| Representation | Bytes for Reference Key |
|---|---|
| SubjectPublicKeyInfo (ASN.1) | 294 |
| RSAPublicKey (ASN.1) | 270 |
| COSE Key | 268 |
| ssh-rsa (SSH Public Key) | 279 |
| ssh-rsa without prefix string | 268 |
| ssh-rsa without prefix string or modulus length | 264 |
| 4-byte exponent length | 263 |
| 1-byte exponent length | 260 |
Example 1 from multicodec#233 (comment).
Modulus is an integer represented by 2048 bits. Exponent is integer 65537.
Reference: RFC 7518: JSON Web Algorithms (JWA): 6.3.1. Parameters for RSA Public Keys
{
"kty": "RSA",
"n": "sbX82NTV6IylxCh7MfV4hlyvaniCajuP97GyOqSvTmoEdBOflFvZ06kR_9D6ctt45Fk6hskfnag2GG69NALVH2o4RCR6tQiLRpKcMRtDYE_thEmfBvDzm_VVkOIYfxu-Ipuo9J_S5XDNDjczx2v-3oDh5-CIHkU46hvFeCvpUS-L8TJSbgX0kjVk_m4eIb9wh63rtmD6Uz_KBtCo5mmR4TEtcLZKYdqMp3wCjN-TlgHiz_4oVXWbHUefCEe8rFnX1iQnpDHU49_SaXQoud1jCaexFn25n-Aa8f8bc5Vm-5SeRwidHa6ErvEhTvf1dz6GoNPp2iRvm-wJ1gxwWJEYPQ",
"e": "AQAB"
}
b1b5fcd8d4d5e88ca5c4287b31f578865caf6a78826a3b8ff7b1b23aa4af 4e6a0474139f945bd9d3a911ffd0fa72db78e4593a86c91f9da836186ebd 3402d51f6a3844247ab5088b46929c311b43604fed84499f06f0f39bf555 90e2187f1bbe229ba8f49fd2e570cd0e3733c76bfede80e1e7e0881e4538 ea1bc5782be9512f8bf132526e05f4923564fe6e1e21bf7087adebb660fa 533fca06d0a8e66991e1312d70b64a61da8ca77c028cdf939601e2cffe28 55759b1d479f0847bcac59d7d62427a431d4e3dfd2697428b9dd6309a7b1 167db99fe01af1ff1b739566fb949e47089d1dae84aef1214ef7f5773e86 a0d3e9da246f9bec09d60c705891183d
Reference: RFC 5280: PKIX Certificate and CRL Profile: 4.1. Basic Certificate Fields [Page 17].
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
This format is not RSA-specific but is often used to wrap a RSAPublicKey ASN.1 data structure (in the subjectPublicKey field).
A RSAPublicKey/DER key can be converted to SubjectPublicKeyInfo/DER using the OpenSSL CLI:
openssl rsa -RSAPublicKey_in -inform DER -in rsapk.der -outform DER -out spki.der
294 bytes
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbX82NTV6IylxCh7MfV4hlyvaniCajuP 97GyOqSvTmoEdBOflFvZ06kR/9D6ctt45Fk6hskfnag2GG69NALVH2o4RCR6tQiLRpKcMRtDYE/t hEmfBvDzm/VVkOIYfxu+Ipuo9J/S5XDNDjczx2v+3oDh5+CIHkU46hvFeCvpUS+L8TJSbgX0kjVk /m4eIb9wh63rtmD6Uz/KBtCo5mmR4TEtcLZKYdqMp3wCjN+TlgHiz/4oVXWbHUefCEe8rFnX1iQn pDHU49/SaXQoud1jCaexFn25n+Aa8f8bc5Vm+5SeRwidHa6ErvEhTvf1dz6GoNPp2iRvm+wJ1gxw WJEYPQIDAQAB
Using dumpasn1:
0 290: SEQUENCE {
4 13: SEQUENCE {
6 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
17 0: NULL
: }
19 271: BIT STRING, encapsulates {
24 266: SEQUENCE {
28 257: INTEGER
: 00 B1 B5 FC D8 D4 D5 E8 8C A5 C4 28 7B 31 F5 78
: 86 5C AF 6A 78 82 6A 3B 8F F7 B1 B2 3A A4 AF 4E
: 6A 04 74 13 9F 94 5B D9 D3 A9 11 FF D0 FA 72 DB
: 78 E4 59 3A 86 C9 1F 9D A8 36 18 6E BD 34 02 D5
: 1F 6A 38 44 24 7A B5 08 8B 46 92 9C 31 1B 43 60
: 4F ED 84 49 9F 06 F0 F3 9B F5 55 90 E2 18 7F 1B
: BE 22 9B A8 F4 9F D2 E5 70 CD 0E 37 33 C7 6B FE
: DE 80 E1 E7 E0 88 1E 45 38 EA 1B C5 78 2B E9 51
: [ Another 129 bytes skipped ]
289 3: INTEGER 65537
: }
: }
: }
Reference: RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2: A.1.1. RSA Public Key Syntax.
