Unable to load certificate in OpenSSL

I am trying to read a certificate using OpenSSL that is generated by Google Play. The certificate is described as follows:

The Base64-encoded RSA public key that is generated by Google Play is in binary encoded, X.509 subjectPublicKeyInfo DER SEQUENCE format.

I decoded the given Base64-encoded string into binary using OpenSSL from the command line using this:

openssl enc -base64 -d -A <<< THE_KEY_CONTENT > key.der

The binary file appears to be reasonable. It's 294 bytes and the first byte is 0x30 which I believe matches up with a SEQUENCE.

With the resulting binary file, I attempt to run the following command:

openssl x509 -inform der -in key.der -out key.pem

But I get the following errors from OpenSSL:

unable to load certificate 140736245019656:error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1199:140736245019656:error:0D06C03A:asn1
encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:767:140736245019656:error:0D08303A:asn1
encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested
asn1 error:tasn_dec.c:699:Field=serialNumber, Type=X509_CINF 140736245019656:error:0D08303A:asn1
encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=cert_info, Type=X509

Is there something I'm missing to get this certificate loaded? I'm assuming Google wouldn't be giving me a bad certificate!

0

1 Answer

The problem was that I interpreted the description to mean there was an entire X509 certificate contained within the .der file, when in fact it was only the RSA public key DER-encoded.

As a result, the correct command to issue turned out to be the following:

openssl rsa -inform der -in key.der -pubin

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like