read that f… RFC 1421 : Privacy Enhancement for Internet Electronic Mail and follow those precious links : https:\/\/lapo.it\/asn1js https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/seccertenroll\/about-encoded-length-and-value-bytes http:\/\/javadoc.iaik.tugraz.at\/iaik_jce\/current\/iaik\/x509\/PublicKeyInfo.html https:\/\/medium.com\/@bn121rajesh\/understanding-rsa-public-key-70d900b1033c # Generate 1024 bit Private key $ openssl genrsa -out myprivate.pem 1024 # Separate the public part from the Private key file. $ openssl rsa -in myprivate.pem -pubout > mypublic.pem # Display the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51,34],"tags":[],"_links":{"self":[{"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/4534"}],"collection":[{"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4534"}],"version-history":[{"count":28,"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/4534\/revisions"}],"predecessor-version":[{"id":4828,"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/4534\/revisions\/4828"}],"wp:attachment":[{"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurentmarot.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
More information on recommended syntax for interchanging RSA public keys between implementations is given in Appendix A.1.1 of rfc3447<\/a> ( PKCS#1);<\/p>\n
You can also have a look at Lapo ASN.1 javascript decoder<\/a> :<\/p>\n