public_key:pem_decode/1 and public_key:verify/4

> Hi all,
> It seems that public_key:pem_decode/1 can't decode public
> keys.
>
> I wanted use public_key:verify/4 to verify a digital signature
> and for that I used public_key:pem_decode/1 to extract the
> public key.
>
> 26> {ok, Bin} = file:read_file("key.pub").
> {ok,<<"-----BEGIN RSA PUBLIC
> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5C9TfRVJDUuxz"...>>}
> 27> rp(Bin).
> <<"-----BEGIN RSA PUBLIC
> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5\nC9TfRVJDUuxzigvXuTh0tlba+9AyIe2hxAztjs43pSKy5VnnJlSjMBVDay8XmNjh\nlUxid/ZV2hDkKlwHDCnZjdZpeXqdtGbZ7o3N7wOBzJSRQ7kqzQHXAgMBAAE=\n-----END
> RSA PUBLIC KEY-----\n">>
> ok
> 28> public_key:pem_decode(Bin).
> []
>
> That was a surprise.
>
> Cheers
> /Jocke
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>

> Maybe the asn1 type of your key file is not supported by public_key.  You can check it and use openssl to convert the key format.
>
> 在 2011-1-19，下午5:23， Joakim G. 写道：
>
>> Hi all,
>> It seems that public_key:pem_decode/1 can't decode public
>> keys.
>>
>> I wanted use public_key:verify/4 to verify a digital signature
>> and for that I used public_key:pem_decode/1 to extract the
>> public key.
>>
>> 26> {ok, Bin} = file:read_file("key.pub").
>> {ok,<<"-----BEGIN RSA PUBLIC
>> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5C9TfRVJDUuxz"...>>}
>> 27> rp(Bin).
>> <<"-----BEGIN RSA PUBLIC
>> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5\nC9TfRVJDUuxzigvXuTh0tlba+9AyIe2hxAztjs43pSKy5VnnJlSjMBVDay8XmNjh\nlUxid/ZV2hDkKlwHDCnZjdZpeXqdtGbZ7o3N7wOBzJSRQ7kqzQHXAgMBAAE=\n-----END
>> RSA PUBLIC KEY-----\n">>
>> ok
>> 28> public_key:pem_decode(Bin).
>> []
>>
>> That was a surprise.
>>
>> Cheers
>> /Jocke
>>
>> ________________________________________________________________
>> erlang-questions (at) erlang.org mailing list.
>> See http://www.erlang.org/faq.html
>> To unsubscribe; mailto:[hidden email]
>>
>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>
>

> Hi!
>
> All possible PEM-types are not supported by public_key, the currently
> supported types are mainly a result of what we need
> for the ssl-application. More types may of course be added if there is
> a need. You are welcome to contribute PEM-types that may be of common
> use.
>
> If you want the public part of your own rsa-key it is included in the
> private-key and you can  decode that file with public_key and
> pick out the public part.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
>
> 2011/1/19 caox <[hidden email]>:
>> Maybe the asn1 type of your key file is not supported by public_key.  You can check it and use openssl to convert the key format.
>>
>> 在 2011-1-19，下午5:23， Joakim G. 写道：
>>
>>> Hi all,
>>> It seems that public_key:pem_decode/1 can't decode public
>>> keys.
>>>
>>> I wanted use public_key:verify/4 to verify a digital signature
>>> and for that I used public_key:pem_decode/1 to extract the
>>> public key.
>>>
>>> 26> {ok, Bin} = file:read_file("key.pub").
>>> {ok,<<"-----BEGIN RSA PUBLIC
>>> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5C9TfRVJDUuxz"...>>}
>>> 27> rp(Bin).
>>> <<"-----BEGIN RSA PUBLIC
>>> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5\nC9TfRVJDUuxzigvXuTh0tlba+9AyIe2hxAztjs43pSKy5VnnJlSjMBVDay8XmNjh\nlUxid/ZV2hDkKlwHDCnZjdZpeXqdtGbZ7o3N7wOBzJSRQ7kqzQHXAgMBAAE=\n-----END
>>> RSA PUBLIC KEY-----\n">>
>>> ok
>>> 28> public_key:pem_decode(Bin).
>>> []
>>>
>>> That was a surprise.
>>>
>>> Cheers
>>> /Jocke
>>>
>>> ________________________________________________________________
>>> erlang-questions (at) erlang.org mailing list.
>>> See http://www.erlang.org/faq.html
>>> To unsubscribe; mailto:[hidden email]
>>>
>>
>>
>> ________________________________________________________________
>> erlang-questions (at) erlang.org mailing list.
>> See http://www.erlang.org/faq.html
>> To unsubscribe; mailto:[hidden email]
>>
>>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>

