Where is the public key extracted from? From the CSR or from the Private Key to using QR?
Dear @aymenpro71,
Thank you for reaching out.
Please find below the public key extraction methods:
openSSL: “ openssl ec -in PrivateKey.pem -pubout -conv_form compressed -out PublicKey.pem”
Decoding X509 Certificate: if the TP has decoded their X.509 Certificate, they can find the public key.
Best regards,
Lina
I’m still struggling to find the correct steps to do so in order to generate both tag 8 and 9. So far, I’ve found this tool which might help but unfortunately it returns the public key in hex format. CSR Decoder and Certificate Decoder
I used the so called X509 Certificate. As a an easy reference let’s use the certificate available in the SDK by default which is:
MIID3jCCA4SgAwIBAgITEQAAOAPF90Ajs/xcXwABAAA4AzAKBggqhkjOPQQDAjBiMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNnb3YxFzAVBgoJkiaJk/IsZAEZFgdleHRnYXp0MRswGQYDVQQDExJQUlpFSU5WT0lDRVNDQTQtQ0EwHhcNMjQwMTExMDkxOTMwWhcNMjkwMTA5MDkxOTMwWjB1MQswCQYDVQQGEwJTQTEmMCQGA1UEChMdTWF4aW11bSBTcGVlZCBUZWNoIFN1cHBseSBMVEQxFjAUBgNVBAsTDVJpeWFkaCBCcmFuY2gxJjAkBgNVBAMTHVRTVC04ODY0MzExNDUtMzk5OTk5OTk5OTAwMDAzMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPpx2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeKOCAgcwggIDMIGtBgNVHREEgaUwgaKkgZ8wgZwxOzA5BgNVBAQMMjEtVFNUfDItVFNUfDMtZWQyMmYxZDgtZTZhMi0xMTE4LTliNTgtZDlhOGYxMWU0NDVmMR8wHQYKCZImiZPyLGQBAQwPMzk5OTk5OTk5OTAwMDAzMQ0wCwYDVQQMDAQxMTAwMREwDwYDVQQaDAhSUlJEMjkyOTEaMBgGA1UEDwwRU3VwcGx5IGFjdGl2aXRpZXMwHQYDVR0OBBYEFEX+YvmmtnYoDf9BGbKo7ocTKYK1MB8GA1UdIwQYMBaAFJvKqqLtmqwskIFzVvpP2PxT+9NnMHsGCCsGAQUFBwEBBG8wbTBrBggrBgEFBQcwAoZfaHR0cDovL2FpYTQuemF0Y2EuZ292LnNhL0NlcnRFbnJvbGwvUFJaRUludm9pY2VTQ0E0LmV4dGdhenQuZ292LmxvY2FsX1BSWkVJTlZPSUNFU0NBNC1DQSgxKS5jcnQwDgYDVR0PAQH/BAQDAgeAMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIGGqB2E0PsShu2dJIfO+xnTwFVmh/qlZYXZhD4CAWQCARIwHQYDVR0lBBYwFAYIKwYBBQUHAwMGCCsGAQUFBwMCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwMwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSAAwRQIhALE/ichmnWXCUKUbca3yci8oqwaLvFdHVjQrveI9uqAbAiA9hC4M8jgMBADPSzmd2uiPJA6gKR3LE03U75eqbC/rXA==
Here is the public key in hex format (after I removed unnecessary colons and spaces): :
04a1608a6b449af45204ad33afd2e0240b5548297c54f673e9c76be57f8ca131e8f2f1cd365c96e50eaeed3f2768f26ab46a138c98da3c8309e2ed7b75293f5478
I don’t really know what to do next. Hopefully, we can help each other since the official guides seem unclear about what to do exactly (at least for me).
from CSR
ex:c#
public static (byte publicKey, byte certificateSignature) TryGetPublicKeySByteArray(string certificate)
{
try
{
Org.BouncyCastle.X509.X509Certificate x509Certificate = DotNetUtilities.FromX509Certificate(new X509Certificate2(Convert.FromBase64String(certificate)));
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(x509Certificate.GetPublicKey());
var publicKey = subjectPublicKeyInfo.GetEncoded();
var certificateSignature = x509Certificate.GetSignature();
return (publicKey, certificateSignature);
}
catch
{
throw new Exception(“[Error] Invalid Certificate”);
}
}
@Busaeed , did you resolve this issue. am also stuck in public key. I have created a function to extract it from the private key that was generated using Zatca sdk . - still getting error " ECDSA Public Key does not match with qr code ECDSA public key"
Sorry for replying late 
ECDSA Public Key is nothing but your Public Key in Base64-encoded DER representation after being decoded.
Let’s make this clear with a practical example:
If you go to this path on your PC you will find 2 files by default:
D:\zatca-einvoicing-sdk-238-R3.3.7\Data\Certificates
ec-secp256k1-priv-key.pem
cert.pem
Since the public key is missing here, we have to generate it. so, I will execute the following command which will generate a public key file from the private key:
openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem
Now, if you open the new generated file you will see this:
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPp
x2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeA==
-----END PUBLIC KEY-----
All you have to do is copy the content to a notepad or any editor and delete the begin, end lines and all line breaks to make a signle-line base64 encoded value like this:
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPpx2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeA==
Then your final step is to decode that value (base64) to get the ECDSA Public Key.
I hope this solve your issue.