search

briansmith / webpki

WebPKI X.509 Certificate Validation in Rust
https://briansmith.org/rustdoc/webpki/
Other
459 stars 164 forks source link

How to extract public key (as EcKey) #204

Closed ppmag closed 3 years ago

ppmag commented 3 years ago

Is there a way to extract public key with webpki API? I need it as OpenSSL EcKey struct but access to raw bytes will also fine.

I'm validating my certificates with webpki, but also I need to pass public EcKey to external tool, which validates COSE Sign1 signed document with embedded public key in this attached cert.

For now I'm forced to use x509-parser crate to extract SubjectPublicKeyInfo and then use OpenSSL for key instantiation:

let group = EcGroup::from_curve_name(Nid::SECP384R1).unwrap();
let mut ctx = BigNumContext::new().unwrap();
let point = EcPoint::from_bytes(&group, &ee_pub_key, &mut ctx).unwrap();
let key = EcKey::from_public_key(&group, &point).unwrap();

As a result: redundant dependencies and dubious prospects to escape from OpenSSL.

briansmith commented 3 years ago

Hi, yes, we should add this. There's already an issue for it, issue #85, so I'm going to close this as a duplicate of that.