Home/ Questions/Q 6254555
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T14:11:56+00:00

I had created key pair on iOS with using SecKeyGeneratePair and then exported keys

  • 0

I had created key pair on iOS with using SecKeyGeneratePair and then exported keys to publicKey and privateKey with using SecItemCopyMatching (Base64 encoded before exporting of course). Now I have a problem to encrypt data with using public key. I use next OpenSSL command: 

openssl rsautl -encrypt -inkey publicKey -pubin -in text.txt -out text.enc

I got “unable to load Public Key” response from OpenSSL.

I have analyzed publicKey and noticed that it contains only next content:

SEQUENCE(2 elem)
|  INTEGER(1023 bit)
|  INTEGER 65537

when public keys generated by OpenSSL contains additional info about algorithm like that sample which was created by OpenSSL:

SEQUENCE(2 elem)
| SEQUENCE(2 elem)
| | OBJECT IDENTIFIER 1.2.840.113549.1.1.1
| | NULL
| BIT STRING(1 elem)
| | SEQUENCE(2 elem)
| | | INTEGER(1024 bit)
| | | INTEGER 65537

First question is why publicKey contains only 1023 bit for key? OpenSSL’s public key has 1024 bit length for that.

I tried to create additional ASN.1 structure for publicKey which was generated by iOS (with using HEX editor and fixing SEQUENCE length). Its format is correct (I have checked that here http://lapo.it/asn1js/), but I still can’t use it for OpenSSL. Looks like because public key returned by SecItemCopyMatching has lost byte.

I checked the content of privateKey also, because it contains publicKey inside. The length of the publicKey there also 1023 bits.

Can you help me please? Thanks in advance. Here is a key pair which was generated on iOS device:

publicKey:

MIGIAoGAaXp7vlZ5WmCzaL1rrBKXC8rJuc7EpH7Us/0t4R3hJoDOtRJxywegPY6wm45Oiud7UDh+9loebAg4dcpUP1le5SkbxrC9Qp8XahmvYVMXUYVGDiLTWID3e3PdE7CwEM5/lz1c1vRRWjR+2GzvV4xf5gRwCzZW1tXvXCNWsraqwE8CAwEAAQ==

privateKey:

MIICWwIBAAKBgGl6e75WeVpgs2i9a6wSlwvKybnOxKR+1LP9LeEd4SaAzrUSccsHoD2OsJuOTorne1A4fvZaHmwIOHXKVD9ZXuUpG8awvUKfF2oZr2FTF1GFRg4i01iA93tz3ROwsBDOf5c9XNb0UVo0fths71eMX+YEcAs2VtbV71wjVrK2qsBPAgMBAAECgYBolCowc2hqdUosZPJmbyAXbv5HHXzWY3Hc6v8cHhXnqPpJiXoNhQgZQGpWMOgqzIv0467t7jgPgK8KCosxLBjqvQTVzBkHTsBpBAaJgxzgP04pD8EnJp6uwwx8fZcP3PQOwGkmtWf2KyAcBZD3A+snCxGTRMDOrEPzQe6kBapBwQJBASG9Go92pjIqTRMMam5A5oUt9R1/iNx0wHowStyf2KHik1GRidaENIYkobZEzjKEbskcq3LGJGna163uu/Y55l8CQF0yLFHBdMi9hYX49s8Abzkd+3sGI29hFkLrL01ZB2xV/WceNLQH7jxplRClri9Ccr1QFkMGcaXRv2X+eNu6DBECQQEdlTxZzhQwfBtuPB2nwNa2zL6+rZdj3Lxfc7xGTFQF9MNKcg6P3825rt+qPZWUm45rMpQXVBBOOkO+kAK6xwU3AkBIE8vPFy25K0qfSOOpSQ68QAIFLcQuGgpbiwU0bwycrwyiuevM6O1J7+aHz3udtWiEHfJ5t/whYM0ElwDl/0fhAkEAq0EWoY8mQjHAGPMIhIty48fDbJCeFWFPx8lR+gegR1KwcIzcCGrYnHt8ihrfPm9ySjXwWDLYhBx0A5m+IbRZaA==

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    OpenSSL requires the key in X.509 format (see RFC 3280):

     SubjectPublicKeyInfo  ::=  SEQUENCE  {
        algorithm            AlgorithmIdentifier,
        subjectPublicKey     BIT STRING  }

   AlgorithmIdentifier  ::=  SEQUENCE  {
        algorithm               OBJECT IDENTIFIER,
        parameters              ANY DEFINED BY algorithm OPTIONAL  }

    The “subjectPublicKey” string depends on the algorithm. For RSA it is (RFC 3447):

      RSAPublicKey ::= SEQUENCE {
      modulus           INTEGER,  -- n
      publicExponent    INTEGER   -- e
  }

    I don’t think it’s a problem that the key is 1023 and not 1024 bits. But you can try to generate a few more and see if they’re all 1023 bits long.

    What does OpenSSL say when you try to use your own creation (the updated ASN.1 structure)? Can you post it here?

    Also, OpenSSL expects it in PEM format with “—–BEGIN RSA PUBLIC KEY—–” and “—–END RSA PUBLIC KEY—–” around the Base64 data.

    • 0