> Thanks, I see.
>
> I'm using keys as defined in:
> https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=doc/spec/tor-spec.txt
>
> That is:
>
> "For a public-key cipher, we use RSA with 1024-bit keys and a fixed
> exponent of 65537.  We use OAEP-MGF1 padding, with SHA-1 as its digest
> function.  We leave the optional "Label" parameter unset. (For OAEP
> padding, see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf)"
>
> I only have the public keys to work with. Not a surprise. :-)

> Hi again,
>
> The PKCS-1 asn-1 spec is part of public key. PEM-files are mainly
> base64-encoded  asn1 DER data.
> Pem files looks something like this:
>
> <text>
> -----BEGIN SOMETHING-----<CR><LF>
> <Base64 encoding line><CR><LF>
> <Base64 encoding line><CR><LF>
> ...
> -----END SOMETHING-----<CR><LF>
> <text>
>
> Adding support for the something = RSA PUBLIC KEY should be fairly
> simple as the ASN1- spec is alredy in place.
>
> 2011/1/19 Joakim G. <[hidden email]>:
>> Thanks, I see.
>>
>> I'm using keys as defined in:
>> https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=doc/spec/tor-spec.txt
>>
>> That is:
>>
>> "For a public-key cipher, we use RSA with 1024-bit keys and a fixed
>> exponent of 65537.  We use OAEP-MGF1 padding, with SHA-1 as its digest
>> function.  We leave the optional "Label" parameter unset. (For OAEP
>> padding, see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf)"
>>
>> I only have the public keys to work with. Not a surprise. :-)
>
> No not really, but you never know, with time I learnt not to take
> anything for granted  ;)
>
>>
>> I will see if I can find more info on this.
>
> [...]
>
> I will put it on the wish-list, but we have got a lot of other things
> on our table so a contribution
> will proably speed things up.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>

> I updated pubkey_pem.html a tiny little bit and it seems to
> work:
>
> jocke@xev:~/installs/otp_src_R14B01/lib/public_key/src$ diff -bwt
> pubkey_pem.erl.orig pubkey_pem.erl
> 157a158,159
>> join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines],
> Entry) ->
>>     {lists:reverse(Entry), Lines};
> 212a215,216
>> pem_start('RSAPublicKey') ->
>>     <<"-----BEGIN RSA PUBLIC KEY-----">>;
> 221a226,227
>> pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>     <<"-----END RSA PUBLIC KEY-----">>;
> 232a239,240
>> asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>     'RSAPublicKey';
>
> Thanks
> /Jocke
>
> On 2011-01-20 10:37, Ingela Andin wrote:
>> Hi again,
>>
>> The PKCS-1 asn-1 spec is part of public key. PEM-files are mainly
>> base64-encoded  asn1 DER data.
>> Pem files looks something like this:
>>
>> <text>
>> -----BEGIN SOMETHING-----<CR><LF>
>> <Base64 encoding line><CR><LF>
>> <Base64 encoding line><CR><LF>
>> ...
>> -----END SOMETHING-----<CR><LF>
>> <text>
>>
>> Adding support for the something = RSA PUBLIC KEY should be fairly
>> simple as the ASN1- spec is alredy in place.
>>
>> 2011/1/19 Joakim G. <[hidden email]>:
>>> Thanks, I see.
>>>
>>> I'm using keys as defined in:
>>> https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=doc/spec/tor-spec.txt
>>>
>>> That is:
>>>
>>> "For a public-key cipher, we use RSA with 1024-bit keys and a fixed
>>> exponent of 65537.  We use OAEP-MGF1 padding, with SHA-1 as its digest
>>> function.  We leave the optional "Label" parameter unset. (For OAEP
>>> padding, see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf)"
>>>
>>> I only have the public keys to work with. Not a surprise. :-)
>>
>> No not really, but you never know, with time I learnt not to take
>> anything for granted  ;)
>>
>>>
>>> I will see if I can find more info on this.
>>
>> [...]
>>
>> I will put it on the wish-list, but we have got a lot of other things
>> on our table so a contribution
>> will proably speed things up.
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>> ________________________________________________________________
>> erlang-questions (at) erlang.org mailing list.
>> See http://www.erlang.org/faq.html
>> To unsubscribe; mailto:[hidden email]
>>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>

