diff 7ca997bf7efdca16416b22488ebc7b70c419fd44 uncommitted
--- a//sys/include/libsec.h
+++ b//sys/include/libsec.h
@@ -374,6 +374,7 @@
 int		pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype);
 int		asn1encodeRSApub(RSApub *pk, uchar *buf, int len);
 int		asn1encodeRSApriv(RSApriv *k, uchar *buf, int len);
+int		asn1encodeRSApubSPKI(RSApub *pk, uchar *buf, int len);
 int		asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*),
 			uchar *digest, uchar *buf, int len);
 
--- a//sys/src/cmd/auth/rsa2asn1.c
+++ b//sys/src/cmd/auth/rsa2asn1.c
@@ -6,11 +6,12 @@
 #include "rsa2any.h"
 
 int privatekey = 0;
+char *format = "pkcs1";
 
 void
 usage(void)
 {
-	fprint(2, "usage: auth/rsa2asn1 [-a] [file]\n");
+	fprint(2, "usage: auth/rsa2asn1 [-a] [-f fmt] [file]\n");
 	exits("usage");
 }
 
@@ -25,6 +26,9 @@
 	case 'a':
 		privatekey = 1;
 		break;
+	case 'f':
+		format = EARGF(usage());
+		break;
 	default:
 		usage();
 	}ARGEND
@@ -32,14 +36,25 @@
 	if(argc > 1)
 		usage();
 
+	n = -1;
 	if((k = getrsakey(argc, argv, privatekey, nil)) == nil)
 		sysfatal("%r");
 	if(privatekey){
-		if((n = asn1encodeRSApriv(k, buf, sizeof(buf))) < 0)
-			sysfatal("asn1encodeRSApriv: %r");
+		if(strcmp(format, "pkcs1") == 0)
+			n = asn1encodeRSApriv(k, buf, sizeof(buf));
+		else
+			sysfatal("unknown format %s", format);
+		if(n < 0)
+			sysfatal("encode: %r");
 	}else{
-		if((n = asn1encodeRSApub(&k->pub, buf, sizeof(buf))) < 0)
-			sysfatal("asn1encodeRSApub: %r");
+		if(strcmp(format, "pkcs1") == 0)
+			n = asn1encodeRSApub(&k->pub, buf, sizeof(buf));
+		else if(strcmp(format, "spki") == 0)
+			n = asn1encodeRSApubSPKI(&k->pub, buf, sizeof(buf));
+		else
+			sysfatal("unknown format %s", format);
+		if(n < 0)
+			sysfatal("encode: %r");
 	}
 	if(write(1, buf, n) != n)
 		sysfatal("write: %r");
--- a//sys/src/libsec/port/x509.c
+++ b//sys/src/libsec/port/x509.c
@@ -788,6 +788,7 @@
 
 	p = &uc;
 	err = enc(&p, e, 1);
+	*pbytes = nil;
 	if(err == ASN_OK) {
 		ans = newbytes(p-&uc);
 		p = ans->data;
@@ -2900,6 +2901,32 @@
 	}
 	memmove(buf, b->data, len = b->len);
 	freebytes(b);
+	return len;
+}
+
+int
+asn1encodeRSApubSPKI(RSApub *pk, uchar *buf, int len)
+{
+	Bytes *b, *k;
+	Elem e;
+
+	k = encode_rsapubkey(pk);
+	if(k == nil)
+		return -1;
+	e = mkseq(
+		mkel(mkalg(ALG_rsaEncryption),
+		mkel(mkbits(k->data, k->len),
+		nil)));
+	encode(e, &b);
+	freebytes(k);
+	if(b == nil)
+		return -1;
+	if(b->len > len){
+		freebytes(b);
+		werrstr("buffer too small");
+		return -1;
+	}
+	memmove(buf, b->data, len = b->len);
 	return len;
 }