1

Generating a Private Key...

$ openssl genrsa -out ./oci_api_key.pem 2048

Generate a Public Key...from the private key:

I'm trying to generate a public key from a private key in PEM format (the Base64 of a DER) by running:

$ openssl rsa -pubout -in ./oci_api_key.pem -out ./oci_api_key_public.pem

Next I'd like to:

Verify they go together...by comparing their MODULUS...

Private Key Modulus:

$ openssl rsa -in ./oci_api_key.pem -noout -modulus
MODULUS=<long-hex-number>

Public Key Modulus (doesn't work):

$ openssl x509 -in ./oci_api_key_public.pem -noout -modulus

So what am I missing here? unable to load certificate 140084471075264:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE

But it doesn't appear to work. My public key doesn't have the TRUSTED CERTIFICATE line in it instead it's -----BEGIN PUBLIC KEY-----

leeand00
  • 1,297
  • 1
  • 13
  • 21
  • A certificate is not a public key and a public key is not a certificate. A (X.509 PK-not-Attr) certificate _contains_ a public key but that is quite different from _being_ a public key. – dave_thompson_085 Aug 23 '19 at 09:18
  • @dave_thompson_085 that guy’s site must have an error in it; but he wrote a whole book on how to implement the algorithm, so I just assumed he knew what he was talking about l. – leeand00 Aug 23 '19 at 11:09

1 Answers1

1

You need to add -pubin to your openssl rsa invocation to work with the public key:

$ openssl rsa -pubin -in ./oci_api_key_public.pem -noout -modulus
gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • 1
    Note OpenSSH since 7.8 (2018-08) by default writes OpenSSH's own 'new format' files which cannot be processed by OpenSSL. We have _many_ Qs on this, some on other Stacks; google +ssh-keygen +"-m pem" – dave_thompson_085 Aug 23 '19 at 09:20