-
Bug
-
Resolution: Won't Fix
-
Normal
-
None
-
918641
Public key returned from https://api.minecraftservices.com/player/certificates has "RSA PUBLIC KEY" begin/end tags. This implies, that the DER payload of the key is in PKCS1 format, but it's not. It is in PKIX format.
PKIX keys in PEM format should have "PUBLIC KEY" begin and end tags (not "RSA PUBLIC KEY" tags.
Here is an example of a public key returned from /player/certificates endpoint:
$ cat /tmp/key.pub
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZgT1UhSe34RGGVSds2QJ//wPHsNuv9h
lDM2NjFg1lToHdE6PA7vLJRDdm/bBc4ZW7nmDhMoz26DIQxIto99yulPujcWVmr4Nzo11AknZuz+
nY7bjfzvul0DFITrRLa7NBAnkKEIHKfvSusdvCsHMXu8Z2VoM3l/t3TqjALCsNpjaismS4TtFmOk
NLwpYEBGtJgfqFK6qJMmfLLzwz7YxviAwCaAU2N+m1JgoOVO8b99XhKd2YJuymWbPNN3IBa8KKuP
RxmC76HdnVGknaUEr2Nv55iBEEVA1rbGpikEiC4RrfC83FJb32BFdvtlHqI6X96A2yoeWPEv3QoX
6PWb3wIDAQAB
-----END RSA PUBLIC KEY-----
Parsing the key as PKCS1 key fails:
$ cat /tmp/key.pub | openssl rsa -RSAPublicKey_in -in -
unable to load Public Key
Parsing the key as PKIX key also fails, because of invalid tags:
$ cat /tmp/key.pub | openssl rsa -pubin -in - unable to load Public Key 139743071266112:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: PUBLIC KEY
Fixing the tags and parsing as PKIX works:
$ sed 's/RSA //' /tmp/key.pub | openssl rsa -pubin -in - writing RSA key -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZgT1UhSe34RGGVSds2Q J//wPHsNuv9hlDM2NjFg1lToHdE6PA7vLJRDdm/bBc4ZW7nmDhMoz26DIQxIto99 yulPujcWVmr4Nzo11AknZuz+nY7bjfzvul0DFITrRLa7NBAnkKEIHKfvSusdvCsH MXu8Z2VoM3l/t3TqjALCsNpjaismS4TtFmOkNLwpYEBGtJgfqFK6qJMmfLLzwz7Y xviAwCaAU2N+m1JgoOVO8b99XhKd2YJuymWbPNN3IBa8KKuPRxmC76HdnVGknaUE r2Nv55iBEEVA1rbGpikEiC4RrfC83FJb32BFdvtlHqI6X96A2yoeWPEv3QoX6PWb 3wIDAQAB -----END PUBLIC KEY-----