Hi all, I have a small question - I am trying to calculate the HASH over a public key, and I want it to be reliable across different environments. In particular, I would like to be able to calculate an HASH over the public key (e.g., loaded from the keypair file) and or a key in a certificate and get the same value (given that they are the same keys :D). It seems that by using the d2i_PUBKEY(), I get some extra data and that does not allow me to calculate correctly the HASH. in particular, here's the output i2d_PUBKEY() and X509_get0_pubkey_bitstr():
Now, the output of the i2d_PUBKEY() has an extra 24 Bytes at the beginning (the match starts from 30:82010A... ) - what are those bytes? I guess some extra encoding that is needed... but is there a way to obtain the same values that does not depend on the type or size of the keys ? Is the 24 Bytes a constant size or ... ? Is there any documentation that would help me... ? Cheers, --
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users |
> On May 26, 2018, at 8:14 PM, Dr. Pala <[hidden email]> wrote: > > have a small question - I am trying to calculate the HASH over a public key, and I want it to be reliable across different environments. In particular, I would like to be able to calculate an HASH over the public key (e.g., loaded from the keypair file) and or a key in a certificate and get the same value (given that they are the same keys :D). > > It seems that by using the d2i_PUBKEY(), I get some extra data and that does not allow me to calculate correctly the HASH. > > in particular, here's the output i2d_PUBKEY() and X509_get0_pubkey_bitstr() You're using the wrong function. i2d_PUBKEY() encodes just the public key bits, but not the SPKI algorithm oid and parameters (which is what you want in almost all cases). The right function is i2d_X509_PUBKEY(). For example, see: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_fprint.c#L351 -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users |
Free forum by Nabble | Edit this page |