Hi all,

I have a small question - I am trying to calculate the HASH over
a public key, and I want it to be reliable across different
environments. In particular, I would like to be able to calculate
an HASH over the public key (e.g., loaded from the keypair file)
and or a key in a certificate and get the same value (given that
they are the same keys :D).

It seems that by using the d2i_PUBKEY(), I get some extra data
and that does not allow me to calculate correctly the HASH.

in particular, here's the output i2d_PUBKEY() and
X509_get0_pubkey_bitstr():

**[DEBUG] Cert
Key Bit String X509_get0_pubkey_bitstr****()****:**

30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:7C:EC:CB:E6:

B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:FD:D1:A6:53:

F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:35:52:4E:A9:

0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:5E:DA:46:45:

D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:9A:DA:95:E9:

98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:E7:A4:B0:FA:

50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:F0:18:2C:BD:

FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:8A:29:5C:11:

12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:6C:8F:41:BA:

A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:4C:70:A3:A0:

85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:1B:61:98:E8:

55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:57:C7:CD:E0:

28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:61:7A:82:74:

33:30:AF:32:FF:02:03:01:00:01:

**[DEBUG]
i2d_PUBKEY() Bit String:**

00:00:00:00:00:00:00:00:2A:86:48:86:F7:0D:01:01:01:05:00:03:

82:01:0F:00:30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:

7C:EC:CB:E6:B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:

FD:D1:A6:53:F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:

35:52:4E:A9:0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:

5E:DA:46:45:D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:

9A:DA:95:E9:98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:

E7:A4:B0:FA:50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:

F0:18:2C:BD:FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:

8A:29:5C:11:12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:

6C:8F:41:BA:A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:

4C:70:A3:A0:85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:

1B:61:98:E8:55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:

57:C7:CD:E0:28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:

61:7A:82:74:33:30:AF:32:FF:02:03:01:00:01:

Now, the output of the i2d_PUBKEY() has an extra 24 Bytes at the
beginning (the match starts from 30:82010A... ) - what are those
bytes? I guess some extra encoding that is needed... but is there
a way to obtain the same values that does not depend on the type
or size of the keys ? Is the 24 Bytes a constant size or ... ? Is
there any documentation that would help me... ?

Cheers,

Max

--

Best Regards,

Massimiliano Pala, Ph.D.

OpenCA Labs Director

--

openssl-users mailing list

To unsubscribe:

https://mta.openssl.org/mailman/listinfo/openssl-users