> I updated pubkey_pem.html a tiny little bit and it seems to
> work:
>
> jocke@xev:~/installs/otp_src_R14B01/lib/public_key/src$ diff -bwt
> pubkey_pem.erl.orig pubkey_pem.erl
> 157a158,159
>> join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines],
> Entry) ->
>>     {lists:reverse(Entry), Lines};
> 212a215,216
>> pem_start('RSAPublicKey') ->
>>     <<"-----BEGIN RSA PUBLIC KEY-----">>;
> 221a226,227
>> pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>     <<"-----END RSA PUBLIC KEY-----">>;
> 232a239,240
>> asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>     'RSAPublicKey';
>
> Thanks

> Hi there,
>
> I'm very interested in adding support for RSA public key decoding to
> the public_key module.  My use case is similar in that I need to be
> able to verify/decrypt when all I have is the RSA public key in PEM
> format.
>
> 2011/1/20 Ingela Andin <[hidden email]>:
>> The PKCS-1 asn-1 spec is part of public key. PEM-files are mainly
>> base64-encoded  asn1 DER data.
> [snip]
>> Adding support for the something = RSA PUBLIC KEY should be fairly
>> simple as the ASN1- spec is alredy in place.
>
> I started working on such a patch and you are right that the changes
> to read in the pem data are fairly simple.
>
> However, once I have the DER format, I'm getting stuck with an error
> coming out of public_key:der_decode.  Not sure if I'm doing it wrong
> or if there is something wrong with the asn1 definition for RSA public
> keys.
>
> Here's what I'm trying (skipping the pem conversion for now):
>
> shell:
>
>  openssl genrsa > mykey.private
>  openssl rsa -in mykey.private -outform der -pubout > mykey.public.der
>
> erl:
>
>  {ok, PubDer} = file:read_file("mykey.public.der").
>  public_key:der_decode('RSAPublicKey', PubDer)
>
> ** exception error: no match of right hand side value {error,
>                                                       {asn1,
>                                                        {function_clause,
>
> [{'OTP-PUB-KEY',decode_integer,
>
> [{error,{asn1,{wrong_tag,{16,2}}}}]},
>
> {'OTP-PUB-KEY',decode_integer,3},
>
> {'OTP-PUB-KEY',dec_RSAPublicKey,2},
>
> {'OTP-PUB-KEY',decode,2},
>
> {public_key,der_decode,2},
>                                                          {erl_eval,do_apply,5},
>                                                          {shell,exprs,7},
>
> {shell,eval_exprs,7}]}}}
>     in function  public_key:der_decode/2
>
>
>
> Aside: when I use openssl to extract the public key, the output I get
> looks like:
>
> -----BEGIN PUBLIC KEY-----
> MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALyPPyTS+HyTV3oLf2z6W+H1NOKLos3K
> ztRytqJoIdvbzNFYsnJqFhabzhQx2DdPvTiHLZM1QHQ1Ma5yw5hjaQcCAwEAAQ==
> -----END PUBLIC KEY-----
>
> Note that it only says "PUBLIC KEY", not "RSA PUBLIC KEY".  You will
> get identical header values when extracting a DSA public key.
> So I'm unsure about how one can detect what type of public key one
> has.  Anyone know the details of how that's supposed to work?  This
> throws a wrinkle in pem_decode/1.  It may be that one needs to have
> pem_decode/2 for public keys where the user specifies what type of key
> is expected.
>
>
> If I can get a bit further I will put together a patch.
>
> Thanks,
>
>  + seth
>
> --
> Seth Falcon | @sfalcon | http://userprimary.net/
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>
>

