Good evening everyone!
I had to create a new cert due to
changes to the cryptography landscape. I do this so infrequently I constantly forget, but I'm in the process of writing a
wikiHow article on it. :-)
I've done everything...except figure out a way to generate just my signed public key. I was able to convert my PEM key to a pkcs12 key, but this includes my private key. There must be a way to distribute a public key without e-mailing. I typically like to leave my public key on my website so that people can download it at their leisure instead of waiting on me to send it.
Is there a way to do this?
EDIT::
After hacking through the
openssl pkcs12 manpage, here's what I've got:
Code:
openssl pkcs12 -export -out sohmc.public_cert.p12 -in CA_signed.public_key.pem -clcerts -nokeys -name "Sohmc - Public Key"
openssl asks for an export password, to which you should leave blank since you WANT people to add them. After generation, I verified this by issuing the following command and got the following output:
Code:
$ openssl pkcs12 -info -noout -in sohmc.public_cert.p12
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
My original pkcs12 file that contains both my private and public keys has the following output:
Code:
$ openssl pkcs12 -info -noout -in sohmc.public_private_certs.p12
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Does this look right?
