RSA Public, Private, and PKCS #8 key parser

Dec 09, 2008

OpenSSLKey.cs is a .NET Framework 2.0 console utility which parses either PEM or DER RSA public keys, private keys in both traditional SSLeay and PKCS #8 (both encrypted and unencrypted) forms. Successfully parsed RSA public or private keys are used to create a .NET RSACryptoServiceProvider instance and optionally export to a PKCS #12 file. These RSA key formats are commonly created using OpenSSL and Java 2. This utility is intended to help with RSA asymmetric key interoperability between OpenSSL, .NET and Java environments.
PEM encoded keys must be in one of the following formats:
	-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEF...
	-----END PUBLIC KEY-----

	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQDfnaXDy9v4q8PfV ...
	-----END RSA PRIVATE KEY-----

	-----BEGIN RSA PRIVATE KEY-----
	Proc-Type: 4,ENCRYPTED
	DEK-Info: DES-EDE3-CBC,379AB79E55059F9A

	gaakm48Y8qYA997fJREN4JtfVkfTdnVzaZK2 ....
	-----END RSA PRIVATE KEY-----

	(PKCS #8 formats)

	-----BEGIN PRIVATE KEY-----
	MIICeAIBADANBgkqhkiG9w0BA ....
	-----END PRIVATE KEY-----

	-----BEGIN ENCRYPTED PRIVATE KEY-----
	MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG .....
	-----END ENCRYPTED PRIVATE KEY-----
Binary DER keys are obtained by removing the header/footer lines and b64 decoding the inner content. (Note that the SSLeay encrypted private key contains the encryption details at the PEM level and therefore cannot be represented in binary DER format). For the SSLeay format, the only supported encryption this utility provides is DES-EDE3-CBC. For the PKCS #8 format, the only algorithm currently supported by this utility is PBEWithHmacSHA1AndDESede (PKCS #5, v 2.0). No assumptions of key size for the RSA keypair are made. The utility was tested with key sizes in the range 1024 to 16,384 bits, the maximum size RSA key supported by the Microsoft RSA Cryptographic Service Providers. The maximum size RSA key supported by Sun's Java 2 JCE provider implementation is only 2048 bits. (Note that currently Java 2 (v 1.5.0_06) does not support PKCS #5 v2 algorithms, but only PBEWithMD5AndDES (PKCS #5, v 1.5) and PBEWithSHA1AndDESede (PKCS#12) )

          Usage:       opensslkey.exe   [V]   
where the V indicates verbose output (all key details for both public and private keys are printed). The application prompts the user for an RSA key file (which can be in either PEM or binary DER formats). The beginning of the file is checked to determine if it is PEM encoded. If PEM encoded, Opensslkey determines if the key is a public or private key based on the header/footer lines. If binary DER encoded, Opensslkey sequentially tries to asn.1 parse the binary content until a match with a supported RSA key format is found (in the order SubjectPublicKeyInfo, RSAPrivateKey, PKCS #8 unencrypted and PKCS #8 encrypted). For PEM RSA Private Key formats, the PEM content is checked for the encryption specifiers "Proc-Type:" and "DEK-Info".
Sample console output for 1024 bit RSA key in Encrypted RSAPrivateKey format

Sample asn.1 dumps for different RSA keys (dumpasn1.exe) :

PEM formats cheat-sheet

Download Opensslkey.exe v 1.3.0.0 (40,088 bytes) (.NET 2, Digitally Signed)