> 2011/1/20 Joakim G. <[hidden email]>:
>> I updated pubkey_pem.html a tiny little bit and it seems to
>> work:
>>
>> jocke@xev:~/installs/otp_src_R14B01/lib/public_key/src$ diff -bwt
>> pubkey_pem.erl.orig pubkey_pem.erl
>> 157a158,159
>>> join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines],
>> Entry) ->
>>>     {lists:reverse(Entry), Lines};
>> 212a215,216
>>> pem_start('RSAPublicKey') ->
>>>     <<"-----BEGIN RSA PUBLIC KEY-----">>;
>> 221a226,227
>>> pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>>     <<"-----END RSA PUBLIC KEY-----">>;
>> 232a239,240
>>> asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>>     'RSAPublicKey';
>>
>> Thanks
>
> Our mails crossed.  When you say "this seems to work", were you able
> to actually use the public key for verification/decryption?
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>

> Cheers
> /Jocke
>
> On 2011-01-21 00:03, Seth Falcon wrote:
>> 2011/1/20 Joakim G. <[hidden email]>:
>>> I updated pubkey_pem.html a tiny little bit and it seems to
>>> work:
>>>
>>> jocke@xev:~/installs/otp_src_R14B01/lib/public_key/src$ diff -bwt
>>> pubkey_pem.erl.orig pubkey_pem.erl
>>> 157a158,159
>>>> join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines],
>>> Entry) ->
>>>>     {lists:reverse(Entry), Lines};
>>> 212a215,216
>>>> pem_start('RSAPublicKey') ->
>>>>     <<"-----BEGIN RSA PUBLIC KEY-----">>;
>>> 221a226,227
>>>> pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>>>     <<"-----END RSA PUBLIC KEY-----">>;
>>> 232a239,240
>>>> asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>>>     'RSAPublicKey';
>>>
>>> Thanks
>>
>> Our mails crossed.  When you say "this seems to work", were you able
>> to actually use the public key for verification/decryption?
>>
>> ________________________________________________________________
>> erlang-questions (at) erlang.org mailing list.
>> See http://www.erlang.org/faq.html
>> To unsubscribe; mailto:[hidden email]
>>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>

> Hi,
>
> On Fri, Jan 21, 2011 at 12:48 AM, Ingela Andin <[hidden email]> wrote:
>> Well PEM-files that only BEGIN PUBLIC KEY and not BEGIN RSA PUBLIC
>> KEY are using another ASN1 spec and can contain both RSA and DSA
>> keys. It seems that it is the ASN1-spec SubjectPublicKeyInfo from
>> PKIXExplicit88.asn1 also part of public_key.
>
> Thanks, that was a very useful hint :-)
>
> I can now read RSA public key PEM files as generated by openssl.
> Here's the recipe (assuming stock public_key module):
>
>     read_rsa_public_key(Key) ->
>         Bin = erlang:iolist_to_binary(public_key_lines(re:split(Key,
> "\n"), [])),
>         Spki = public_key:der_decode('SubjectPublicKeyInfo',
> base64:mime_decode(Bin)),
>         {_, _, {0, KeyDer}} = Spki,
>         public_key:der_decode('RSAPublicKey', KeyDer).
>
>     public_key_lines([<<"-----BEGIN PUBLIC KEY-----">>|Rest], Acc) ->
>         public_key_lines(Rest, Acc);
>     public_key_lines([<<"-----END PUBLIC KEY-----">>|Rest], Acc) ->
>         lists:reverse(Acc);
>     public_key_lines([Line|Rest], Acc) ->
>         public_key_lines(Rest, [Line|Acc]).

