d2i_PUBKEY() and X509_get0_pubkey_bitstr() output differences

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

d2i_PUBKEY() and X509_get0_pubkey_bitstr() output differences

Dr. Pala

Hi all,

I have a small question - I am trying to calculate the HASH over a public key, and I want it to be reliable across different environments. In particular, I would like to be able to calculate an HASH over the public key (e.g., loaded from the keypair file) and or a key in a certificate and get the same value (given that they are the same keys :D).

It seems that by using the d2i_PUBKEY(), I get some extra data and that does not allow me to calculate correctly the HASH.

in particular, here's the output i2d_PUBKEY() and X509_get0_pubkey_bitstr():

[DEBUG] Cert Key Bit String X509_get0_pubkey_bitstr():
30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:7C:EC:CB:E6:
B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:FD:D1:A6:53:
F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:35:52:4E:A9:
0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:5E:DA:46:45:
D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:9A:DA:95:E9:
98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:E7:A4:B0:FA:
50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:F0:18:2C:BD:
FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:8A:29:5C:11:
12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:6C:8F:41:BA:
A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:4C:70:A3:A0:
85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:1B:61:98:E8:
55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:57:C7:CD:E0:
28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:61:7A:82:74:
33:30:AF:32:FF:02:03:01:00:01:

[DEBUG] i2d_PUBKEY() Bit String:
00:00:00:00:00:00:00:00:2A:86:48:86:F7:0D:01:01:01:05:00:03:
82:01:0F:00:30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:
7C:EC:CB:E6:B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:
FD:D1:A6:53:F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:
35:52:4E:A9:0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:
5E:DA:46:45:D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:
9A:DA:95:E9:98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:
E7:A4:B0:FA:50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:
F0:18:2C:BD:FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:
8A:29:5C:11:12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:
6C:8F:41:BA:A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:
4C:70:A3:A0:85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:
1B:61:98:E8:55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:
57:C7:CD:E0:28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:
61:7A:82:74:33:30:AF:32:FF:02:03:01:00:01:

Now, the output of the i2d_PUBKEY() has an extra 24 Bytes at the beginning (the match starts from 30:82010A... ) - what are those bytes? I guess some extra encoding that is needed... but is there a way to obtain the same values that does not depend on the type or size of the keys ? Is the 24 Bytes a constant size or ... ? Is there any documentation that would help me... ?

Cheers,
Max

--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: d2i_PUBKEY() and X509_get0_pubkey_bitstr() output differences

Viktor Dukhovni


> On May 26, 2018, at 8:14 PM, Dr. Pala <[hidden email]> wrote:
>
>  have a small question - I am trying to calculate the HASH over a public key, and I want it to be reliable across different environments. In particular, I would like to be able to calculate an HASH over the public key (e.g., loaded from the keypair file) and or a key in a certificate and get the same value (given that they are the same keys :D).
>
> It seems that by using the d2i_PUBKEY(), I get some extra data and that does not allow me to calculate correctly the HASH.
>
> in particular, here's the output i2d_PUBKEY() and X509_get0_pubkey_bitstr()

You're using the wrong function.  i2d_PUBKEY() encodes just the public key bits, but not the SPKI algorithm oid and parameters (which is what you want in almost all cases).

The right function is i2d_X509_PUBKEY().  For example, see:

https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_fprint.c#L351

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users