Where is the public key extracted

aymenpro71 · December 3, 2024, 12:30pm

Where is the public key extracted from? From the CSR or from the Private Key to using QR?

Lina-alrehaili1 · December 4, 2024, 12:58pm

Dear @aymenpro71,

Thank you for reaching out.

Please find below the public key extraction methods:

openSSL: “ openssl ec -in PrivateKey.pem -pubout -conv_form compressed -out PublicKey.pem”

Decoding X509 Certificate: if the TP has decoded their X.509 Certificate, they can find the public key.

Best regards,
Lina

Busaeed · December 8, 2024, 10:24am

I’m still struggling to find the correct steps to do so in order to generate both tag 8 and 9. So far, I’ve found this tool which might help but unfortunately it returns the public key in hex format. CSR Decoder and Certificate Decoder

I used the so called X509 Certificate. As a an easy reference let’s use the certificate available in the SDK by default which is:

MIID3jCCA4SgAwIBAgITEQAAOAPF90Ajs/xcXwABAAA4AzAKBggqhkjOPQQDAjBiMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNnb3YxFzAVBgoJkiaJk/IsZAEZFgdleHRnYXp0MRswGQYDVQQDExJQUlpFSU5WT0lDRVNDQTQtQ0EwHhcNMjQwMTExMDkxOTMwWhcNMjkwMTA5MDkxOTMwWjB1MQswCQYDVQQGEwJTQTEmMCQGA1UEChMdTWF4aW11bSBTcGVlZCBUZWNoIFN1cHBseSBMVEQxFjAUBgNVBAsTDVJpeWFkaCBCcmFuY2gxJjAkBgNVBAMTHVRTVC04ODY0MzExNDUtMzk5OTk5OTk5OTAwMDAzMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPpx2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeKOCAgcwggIDMIGtBgNVHREEgaUwgaKkgZ8wgZwxOzA5BgNVBAQMMjEtVFNUfDItVFNUfDMtZWQyMmYxZDgtZTZhMi0xMTE4LTliNTgtZDlhOGYxMWU0NDVmMR8wHQYKCZImiZPyLGQBAQwPMzk5OTk5OTk5OTAwMDAzMQ0wCwYDVQQMDAQxMTAwMREwDwYDVQQaDAhSUlJEMjkyOTEaMBgGA1UEDwwRU3VwcGx5IGFjdGl2aXRpZXMwHQYDVR0OBBYEFEX+YvmmtnYoDf9BGbKo7ocTKYK1MB8GA1UdIwQYMBaAFJvKqqLtmqwskIFzVvpP2PxT+9NnMHsGCCsGAQUFBwEBBG8wbTBrBggrBgEFBQcwAoZfaHR0cDovL2FpYTQuemF0Y2EuZ292LnNhL0NlcnRFbnJvbGwvUFJaRUludm9pY2VTQ0E0LmV4dGdhenQuZ292LmxvY2FsX1BSWkVJTlZPSUNFU0NBNC1DQSgxKS5jcnQwDgYDVR0PAQH/BAQDAgeAMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIGGqB2E0PsShu2dJIfO+xnTwFVmh/qlZYXZhD4CAWQCARIwHQYDVR0lBBYwFAYIKwYBBQUHAwMGCCsGAQUFBwMCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwMwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSAAwRQIhALE/ichmnWXCUKUbca3yci8oqwaLvFdHVjQrveI9uqAbAiA9hC4M8jgMBADPSzmd2uiPJA6gKR3LE03U75eqbC/rXA==

Here is the public key in hex format (after I removed unnecessary colons and spaces): :

04a1608a6b449af45204ad33afd2e0240b5548297c54f673e9c76be57f8ca131e8f2f1cd365c96e50eaeed3f2768f26ab46a138c98da3c8309e2ed7b75293f5478

I don’t really know what to do next. Hopefully, we can help each other since the official guides seem unclear about what to do exactly (at least for me).

RagabSaleh · December 8, 2024, 10:26am

from CSR
ex:c#
public static (byte publicKey, byte certificateSignature) TryGetPublicKeySByteArray(string certificate)
{
try
{
Org.BouncyCastle.X509.X509Certificate x509Certificate = DotNetUtilities.FromX509Certificate(new X509Certificate2(Convert.FromBase64String(certificate)));
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(x509Certificate.GetPublicKey());
var publicKey = subjectPublicKeyInfo.GetEncoded();
var certificateSignature = x509Certificate.GetSignature();
return (publicKey, certificateSignature);
}
catch
{
throw new Exception(“[Error] Invalid Certificate”);
}
}

James · June 22, 2025, 12:38pm

@Busaeed , did you resolve this issue. am also stuck in public key. I have created a function to extract it from the private key that was generated using Zatca sdk . - still getting error " ECDSA Public Key does not match with qr code ECDSA public key"

Busaeed · July 2, 2025, 12:35pm

Sorry for replying late

ECDSA Public Key is nothing but your Public Key in Base64-encoded DER representation after being decoded.

Let’s make this clear with a practical example:

If you go to this path on your PC you will find 2 files by default:
D:\zatca-einvoicing-sdk-238-R3.3.7\Data\Certificates

ec-secp256k1-priv-key.pem
cert.pem

Since the public key is missing here, we have to generate it. so, I will execute the following command which will generate a public key file from the private key:

openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem
Now, if you open the new generated file you will see this:

-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPp
x2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeA==
-----END PUBLIC KEY-----

All you have to do is copy the content to a notepad or any editor and delete the begin, end lines and all line breaks to make a signle-line base64 encoded value like this:

MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPpx2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeA==

Then your final step is to decode that value (base64) to get the ECDSA Public Key.

I hope this solve your issue.

Topic		Replies	Views
ECDSA Public Key Mismatch Despite Using Correct Private Key and Certificate QR code	7	317	June 15, 2025
Generate Public Key QR code	1	108	September 30, 2024
how to using public key and CERTIFICATE_SIGNATURE QR code	0	61	December 8, 2024
QR validations in simulation platform while generating it QR code	3	290	June 22, 2025
Generate QR Code QR code	3	526	September 27, 2024

Where is the public key extracted

Related topics