[ietf-dkim] A question about public key formats
Steve Atkins
steve at wordtothewise.com
Fri May 22 23:24:47 PDT 2009
The OpenSSL library gives you access to the public key of an RSA pair
in several formats (PKCS#1, X509 and I think XML <RSAKeyValue>) and
the perl wrapper, Crypt::OpenSSL::RSA provides access to two of those
via functions:
get_public_key_string: Return the Base64/DER-encoded PKCS1
representation of the public key.
get_public_key_x509_string: Return the Base64/DER-encoded
representation of the "subject public key", suitable for use in X509
certificates.
It's not entirely clear to me from RFC4871 which of those is the
correct one to use - as it just points at RFC3447, which is not the
clearest of documents, and doesn't seem to say anything relevant. If I
had to guess, I'd say the former, as that's the form that's described
as a PKCS#1 format.
The implementations I've seen, and the ("INFORMATIVE") examples in
RFC4871 seem to use the latter.
I don't see how the normative section of 4871 suggests that the X509
format is the right one to use. Can anyone point me at the line of
reasoning there?
Cheers,
Steve
More information about the ietf-dkim
mailing list