How to export public key from Certificate Signing Request?
I wrote Android code to generate an RSA key pair and a certificate signing request.
Here is my CSR content:
-----BEGIN CERTIFICATE REQUEST-----
MIIBojCCAQ0CAQAwQjEVMBMGA1UEAwwMdGhhbmhsYW0uY29tMQwwCgYDVQQKDANC
S1UxGzAZBgNVBAsMElRlbGVjb20gRGVwYXJ0bWVudDCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEA0beMquCjIe3ILA8RpTTW/Xb+jXOz7g+xQJtBPL+fih8sB/d6
9u93nGGg+Dra1HS6bm2gns0J/Zm9A/AJgB3zAW5hpX0bgL2BJ/dcnjPMh3/peNWs
elu0sMOqYARFxCbKc3YPC04ZKp6RKgar5AhZAoOKuQLZtmb4EquxoM7CTqECAwEA
AaAiMCAGCSqGSIb3DQEJDjETMBEwDwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG9w0B
AQsDgYEAMvdLO8e7llE+IG4smDtz8A9edTqbbglUMPMASVTEn1F7A1lu1u79depE
rNZtk983qflG7I57cvKS65O0G+Qo0xmvRNLFVw6iETwR16uPx3ffisDBPWJBIySI
Slh1mPRLgky1+EQezWzG5I7Nozo1DDk2skjbB4v7acFBcRoSl6Y=
-----END CERTIFICATE REQUEST-----
I found a tool that can decode my CSR file:
How can I use OpenSSL to export the pubic key from this CSR file to publickey.pem
?
Solution 1:
To output only the public key to a local file named publickey.pem
:openssl req -in csr.txt -noout -pubkey -out publickey.pem
You can view the (PEM-encoded) key on the terminal without putting it in a file by dropping the last argument:openssl req -in csr.txt -noout -pubkey
Note: the -noout
option is required, as by default the entire CSR will be placed in the output file, while your question asks for the public key only.
Bonus points: To look inside the BASE64-encoded PEM output and see the actual public key in hex format, pipe it to the pkey
function of openssl:openssl req -in csr.txt -noout -pubkey | openssl pkey -pubin -noout -text
Solution 2:
openssl req -in file.csr -pubkey -out pubkey.pem