Why are there forty characters left over in Google's PEM for packing a Chrome extension

Question

I've recently been trying to figure out how to get PyCrypto to recognize PEM's which are produced by Google Chrome's packing process. The problem is that the standard importKey method causes errors. After a rather long process, I finally realized that I can initially simulate the import by reverse-engineering the DerSequence.decode method (all of the details here). Unfortunately, it leaves me with one issue unresolved.

I can get the key to import, and it looks like it's fairly consistent, but I have 40 characters left over.

import binascii

# read the pem file into chromepem
# the first and last lines are useless, 
# we need it to be a string, not a tuple 
# and it needs to be one string with no newlines.
chromepem = ''.join(open("chrome.pem","r").readlines()[1:-1]).replace("\n","")

# not sure why, but it looks like the first 40 characters aren't necessary.
# removing them seems to create a consistent public key anyway...
pem = binascii.a2b_base64(chromepem[40:])

Does anyone know why those 40 characters are there? Will ignoring them cause issues with some private/public key pairs?

Answer 1

For now, the simplest thing to do is to use the openssl rsa utiity to convert the chrome.pem file to a chrome.der file. Something like

openssl rsa -in chrome.pem -out chrome.der -outform DER

should do the trick. Now you can use the bytes from chrome.der directly in the RSA.importKey() method.