SubjectPublicKeyInfo class

The "Subject Public Key Info" is defined by ASN.1 as a part of X.509. It consists of an algorithm (identified by an OID with optional parameters) and a bit string.

This is one of the formats that can be used by OpenSSH to store public keys. It is text encoded with the label of "PUBLIC KEY" (i.e. the pre encapsulation boundary is "-----BEGIN PUBLIC KEY-----"). OpenSSH incorrectly and confusingly refers to this format as "PKCS#8". Real PKCS #8 is a format for private keys, not public keys, and does not specify this format. To avoid further confusion, this format will be referred to as the Subject Public Key Info format, or SPKI for short.

This format is used in conjunction with the RFC 7468 textual encoding (sometimes imprecisely referred to as "PEM").

Format

This binary format is defined in RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile by this ASN.1 type:

SubjectPublicKeyInfo  ::=  SEQUENCE  {
    algorithm            AlgorithmIdentifier,
    subjectPublicKey     BIT STRING  }

The AlgorithmIdentifier is defined in RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile by this ASN.1 type:

AlgorithmIdentifier  ::=  SEQUENCE  {
    algorithm               OBJECT IDENTIFIER,
    parameters              ANY DEFINED BY algorithm OPTIONAL  }

The bit string contents of the subjectPublicKey depend on the algorithm used, and are defined in RFC 3279 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.

Note: this class decodes from, and encodes to, binary data. That binary data is usually decoded from text, or encoded to text, using RFC 7468 Textual Encoding, which is implemented by TextualEncoding.