> On 2011-01-21 12:47, Joakim G. wrote:
>> With this patch public_key:pem_decode/1 returns a RSAPublicKey
>> record as defined in public_key.hrl (instead of just []).
>>
>> I haven't used the output yet though. :-)
>>
>> I will experiment with public_key:verify/4 over the weekend.
>
> To verify: my naive fix did what is was supposed to do, i.e. this
> works with the patch applied:
>
>    [PemEntry] = public_key:pem_decode(<<"-----BEGIN RSA PUBLIC
> KEY-----\nMIGJAoGBAKhhZ8RrKaA0RWhjXJlSpTHd7/h6Luww9qeyUkEqBQyiCooZZGCYNle5\nC9TfRVJDUuxzigvXuTh0tlba+9AyIe2hxAztjs43pSKy5VnnJlSjMBVDay8XmNjh\nlUxid/ZV2hDkKlwHDCnZjdZpeXqdtGbZ7o3N7wOBzJSRQ7kqzQHXAgMBAAE=\n-----END
> RSA PUBLIC KEY-----">>),
>    RSAPublicKey = public_key:pem_entry_decode(PemEntry),
>
> I could then call:
>
> ==
>
> verify(PlainText, Signature,
>       #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) ->
>    PlainText ==
>        crypto:rsa_public_decrypt(Signature,
>                                  [crypto:mpint(Exp), crypto:mpint(Mod)],
>                                  rsa_pkcs1_padding).
>
> ==
>
> to verify a signature.
>
> AFAICS public_key:verify/4 is broken.
>
> I'm happpy now. The work can continue. :-)
>
> /Jocke
>
>> Cheers
>> /Jocke
>>
>> On 2011-01-21 00:03, Seth Falcon wrote:
>>> 2011/1/20 Joakim G. <[hidden email]>:
>>>> I updated pubkey_pem.html a tiny little bit and it seems to
>>>> work:
>>>>
>>>> jocke@xev:~/installs/otp_src_R14B01/lib/public_key/src$ diff -bwt
>>>> pubkey_pem.erl.orig pubkey_pem.erl
>>>> 157a158,159
>>>>> join_entry([<<"-----END RSA PUBLIC KEY-----", _/binary>>| Lines],
>>>> Entry) ->
>>>>>     {lists:reverse(Entry), Lines};
>>>> 212a215,216
>>>>> pem_start('RSAPublicKey') ->
>>>>>     <<"-----BEGIN RSA PUBLIC KEY-----">>;
>>>> 221a226,227
>>>>> pem_end(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>>>>     <<"-----END RSA PUBLIC KEY-----">>;
>>>> 232a239,240
>>>>> asn1_type(<<"-----BEGIN RSA PUBLIC KEY-----">>) ->
>>>>>     'RSAPublicKey';
>>>>
>>>> Thanks
>>>
>>> Our mails crossed.  When you say "this seems to work", were you able
>>> to actually use the public key for verification/decryption?
>>>
>>> ________________________________________________________________
>>> erlang-questions (at) erlang.org mailing list.
>>> See http://www.erlang.org/faq.html
>>> To unsubscribe; mailto:[hidden email]
>>>
>>
>> ________________________________________________________________
>> erlang-questions (at) erlang.org mailing list.
>> See http://www.erlang.org/faq.html
>> To unsubscribe; mailto:[hidden email]
>>
>
> ________________________________________________________________
> erlang-questions (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:[hidden email]
>
>