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
ASN.1 is specified in ITU-T X.680.
See also SubjectPublicKeyInfo which can be used to wrap this type.
270 bytes
MIIBCgKCAQEAsbX82NTV6IylxCh7MfV4hlyvaniCajuP97GyOqSvTmoEdBOflFvZ06kR/9D6ctt4 5Fk6hskfnag2GG69NALVH2o4RCR6tQiLRpKcMRtDYE/thEmfBvDzm/VVkOIYfxu+Ipuo9J/S5XDN Djczx2v+3oDh5+CIHkU46hvFeCvpUS+L8TJSbgX0kjVk/m4eIb9wh63rtmD6Uz/KBtCo5mmR4TEt cLZKYdqMp3wCjN+TlgHiz/4oVXWbHUefCEe8rFnX1iQnpDHU49/SaXQoud1jCaexFn25n+Aa8f8b c5Vm+5SeRwidHa6ErvEhTvf1dz6GoNPp2iRvm+wJ1gxwWJEYPQIDAQAB
Using dumpasn1:
0 266: SEQUENCE {
4 257: INTEGER
: 00 B1 B5 FC D8 D4 D5 E8 8C A5 C4 28 7B 31 F5 78
: 86 5C AF 6A 78 82 6A 3B 8F F7 B1 B2 3A A4 AF 4E
: 6A 04 74 13 9F 94 5B D9 D3 A9 11 FF D0 FA 72 DB
: 78 E4 59 3A 86 C9 1F 9D A8 36 18 6E BD 34 02 D5
: 1F 6A 38 44 24 7A B5 08 8B 46 92 9C 31 1B 43 60
: 4F ED 84 49 9F 06 F0 F3 9B F5 55 90 E2 18 7F 1B
: BE 22 9B A8 F4 9F D2 E5 70 CD 0E 37 33 C7 6B FE
: DE 80 E1 E7 E0 88 1E 45 38 EA 1B C5 78 2B E9 51
: 2F 8B F1 32 52 6E 05 F4 92 35 64 FE 6E 1E 21 BF
: 70 87 AD EB B6 60 FA 53 3F CA 06 D0 A8 E6 69 91
: E1 31 2D 70 B6 4A 61 DA 8C A7 7C 02 8C DF 93 96
: 01 E2 CF FE 28 55 75 9B 1D 47 9F 08 47 BC AC 59
: D7 D6 24 27 A4 31 D4 E3 DF D2 69 74 28 B9 DD 63
: 09 A7 B1 16 7D B9 9F E0 1A F1 FF 1B 73 95 66 FB
: 94 9E 47 08 9D 1D AE 84 AE F1 21 4E F7 F5 77 3E
: 86 A0 D3 E9 DA 24 6F 9B EC 09 D6 0C 70 58 91 18
: 3D
265 3: INTEGER 65537
: }
268 bytes
a3010320590100b1b5fcd8d4d5e88ca5c4287b31f578865caf6a78826a3b 8ff7b1b23aa4af4e6a0474139f945bd9d3a911ffd0fa72db78e4593a86c9 1f9da836186ebd3402d51f6a3844247ab5088b46929c311b43604fed8449 9f06f0f39bf55590e2187f1bbe229ba8f49fd2e570cd0e3733c76bfede80 e1e7e0881e4538ea1bc5782be9512f8bf132526e05f4923564fe6e1e21bf 7087adebb660fa533fca06d0a8e66991e1312d70b64a61da8ca77c028cdf 939601e2cffe2855759b1d479f0847bcac59d7d62427a431d4e3dfd26974 28b9dd6309a7b1167db99fe01af1ff1b739566fb949e47089d1dae84aef1 214ef7f5773e86a0d3e9da246f9bec09d60c705891183d2143010001
Using python-cwt:
{1: 3, -1: b'\xb1\xb5\xfc\xd8\xd4\xd5\xe8\x8c\xa5\xc4({1\xf5x\x86\\\xafjx\x82j;\x8f\xf7\xb1\xb2:\xa4\xafNj\x04t\x13\x9f\x94[\xd9\xd3\xa9\x11\xff\xd0\xfar\xdbx\xe4Y:\x86\xc9\x1f\x9d\xa86\x18n\xbd4\x02\xd5\x1fj8D$z\xb5\x08\x8bF\x92\x9c1\x1bC`O\xed\x84I\x9f\x06\xf0\xf3\x9b\xf5U\x90\xe2\x18\x7f\x1b\xbe"\x9b\xa8\xf4\x9f\xd2\xe5p\xcd\x0e73\xc7k\xfe\xde\x80\xe1\xe7\xe0\x88\x1eE8\xea\x1b\xc5x+\xe9Q/\x8b\xf12Rn\x05\xf4\x925d\xfen\x1e!\xbfp\x87\xad\xeb\xb6`\xfaS?\xca\x06\xd0\xa8\xe6i\x91\xe11-p\xb6Ja\xda\x8c\xa7|\x02\x8c\xdf\x93\x96\x01\xe2\xcf\xfe(Uu\x9b\x1dG\x9f\x08G\xbc\xacY\xd7\xd6$\'\xa41\xd4\xe3\xdf\xd2it(\xb9\xddc\t\xa7\xb1\x16}\xb9\x9f\xe0\x1a\xf1\xff\x1bs\x95f\xfb\x94\x9eG\x08\x9d\x1d\xae\x84\xae\xf1!N\xf7\xf5w>\x86\xa0\xd3\xe9\xda$o\x9b\xec\t\xd6\x0cpX\x91\x18=', -2: b'\x01\x00\x01'}
Note: RFC 7049: Concise Binary Object Representation (CBOR): 3.9. Canonical CBOR needed?
