19

I generated a private and a public key using OpenSSL with the following commands:

openssl genrsa -out private_key.pem 512
openssl rsa -in private_key.pem -pubout -out public_key.pem

I then tried to load them with a python script using Python-RSA:

import os
import rsa

with open('private_key.pem') as privatefile:
    keydata = privatefile.read()
privkey = rsa.PrivateKey.load_pkcs1(keydata,'PEM')

with open('public_key.pem') as publicfile:
    pkeydata = publicfile.read()

pubkey = rsa.PublicKey.load_pkcs1(pkeydata)

random_text = os.urandom(8)

#Generate signature
signature = rsa.sign(random_text, privkey, 'MD5')
print signature

#Verify token
try:
    rsa.verify(random_text, signature, pubkey)
except:
    print "Verification failed"

My python script fails when it tries to load the public key:

ValueError: No PEM start marker "-----BEGIN RSA PUBLIC KEY-----" found
Improve this question
2
  • 1
    I think the problem is the format of the public key. If you look closely, the header on the openssl generated public key is, "-----BEGIN PUBLIC KEY-----". The format is X509 SubjectPublicKeyInfo. The method you are using is looking for PKCS1 format with a header of "-----BEGIN RSA PUBLIC KEY-----". Commented Jun 19, 2013 at 21:04
  • Would you tell us how to convert X509 to PKCS1 foramt? Commented Aug 22, 2013 at 6:42

5 Answers 5

Reset to default
15

If on Python3, You also need to open the key in binary mode, e.g:

with open('private_key.pem', 'rb') as privatefile:
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Damm! The saviour :P
9

Python-RSA uses the PEM RSAPublicKey format and the PEM RSAPublicKey format uses the header and footer lines: openssl NOTES

-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----

Output the public part of a private key in RSAPublicKey format: openssl EXAMPLES

 openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
Improve this answer

1 Comment

Brilliant, thank you - hadn't spotted the difference until I saw this and had been going round the houses
7

To load an OpenSSL generated public key file with python-rsa library, try

with open('public_key.pub', mode='rb') as public_file:
    key_data = public_file.read()
    public_key = rsa.PublicKey.load_pkcs1_openssl_pem(key_data)
Improve this answer

Comments

3 
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend


def load_keys(public_key_path, private_key_path):
    with open(public_key_path, "rb") as f:
        public = serialization.load_pem_public_key(
            f.read(), backend=default_backend()
        )
    with open(private_key_path, "rb") as f:
        private = serialization.load_pem_private_key(
            f.read(), None, backend=default_backend()
        )
    return private, public
Improve this answer

Comments

1

You can generate private key by ssh-keygen:

ssh-keygen -t rsa

and generate public key like this:

ssh-keygen -e -m pem -f xxx > pubkey.pem

http://blog.oddbit.com/2011/05/08/converting-openssh-public-keys/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.