Converting .PUB certificate to .PEM

Is there any tool to convert .PUB public key as attached to .PEM or .der or any Open ssl format. and also a command to convert would be much appreciated.

Regards
Kalyan.
kalyangkmAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
Not seeing an attachment, but please note the following;

Normally, a pub file is a bare public key, which is half of the RSA public keypair system (one key is used for encryption, one for decryption; the other half is usually a dot-key file containing the secret key, which is the decryption and signature creation key)

a cer file (regardless of format, although pem is customary) contains a "certificate". A certificate (and normally this is to the x509 standard) is a composite containing the public key (so, the pub file contents), some identity data (for both certificate owner and certificate issuer) and a digital signature (created by the issuer using their own secret key) that proves that the identity data has not changed since the cert was issued (there is also some usage timeframe data and so forth but that's commercial; certs pretty much have a validity range so that they can sell you another once that expires)

So, with that in mind, it is usually easy to get from a cer to a pub (just as you can easily take a single pencil from a set of coloured pencils) but near impossible to get from just a pub to the original cer (again, you can't get easily from one pencil to an entire set)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
this tool can be handy which also include the openssl conversion in the article.
SSL Converter to convert SSL certificates to and from different formats such as pem, der, p7b, and pfx. Different platforms and devices require SSL certificates to be converted to different formats. For example, a Windows server exports and imports .pfx files while an Apache server uses individual PEM (.crt, .cer) files.
https://www.sslshopper.com/ssl-converter.html

Most will use pem instead of pub hence use of openssl such as below can be considered before starting off to various conversion needs e.g
openssl genrsa -out temp.pem 1024
openssl rsa -in temp.pem -pubout -out temp.pub
Dave HoweSoftware and Hardware EngineerCommented:
@btan can't think of anything that would take a pub if a cer is required....
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

btanExec ConsultantCommented:
I see .pub as the public key so that can be extracted from cert into pem or already generated separately. Just seeing it in a simpler context if all we want is the public key to be in various format.

With Base64 encoding content of public key
"-----BEGIN CERTIFICATE-----"
...
"-----END CERTIFICATE-----"
or
"-----BEGIN X509 CERTIFICATE----"
...
"-----END X509 CERTIFICATE----".
or
In RFC represented in ASN as
 SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING  }
Dave HoweSoftware and Hardware EngineerCommented:
that is true, but normally the pub will already be in pem format - but won't be a cert in pem format, just the public key.
For example:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY7xbEcR4UlBVMWifsgl
10y6P9rCXfwcikYe0keRHH+yaSI8mPwfvZR+KQQr+9qliQKVZw3Xduj357MPJO7c
sFMCbM+UCNRUpvEy+vrRJpc7PlVr+WOMhjK/eu9EZal4ceiBEIuqgt4o5eJFTD4A
oeo8XHc+P/brAclYLEJp0YQp1sOu3FBsLjr9i8tjZPvsJOrbASpCe+BFkBiMAG7J
FxZH2pPOCUhnlKiaGvbpSUfCyqfRG8/atXpztdJk+gm2DLCfWk8oPKbm2UL1vLjC
vWMtGd/ozPSQZS9PxiFt+xapnwT1zkBlQCRksWdNYQtjRKNar4qBOUAFgWgoyKJY
9QIDAQAB
-----END PUBLIC KEY-----

Open in new window

Is the public key for experts-exchange
btanExec ConsultantCommented:
Agree Dave indeed. Better to work off using  pem in those format..into .der or others as shared in https://www.sslshopper.com/article-most-common-openssl-commands.html
kalyangkmAuthor Commented:
Dave/btan,

Nice discussion. So looks like we cant extract anything useful from just the .PUB unless we have a RSA public key pair?
Dave HoweSoftware and Hardware EngineerCommented:
More that there isn't anything useful extractable from a PUB file, as it is just the public key, itself extractable from either the keypair or the certificate; the PUB is a single element of a larger collection, and contains just whatever numbers make up a key of that type (for RSA that would be exponent and modulus; for DSA or EC they would be values appropriate to those types, of course).

to give a (further) example, for the public key above (https://www.experts-exchange.com/) the openssl rsa tool extracts:
Public-Key: (2048 bit)
Modulus:
    00:a9:8e:f1:6c:47:11:e1:49:41:54:c5:a2:7e:c8:
    25:d7:4c:ba:3f:da:c2:5d:fc:1c:8a:46:1e:d2:47:
    91:1c:7f:b2:69:22:3c:98:fc:1f:bd:94:7e:29:04:
    2b:fb:da:a5:89:02:95:67:0d:d7:76:e8:f7:e7:b3:
    0f:24:ee:dc:b0:53:02:6c:cf:94:08:d4:54:a6:f1:
    32:fa:fa:d1:26:97:3b:3e:55:6b:f9:63:8c:86:32:
    bf:7a:ef:44:65:a9:78:71:e8:81:10:8b:aa:82:de:
    28:e5:e2:45:4c:3e:00:a1:ea:3c:5c:77:3e:3f:f6:
    eb:01:c9:58:2c:42:69:d1:84:29:d6:c3:ae:dc:50:
    6c:2e:3a:fd:8b:cb:63:64:fb:ec:24:ea:db:01:2a:
    42:7b:e0:45:90:18:8c:00:6e:c9:17:16:47:da:93:
    ce:09:48:67:94:a8:9a:1a:f6:e9:49:47:c2:ca:a7:
    d1:1b:cf:da:b5:7a:73:b5:d2:64:fa:09:b6:0c:b0:
    9f:5a:4f:28:3c:a6:e6:d9:42:f5:bc:b8:c2:bd:63:
    2d:19:df:e8:cc:f4:90:65:2f:4f:c6:21:6d:fb:16:
    a9:9f:04:f5:ce:40:65:40:24:64:b1:67:4d:61:0b:
    63:44:a3:5a:af:8a:81:39:40:05:81:68:28:c8:a2:
    58:f5
Exponent: 65537 (0x10001)

Open in new window

btanExec ConsultantCommented:
yes in a way - The RSA private key format includes all the public elements. When you get the private key you really have both the private and public key. The public key needs to be derived from the private key. Unless you already have it in pem format...which it must be shared from the owner of the key pair ..

Like an example below is to get the pub key from the private key

Generate a 2048 bit RSA Key
- openssl genrsa -des3 -out private.pem 2048

Export the RSA Public Key to a File
- openssl rsa -in private.pem -outform PEM -pubout -out public.pem
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.