Reference: RFC 4253: SSH Transport Layer Protocol: 6.6. Public Key Algorithms [Page 14]
The "ssh-rsa" key format has the following specific encoding: string "ssh-rsa" mpint e mpint n
string and mpint are defined in
RFC 4251:
SSH Protocol Architecture: 5. Data Type Representations Used in the SSH Protocols
as containing a length prefix as a 4-byte unsigned integer in network byte order.
Signed integer data follows for mpint.
SSH public key format is used in the SSH protocols, including SSH Agent protocol, and in file formats (public key files, authorized keys files).
279 bytes
AAAAB3NzaC1yc2EAAAADAQABAAABAQCxtfzY1NXojKXEKHsx9XiGXK9qeIJqO4/3sbI6pK9OagR0 E5+UW9nTqRH/0Ppy23jkWTqGyR+dqDYYbr00AtUfajhEJHq1CItGkpwxG0NgT+2ESZ8G8POb9VWQ 4hh/G74im6j0n9LlcM0ONzPHa/7egOHn4IgeRTjqG8V4K+lRL4vxMlJuBfSSNWT+bh4hv3CHreu2 YPpTP8oG0KjmaZHhMS1wtkph2oynfAKM35OWAeLP/ihVdZsdR58IR7ysWdfWJCekMdTj39JpdCi5 3WMJp7EWfbmf4Brx/xtzlWb7lJ5HCJ0droSu8SFO9/V3Poag0+naJG+b7AnWDHBYkRg9
00000007 (4 bytes) length of "ssh-rsa" 7373682d727361 (7 bytes) "ssh-rsa" (ASCII) 00000003 (4 bytes) length of e 010001 (3 bytes) e 00000101 (4 bytes) length of n 00b1b5fcd8d4d5e88ca5c4287b31f578865caf6a78826a3b8ff7b1b23aa4 af4e6a0474139f945bd9d3a911ffd0fa72db78e4593a86c91f9da836186e bd3402d51f6a3844247ab5088b46929c311b43604fed84499f06f0f39bf5 5590e2187f1bbe229ba8f49fd2e570cd0e3733c76bfede80e1e7e0881e45 38ea1bc5782be9512f8bf132526e05f4923564fe6e1e21bf7087adebb660 fa533fca06d0a8e66991e1312d70b64a61da8ca77c028cdf939601e2cffe 2855759b1d479f0847bcac59d7d62427a431d4e3dfd2697428b9dd6309a7 b1167db99fe01af1ff1b739566fb949e47089d1dae84aef1214ef7f5773e 86a0d3e9da246f9bec09d60c705891183d (257 bytes) n
Like the "ssh-rsa" key format, but without the static "ssh-key" string prefix.
