Extracting data from RSA public key

Question

I'm working on project that involves reading public key data used to sign Android APKs. I am able to successfully extract the signatures as public keys. When I look inside the binary pubkey files produced by this, I see some plain-text such as a name and a city.

How can I safely extract this name/city information embedded inside the public key using PHP (or even Java or C#)? And hopefully do it in such a way that I know exactly what these fields are (ie not blindly grabbing text, but knowing which string is a city and which is a name)

For clarification: I don't have the private key or a certificate file. I'm currently not interested in signing or encrypting anything, I would just like to extract the plaintext inside the pubkey without using kludgy approaches like regex.

Update: Here's a sample (base64-encoded) public key from one of my APKs

MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg==

Answer 1

The string you put in is a base 64 encoded x509 certificate, not simply a public key.

You'll need to parse the Distinguished Name fields to get the desired info.

Here's a C# example:

using System;
using System.Security.Cryptography.X509Certificates;

namespace Sample
{
class Program
{
    static void Main(string[] args)
    {
        string base64EncodedX509 =
            "MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg==";
        var rawBytes = Convert.FromBase64String(base64EncodedX509);

        X509Certificate cert = new X509Certificate(rawBytes);

        // Parse the distinguished name to get your desired fields

        Console.WriteLine(cert.Subject); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US
        Console.WriteLine(cert.Issuer);  // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US
    }
}
}

Answer 2

The "binary pubkey files produced by this" is an X.509 certificate.

Just about any platform has support for reading X.509 certificates, and creating a structure from them, from which you can reliably extract the "subject name," and often extended information that includes an email address or host name.

For example, if you have OpenSSL installed, use the following command:

openssl x509 -text -noout -inform der -in <yourfilehere>

You can extract specific fields with additional options. For example, adding -subject yields:

subject= /C=US/ST=RI/L=Narragansett/CN=Colin O'Dell

Answer 3

In php, I am not sure but maybe this function could be your friend. There is a whole section of ssl related functions that could come in handy if you are playing with certificates.