Converting .PUB certificate to .PEM

Is there any tool to convert .PUB public key as attached to .PEM or .der or any Open ssl format. and also a command to convert would be much appreciated.

Regards
Kalyan.
kalyangkmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
Not seeing an attachment, but please note the following;

Normally, a pub file is a bare public key, which is half of the RSA public keypair system (one key is used for encryption, one for decryption; the other half is usually a dot-key file containing the secret key, which is the decryption and signature creation key)

a cer file (regardless of format, although pem is customary) contains a "certificate". A certificate (and normally this is to the x509 standard) is a composite containing the public key (so, the pub file contents), some identity data (for both certificate owner and certificate issuer) and a digital signature (created by the issuer using their own secret key) that proves that the identity data has not changed since the cert was issued (there is also some usage timeframe data and so forth but that's commercial; certs pretty much have a validity range so that they can sell you another once that expires)

So, with that in mind, it is usually easy to get from a cer to a pub (just as you can easily take a single pencil from a set of coloured pencils) but near impossible to get from just a pub to the original cer (again, you can't get easily from one pencil to an entire set)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
this tool can be handy which also include the openssl conversion in the article.
SSL Converter to convert SSL certificates to and from different formats such as pem, der, p7b, and pfx. Different platforms and devices require SSL certificates to be converted to different formats. For example, a Windows server exports and imports .pfx files while an Apache server uses individual PEM (.crt, .cer) files.
https://www.sslshopper.com/ssl-converter.html

Most will use pem instead of pub hence use of openssl such as below can be considered before starting off to various conversion needs e.g
openssl genrsa -out temp.pem 1024
openssl rsa -in temp.pem -pubout -out temp.pub
0
Dave HoweSoftware and Hardware EngineerCommented:
@btan can't think of anything that would take a pub if a cer is required....
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

btanExec ConsultantCommented:
I see .pub as the public key so that can be extracted from cert into pem or already generated separately. Just seeing it in a simpler context if all we want is the public key to be in various format.

With Base64 encoding content of public key
"-----BEGIN CERTIFICATE-----"
...
"-----END CERTIFICATE-----"
or
"-----BEGIN X509 CERTIFICATE----"
...
"-----END X509 CERTIFICATE----".
or
In RFC represented in ASN as
 SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING  }
0
Dave HoweSoftware and Hardware EngineerCommented:
that is true, but normally the pub will already be in pem format - but won't be a cert in pem format, just the public key.
For example:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY7xbEcR4UlBVMWifsgl
10y6P9rCXfwcikYe0keRHH+yaSI8mPwfvZR+KQQr+9qliQKVZw3Xduj357MPJO7c
sFMCbM+UCNRUpvEy+vrRJpc7PlVr+WOMhjK/eu9EZal4ceiBEIuqgt4o5eJFTD4A
oeo8XHc+P/brAclYLEJp0YQp1sOu3FBsLjr9i8tjZPvsJOrbASpCe+BFkBiMAG7J
FxZH2pPOCUhnlKiaGvbpSUfCyqfRG8/atXpztdJk+gm2DLCfWk8oPKbm2UL1vLjC
vWMtGd/ozPSQZS9PxiFt+xapnwT1zkBlQCRksWdNYQtjRKNar4qBOUAFgWgoyKJY
9QIDAQAB
-----END PUBLIC KEY-----

Open in new window

Is the public key for experts-exchange
0
btanExec ConsultantCommented:
Agree Dave indeed. Better to work off using  pem in those format..into .der or others as shared in https://www.sslshopper.com/article-most-common-openssl-commands.html
0
kalyangkmAuthor Commented:
Dave/btan,

Nice discussion. So looks like we cant extract anything useful from just the .PUB unless we have a RSA public key pair?
0
Dave HoweSoftware and Hardware EngineerCommented:
More that there isn't anything useful extractable from a PUB file, as it is just the public key, itself extractable from either the keypair or the certificate; the PUB is a single element of a larger collection, and contains just whatever numbers make up a key of that type (for RSA that would be exponent and modulus; for DSA or EC they would be values appropriate to those types, of course).

to give a (further) example, for the public key above (https://www.experts-exchange.com/) the openssl rsa tool extracts:
Public-Key: (2048 bit)
Modulus:
    00:a9:8e:f1:6c:47:11:e1:49:41:54:c5:a2:7e:c8:
    25:d7:4c:ba:3f:da:c2:5d:fc:1c:8a:46:1e:d2:47:
    91:1c:7f:b2:69:22:3c:98:fc:1f:bd:94:7e:29:04:
    2b:fb:da:a5:89:02:95:67:0d:d7:76:e8:f7:e7:b3:
    0f:24:ee:dc:b0:53:02:6c:cf:94:08:d4:54:a6:f1:
    32:fa:fa:d1:26:97:3b:3e:55:6b:f9:63:8c:86:32:
    bf:7a:ef:44:65:a9:78:71:e8:81:10:8b:aa:82:de:
    28:e5:e2:45:4c:3e:00:a1:ea:3c:5c:77:3e:3f:f6:
    eb:01:c9:58:2c:42:69:d1:84:29:d6:c3:ae:dc:50:
    6c:2e:3a:fd:8b:cb:63:64:fb:ec:24:ea:db:01:2a:
    42:7b:e0:45:90:18:8c:00:6e:c9:17:16:47:da:93:
    ce:09:48:67:94:a8:9a:1a:f6:e9:49:47:c2:ca:a7:
    d1:1b:cf:da:b5:7a:73:b5:d2:64:fa:09:b6:0c:b0:
    9f:5a:4f:28:3c:a6:e6:d9:42:f5:bc:b8:c2:bd:63:
    2d:19:df:e8:cc:f4:90:65:2f:4f:c6:21:6d:fb:16:
    a9:9f:04:f5:ce:40:65:40:24:64:b1:67:4d:61:0b:
    63:44:a3:5a:af:8a:81:39:40:05:81:68:28:c8:a2:
    58:f5
Exponent: 65537 (0x10001)

Open in new window

0
btanExec ConsultantCommented:
yes in a way - The RSA private key format includes all the public elements. When you get the private key you really have both the private and public key. The public key needs to be derived from the private key. Unless you already have it in pem format...which it must be shared from the owner of the key pair ..

Like an example below is to get the pub key from the private key

Generate a 2048 bit RSA Key
- openssl genrsa -des3 -out private.pem 2048

Export the RSA Public Key to a File
- openssl rsa -in private.pem -outform PEM -pubout -out public.pem
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.