Reading a ASN.1 DER-encoded RSA Public key

问题

I'm writing an app to get a better understanding of DKIM. The spec says I retrieve a "ASN.1 DER-encoded" public key from the domain TXT record. I can seen the key on "s1024._domainkey.yahoo.com" = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm".

How can I use this key from .net? The examples I've seen get the key from a X509Certificate2, or an XML file containing the RSAParameters.

CORRECTION: I copy/pasted the key above from the network-tools.com DNS tool, which must've cut it short. nslookup gives me the full key:

s1024._domainkey.yahoo.com text = "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm" "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bTxhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj+XcwIDAQAB; n=A 1024 bit key;"

So abelenky was on the right track with BASE64..

回答1:

This is the base64-encoding of the DER-encoding of an ASN.1 PublicKeyInfo containing an RSA public key.

Here is a translation:

   0 30  159: SEQUENCE {
   3 30   13:   SEQUENCE {
   5 06    9:     OBJECT IDENTIFIER '1 2 840 113549 1 1 1'
  16 05    0:     NULL
            :     }
  18 03  141:   BIT STRING 0 unused bits, encapsulates {
  22 30  137:       SEQUENCE {
  25 02  129:         INTEGER
            :           00 EB 11 E7 B4 46 2E 09 BB 3F 90 7E 25 98 BA 2F
            :           C4 F5 41 92 5D AB BF D8 FF 0B 8E 74 C3 F1 5E 14
            :           9E 7F B6 14 06 55 18 4D E4 2F 6D DB CD EA 14 2D
            :           8B F8 3D E9 5E 07 78 1F 98 98 83 24 E2 94 DC DB
            :           39 2F 82 89 01 45 07 8C 5C 03 79 BB 74 34 FF AC
            :           04 AD 15 29 E4 C0 4C BD 98 AF F4 B7 6D 3F F1 87
            :           2F B5 C6 D8 F8 46 47 55 ED F5 71 4E 7E 7A 2D BE
            :           2E 75 49 F0 BB 12 B8 57 96 F9 3D D3 8A 8F FF 97
            :           73
 157 02    3:         INTEGER 65537
            :         }
            :       }
            :   }

The OBJECT IDENTIFIER indicates that the following BIT STRING contains the encoding of an RSAPublicKey. The INTEGERs are the modulus and the public exponent.

You can decode the base64 with Convert.FromBase64String, but I don't think .NET has built-in functionality for parsing PublicKeyInfos, so you need to use a 3rd party tool like BouncyCastle.

回答2:

For anyone interested in this matter I would suggest the System.Security.Cryptography.X509Certificates.PublicKey which can be used to read a DER encoded public key.

回答3:

That string looks like its some sort of base-64 encoding. If you convert that string from base-64 to a BLOB, it should then be in valid ASN.1 format.

回答4:

Try the bouncycastle library, it provides great functionality for such cases.

来源：https://stackoverflow.com/questions/1281102/reading-a-asn-1-der-encoded-rsa-public-key