mpint e mpint n
268 bytes
AAAAAwEAAQAAAQEAsbX82NTV6IylxCh7MfV4hlyvaniCajuP97GyOqSvTmoEdBOflFvZ06kR/9D6 ctt45Fk6hskfnag2GG69NALVH2o4RCR6tQiLRpKcMRtDYE/thEmfBvDzm/VVkOIYfxu+Ipuo9J/S 5XDNDjczx2v+3oDh5+CIHkU46hvFeCvpUS+L8TJSbgX0kjVk/m4eIb9wh63rtmD6Uz/KBtCo5mmR 4TEtcLZKYdqMp3wCjN+TlgHiz/4oVXWbHUefCEe8rFnX1iQnpDHU49/SaXQoud1jCaexFn25n+Aa 8f8bc5Vm+5SeRwidHa6ErvEhTvf1dz6GoNPp2iRvm+wJ1gxwWJEYPQ==
Like ssh-rsa without prefix string, but also remove the length prefix for "n". The length of "n" is implicit as the amount of bytes remaining in the buffer. So the format consists of:
264 bytes
AAAAAwEAAQCxtfzY1NXojKXEKHsx9XiGXK9qeIJqO4/3sbI6pK9OagR0E5+UW9nTqRH/0Ppy23jk WTqGyR+dqDYYbr00AtUfajhEJHq1CItGkpwxG0NgT+2ESZ8G8POb9VWQ4hh/G74im6j0n9LlcM0O NzPHa/7egOHn4IgeRTjqG8V4K+lRL4vxMlJuBfSSNWT+bh4hv3CHreu2YPpTP8oG0KjmaZHhMS1w tkph2oynfAKM35OWAeLP/ihVdZsdR58IR7ysWdfWJCekMdTj39JpdCi53WMJp7EWfbmf4Brx/xtz lWb7lJ5HCJ0droSu8SFO9/V3Poag0+naJG+b7AnWDHBYkRg9
Like ssh-rsa without prefix string or modulus length, but integers are unsigned and so do not have any leading zeros, saving up to 2 bytes.
263 bytes
AAAAAwEAAbG1/NjU1eiMpcQoezH1eIZcr2p4gmo7j/exsjqkr05qBHQTn5Rb2dOpEf/Q+nLbeORZ OobJH52oNhhuvTQC1R9qOEQkerUIi0aSnDEbQ2BP7YRJnwbw85v1VZDiGH8bviKbqPSf0uVwzQ43 M8dr/t6A4efgiB5FOOobxXgr6VEvi/EyUm4F9JI1ZP5uHiG/cIet67Zg+lM/ygbQqOZpkeExLXC2 SmHajKd8Aozfk5YB4s/+KFV1mx1HnwhHvKxZ19YkJ6Qx1OPf0ml0KLndYwmnsRZ9uZ/gGvH/G3OV ZvuUnkcInR2uhK7xIU739Xc+hqDT6dokb5vsCdYMcFiRGD0=
Like 4-byte exponent length, but one byte instead of four for the length the public exponent.
This was proposed in multicodec#235.
This representation can only encode exponents whose size can be represented in a one-byte integer, i.e. whose length is a less than 256 bytes. This is not a problem if we are following NIST Digital Signature Standard (DSS) (FIPS 186-4), as that constrains the exponent as 216 < e < 2256 (B.3.1 Criteria for IFC Key Pairs - Page 52), effecting a maximum length (exclusive) of 256 bits; that can be represented with 32 bytes. So one byte is more than enough to represent the exponent length: the length will range from 3 to 32. The two high bits will be always zero so could even be repurposed if we wanted to do that.
260 bytes
AwEAAbG1/NjU1eiMpcQoezH1eIZcr2p4gmo7j/exsjqkr05qBHQTn5Rb2dOpEf/Q+nLbeORZOobJ H52oNhhuvTQC1R9qOEQkerUIi0aSnDEbQ2BP7YRJnwbw85v1VZDiGH8bviKbqPSf0uVwzQ43M8dr /t6A4efgiB5FOOobxXgr6VEvi/EyUm4F9JI1ZP5uHiG/cIet67Zg+lM/ygbQqOZpkeExLXC2SmHa jKd8Aozfk5YB4s/+KFV1mx1HnwhHvKxZ19YkJ6Qx1OPf0ml0KLndYwmnsRZ9uZ/gGvH/G3OVZvuU nkcInR2uhK7xIU739Xc+hqDT6dokb5vsCdYMcFiRGD0=
03 (1 byte) length of exponent 010001 (3 bytes) exponent b1b5fcd8d4d5e88ca5c4287b31f578865caf6a78826a3b8ff7b1 b23aa4af4e6a0474139f945bd9d3a911ffd0fa72db78e4593a86c91f9da8 36186ebd3402d51f6a3844247ab5088b46929c311b43604fed84499f06f0 f39bf55590e2187f1bbe229ba8f49fd2e570cd0e3733c76bfede80e1e7e0 881e4538ea1bc5782be9512f8bf132526e05f4923564fe6e1e21bf7087ad ebb660fa533fca06d0a8e66991e1312d70b64a61da8ca77c028cdf939601 e2cffe2855759b1d479f0847bcac59d7d62427a431d4e3dfd2697428b9dd 6309a7b1167db99fe01af1ff1b739566fb949e47089d1dae84aef1214ef7 f5773e86a0d3e9da246f9bec09d60c705891183d (256 bytes) n
Latest version: https://celehner.com/2021/11/rsapk/
This version: https://celehner.com/2021/11/rsapk/19.html (November 19, 2021, 4:16pm EST)
Previous version: https://celehner.com/2021/11/rsapk/16-11.html (November 16, 2021, 11:51am EST)
Author: Charles E. Lehner (Spruce Systems, Inc.)