Stephen, Hanno, thank you for your comments. Your answers guided us to find a solution (however, it wasn't possible to post the certificate here).
We solved it finally using Microsoft's Crypto API. It was a further hint, that CertUtil can read such RSA-PSS certificates. Instead of using X509_get_pubkey() for these certificates (which was crucial point) we use following solution now: - First using Microsoft's Crypto API (via CAPICOM) to extract the public key. - Then using openssl to parse this ASN1 structure to get the public key's modulus and exponent. - Finally using openssl to create an EVP_PKEY structur from these values. -- Regards, Michael -- View this message in context: http://openssl.6102.n7.nabble.com/Reading-the-public-key-of-a-certificate-created-with-RSA-PSS-tp50021p50173.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
