Getting public key from DNSKEY RR public key field using Python

Question

I am trying to parse and validate DNSSEC responses without using any DNS specific libraries. I am able to get the hexstring representation of a RSA key from the public key field value present in the DNSKEY RRs. According to RFC 8017, the RSA public key is represented with the ASN.1 type RSAPublicKey format which has a modulus and exponent. However, it doesn't specify anything more.

The hexstring(same as in Wireshark) is

"03010001ac1f62b7f85d62c550211fd70ddbbca7326cde13dca235f26f76a5dd5872db601d775ecd189955ed96e749fd8e8e6af3e133e8a8eb8b8afc25730c6318f949de9436fde6ea280b5ccbc09a43ee357617905690fdc09cda06bc5ad3bcd1bc4e43de9a4769ff83453e96a74642b23daabae00398539cfca56b04c200776c4841724cb09674b519eb7e3506a3e08e4f96b5a733425a1c55eecb1613552c022b246b27141652d907cdbc6e30b5f3341a1ba5dfbb503edddbd01e85f1c4206642cfb312e14f2772fe8b66143ba847382e95fb86ba215342ae9cca803655bccadef1123e06f3cf1626840e11200b1acda118c50805c6eacfd271d930b93f2e332d9521"

I saw other similar posts and tried to follow the solutions. Most of the solutions try to get it from a pem file or binary data or base64 encoded form. When I try to convert the hex to those forms and use the solution, I get errors like 'RSA key format not supported' etc..

Is there anyway I can get the public key from the hex? I would really appreciate any inputs! Thanks!

Answer 1

I finally managed to find the solution.

According to RFC 3110 section 2, we can split the given value into exponent length, exponent and modulus. I split them as specified and converted the hexadecimal to integer. The text from RFC is below

The structure of the algorithm specific portion
   of the RDATA part of such RRs is as shown below.

         Field             Size
         -----             ----
         exponent length   1 or 3 octets (see text)
         exponent          as specified by length field
         modulus           remaining space

   For interoperability, the exponent and modulus are each limited to
   4096 bits in length.  The public key exponent is a variable length
   unsigned integer.  Its length in octets is represented as one octet
   if it is in the range of 1 to 255 and by a zero octet followed by a
   two octet unsigned length if it is longer than 255 bytes.  The public
   key modulus field is a multiprecision unsigned integer.  The length
   of the modulus can be determined from the RDLENGTH and the preceding
   RDATA fields including the exponent.