1

There are plenty of instructions for converting PEM certificates to DER which also pop up when looking for ways to convert public keys.

These are among the options offered:

openssl x509 -in cert.pem -out cert.der
openssl rsa -in cert.pem -out cert.der
openssl pkey -in cert.pem -out cert.der

But if the file contains only a public key and nothing else, those commands will fail with Expecting: TRUSTED CERTIFICATE or Expecting: ANY PRIVATE KEY.

What does convert a plain public key - not a certificate - from PEM to DER?

Here is an example public key:

-----BEGIN PUBLIC KEY-----
MIIDJTCCAhgGCSqGSIb3DQEDATCCAgkCggEBAIeo5h20tmY8/7vRnGUZWZmM7vYI
Zg3Q8l0s7tRDXjsA4A348dYZV9T6999FYbKqMBbD2RE0CW+qO/QpbYMOmnwgngxk
l1F6vVqKnTBrz2ftkfnmcltHWMAi4LHvQnW/e2xb/BHUX5CIuUH1TrHlm7i8OaC/
EjB/XE/bcMWBsj92tjrK4cqmt5AtUlJnNUiKDvE8bZpRv6SrOtg0d5ZSTY72oWe1
pBgl2WfhROUUBWQlHMrLg+a0hvazyj95cVBgJsC4V/aJlihW3tQBCr0L5iHDo5YK
VOcQw3XyY3XXAUEDpLVDMMGYrxJhFtInbhFxX2k4d/rX7wnK2wlK6R4aFZcCggEA
P7Msm3MTTQsud1BmYO29SEynsY8h7yBUB/R5OhoLoSUQ28FQd75GP/9P7UqsC7VV
vjpsGwxrR7G8N3O/foxvYpASKPjCjLsYpVrjE0EACmUBlvkxx3pX8t30Y+Xp7BRL
d33mKqq4qGKKw3bSgtbtOGTmeYJCjryDHRQ0j28vkZO1BFrydnFk4d/JZ8H7Py5V
pL0b/+g7nIDQUrmF0YLqCtsqO3MT0/4UyEhLHgUliLm30rvS3wFhmezQbhVXzQkV
szU7u2Tg7Dd/0Cg3DfkrUseJFCjNxn62GEtSPR2yRsMvYweEkPAO+NZH0UjUeVRR
XiMnz++YxYJmS0wPbMQWWQOCAQUAAoIBAFRi1ECuWWSfZax8haB79aXBou+M9mJj
N8VtdQPuJCG0A6w5SKe+wNaQs71OjJMAx2ajKb1cVvT7xh4ipVJd7MVefSzIFPhA
1hLQzxRZ/SAzLA71aPWZcX8Txf2wca4CIjlb8GLlf4xJTk12hwxo8obL5H4GV9EQ
6D6iMK95RrmG2DtZjOa6etnNl3VY7YX+e8YcGgYqlE3pKD5TpvOOerq352IZBCc5
ZUiz1bv+jmywhps/2oYnvVWM/ZKtGUX3ry+ZxTBIO6dJpU9M7ZmYvHscgkBj3/ta
lhYAx41oPwNHLfwp1MMXr9mHJi/4yKlStxRtgmQl6as3H4vSbGfUTrU=
-----END PUBLIC KEY-----
Banyoghurt
  • 41
  • 6

1 Answers1

3

The pkey subsystem offers a -pubin option to specify that the input is actually a public key:

openssl pkey -in public_key.pem -pubin -outform der -out public_key.der

Banyoghurt
  • 41
  • 6