> Hi,
>
> On Fri, Jan 21, 2011 at 12:48 AM, Ingela Andin <[hidden email]> wrote:
>> Well PEM-files that only BEGIN PUBLIC KEY and not BEGIN RSA PUBLIC
>> KEY are using another ASN1 spec and can contain both RSA and DSA
>> keys. It seems that it is the ASN1-spec SubjectPublicKeyInfo from
>> PKIXExplicit88.asn1 also part of public_key.
>
> Thanks, that was a very useful hint :-)
>
> I can now read RSA public key PEM files as generated by openssl.
> Here's the recipe (assuming stock public_key module):
>
>    read_rsa_public_key(Key) ->
>        Bin = erlang:iolist_to_binary(public_key_lines(re:split(Key,
> "\n"), [])),
>        Spki = public_key:der_decode('SubjectPublicKeyInfo',
> base64:mime_decode(Bin)),
>        {_, _, {0, KeyDer}} = Spki,
>        public_key:der_decode('RSAPublicKey', KeyDer).
>
>    public_key_lines([<<"-----BEGIN PUBLIC KEY-----">>|Rest], Acc) ->
>        public_key_lines(Rest, Acc);
>    public_key_lines([<<"-----END PUBLIC KEY-----">>|Rest], Acc) ->
>        lists:reverse(Acc);
>    public_key_lines([Line|Rest], Acc) ->
>        public_key_lines(Rest, [Line|Acc]).
>
> I have a patch to the public_key module that makes this easier by
> introducing three new functions: public_key_type/1,
> pem_decode_public_key/1, and der_decode_public_key/1.
>
> public_key_type takes either a SubjectPublicKeyInfo record (as
> returned by der_decode/2 when given type 'SubjectPublicKeyInfo') or
> the algorithm id tuple that is a part of the 'SubjectPublicKeyInfo'
> record.  It is a wrapper for
> pubkey_cert_records:supportedPublicKeyAlgorithms/1.
>
>
> pem_decode_public_key
>
>    takes a PEM binary and in the case that pem_decode(PEM) returns
>    'SubjectPublicKeyInfo', it determines the public key type and does
>    der_decode so that the return value is the public key in a form
>    usable by functions like public_key:decrypt_public/2.  If the PEM
>    does not contain 'SubjectPublicKeyInfo', then it is passed through
>    unchanged.  I think this would be useful for Joakim's use case.
>
> der_decode_public_key
>
>    behaves similarly, but is given the DER encoded version of the
>    public key to start with.  Here, as I understand it, the problem
>    is a bit stickier because you can't know what type it is.  So it
>    tries each of ['SubjectPublicKeyInfo', 'RSAPublicKey',
>    'DSAPublicKey'] and returns similar to pem_decode_public_key.
>
> I've put the work-in-progress on a branch here:
>
>    https://github.com/seth/otp/tree/sf/rsa_pub_key
>
> I'm not sure if this is going in the right direction, so wrote this up
> (sorry for the length) to get some feedback.  I'm willing to make
> adjustments and spend time polishing a patch if there is some
> agreement on general direction.
>
> Best,
>
> + seth
>
>
> --
> Seth Falcon | @sfalcon | http://userprimary.net/
>

>> It will not then be a 100 % symmetric with pem_entry_encode but I
>> think  that is ok, it could be mentioned in the documentation.
>> Another reason that this is a good idea is that it will not then be
>> sensitive to that the public_key is the only entry in the file.
>> PEM files may contain several entries which is not handled by your
>> function.
>
> Do you think it should be possible to reproduce the
> SubjectPublicKeyInfo-style PEM file given an 'RSAPublicKey' record
> type?  I think this has some value, aside from symmetry, because it is
> the default output of openssl.
>
> I admit that I haven't yet worked through the encoding cases in any
> detail, so perhaps I'm not clear on how this is supposed to work.
>

> Ah, sorry accidently hit send before finished ...
>
> [...]
>
>> I thought some more about this and I feel the right way to go is have
>> several clauses in pem_entry_encode for the asn1-type  'SubjectPublicKeyInfo'
>> some thing along the lines
>>
>> pem_entry_decode(,  #'RSAPublicKey'{} = Key) ->
>        SubjectPublicKeyInfo =
> create_subject_public_key_info_from_rsa_public_key(Key),
>        pem_entry_decode( 'SubjectPublicKeyInfo', Key).
>