11

In the documentation of ssh-keygen (man ssh-keygen) it says for the option -m that an export to the format “PKCS8” (PEM PKCS8 public key) is possible.

That works, and I can read the files using openssl. But the thing that really confuses me: isn't PKCS#8 a format for private keys?

Or is PKCS#8 a format for the keypair, and the private key is omitted? Those formats are really confusing.

Here is an example key exported with ssh-keygen -m PKCS8 -e:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRKdrvmS/1FdSvzljmq8
jNEAPMLLxuTT+yCAw5gZ5VaXQ6BR1LudV2N6YOFYp7yUoOye3CobHI9GhAXrNaHr
S3XoMk7/49g/uNNjJUTPzQ1xXZRbTnRgOkAbstYZDWY53S8X8fqk6ET0h3q2VwTu
vkNkzZpiswkSFi7/SqLF0P+DEewyDTeywaGTUO4ls+8nTtl+T63LRSBGd8qUdOzg
nfhr/YosKg3ePFyw1uC2UCK65KG47kmext+rLGFXT1o8oZ/Mlw5e+0aVSEoa6+MG
vXmhdV0IURnw/DJlalisxppFDHjyg6amBqC08w7r1nooqZvnjCXiXR+LEPlfj6hm
1wIDAQAB
-----END PUBLIC KEY-----
Edward
  • 211
  • 1
  • 2
  • 5

1 Answers1

7

What you have here is indeed a structure called SubjectPublicKeyInfo often abbreviated as SPKI. It's usually part of an X.509 certificate, but it is often also used separate from a certificate. It's, for instance, the default encoding for RSA public keys in Java and OpenSSL.

You can view the complete structure here and compare it with the SubjectPublicKeyInfo structure defined here. Of course, you'll only see it up to the BIT STRING. The BIT STRING itself contains the structure defined as RSAPublicKey here. The shown BIT STRING in the structure contains the RSAPublicKey structure which is identified by the 1.2.840.113549.1.1.1 (RSAEncryption) object identifer (OID).

It's certainly not PKCS#8. That's indeed for encoding private keys. The private key structures defined in PKCS#8 may also contain the public key or allow the public key to be computed efficiently. They do however not support encoding of public keys separately.

Some libraries confuse keys encoded using PKCS#8 and SubjectPublicKeyInfo of X.509. Both standards use an almost identical method of encoding the keys, and are therefore often used together. Some libraries do confuse the terms and allow "pkcs8" or "pk8" export of public keys while that is clearly incorrect - you would just get an SPKI-structure.

Note that what you are currently showing is the PEM encoding of said SubjectPublicKeyInfo. The PEM structure, sometimes also called "ASCII armor", makes it possible to send binary data over text interfaces, e.g. mail. It consists of the header, the footer and the base 64 encoding of the binary contents.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323