Keywords: RSA Public Key | ASN.1 Encoding | OpenSSH Format
Abstract: This article provides an in-depth examination of various RSA public key formats, including OpenSSH, RFC4716 SSH2, and PEM-formatted RSA PUBLIC KEY. Through detailed analysis of Base64-encoded hexadecimal dumps, it explains the ASN.1 structure encoding in RSA public keys and compares differences and application scenarios across formats. The article also introduces methods for parsing key structures using OpenSSL tools, offering readers comprehensive understanding of RSA public key format specifications.
Overview of RSA Public Key Formats
RSA public keys are serialized in multiple formats depending on application contexts, primarily including OpenSSH format, RFC4716 SSH2 format, and PEM-formatted RSA PUBLIC KEY. While all these formats contain identical key information, their encoding methods and structures exhibit significant differences. Understanding these formats is crucial for proper usage and conversion of RSA public keys.
OpenSSH Format Analysis
The OpenSSH format RSA public key begins with ssh-rsa followed by Base64-encoded key data. Decoding the hexadecimal data reveals its internal structure:
00 00 00 07 73 73 68 2d 72 73 61 00 00 00 01 25 00 00 01 00 7f 9c ...According to RFC 4253 specification, the OpenSSH format RSA public key encoding consists of:
- First four bytes
00 00 00 07indicating string length (7 bytes) - Next seven bytes
73 73 68 2d 72 73 61corresponding to ASCII string"ssh-rsa" - Subsequent four bytes
00 00 00 01indicating exponent length (1 byte) - Exponent value
25(hexadecimal) corresponding to decimal 37 - Following four bytes
00 00 01 00indicating modulus length (256 bytes) - Remaining data comprising 256-byte RSA modulus
RFC4716 SSH2 Format
The SSH2 public key format defined by RFC4716 employs specific headers and footers:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYs
...
---- END SSH2 PUBLIC KEY ----This format shares the same Base64-encoded data as the OpenSSH format but adds standardized boundary markers. It's important to note that merely modifying boundary markers does not correctly convert keys between different formats.
PEM-formatted RSA PUBLIC KEY
The PEM-formatted RSA PUBLIC KEY utilizes ASN.1 DER encoding with specific boundary markers:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+xGZ/wcz9ugFpP07Nspo6U17l0YhFiFpxxU4pTk3Lifz9R3zsIsu
...
-----END RSA PUBLIC KEY-----Using OpenSSL tools enables parsing of its ASN.1 structure:
grep -v -- ----- | tr -d '\n' | base64 -d | openssl asn1parse -inform DERThe parsing results display the complete ASN.1 sequence:
0:d=0 hl=4 l= 266 cons: SEQUENCE
4:d=1 hl=4 l= 257 prim: INTEGER
265:d=1 hl=2 l= 3 prim: INTEGERDeep Analysis of ASN.1 Structure
According to RFC 3447, the ASN.1 definition for RSA public key is:
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}Detailed analysis of the example key's hexadecimal data:
30 82 01 0a ;SEQUENCE (266 bytes)
02 82 01 01 ;INTEGER (257 bytes)
00 ;leading zero
fb 11 99 ff ... ;modulus value
02 03 ;INTEGER (3 bytes)
01 00 01 ;exponent value (65537)This structure ensures standardization and interoperability of RSA public keys.
Format Conversion and Tool Usage
Converting RSA public keys between different formats requires specialized tools rather than simple boundary marker modifications. OpenSSL provides comprehensive key handling capabilities:
# Parse PEM format key
openssl rsa -pubin -in public.pem -text -noout
# Convert formats
openssl rsa -pubin -in sshkey.pub -outform PEM -out rsa.pemProper understanding of encoding rules for various formats is essential for secure handling of RSA public keys.
Application Scenarios and Best Practices
Different formats suit different application scenarios: OpenSSH format primarily for SSH authentication, PEM format widely used in web security and certificate management, while DER format commonly employed in embedded systems. When selecting key formats, consider target system compatibility requirements and adhere to relevant security standards.