Oscar Jacobsson wrote:
>
> Hi all!
>
> From what I've managed to comprehend of draft-ietf-pkix-ipki-part1 my
> v2 CRL needs an AuthorityKeyIdentifier. Quoting paragraph 4.2.1.2:
>
> (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
> value of the BIT STRING subjectPublicKey (excluding the tag,
> length, and number of unused bits).
>
> Seeing as cert_info->key->public_key is an ASN1_BIT_STRING, am I
> correct in assuming that I should hash public_key->length bytes of
> public_key->data in order to get my AuthorityKeyIdentifier?
I'm not absolutely sure without reviewing source, but I'd guess you have
to omit the first byte, and the number of bits specified in it from the
last byte (if you see what I mean) - but the SHA1 functions don't appear
to operate at the bit level, so if that is anything other than zero, you
are probably going to have a problem.
Is there a sample in the draft?
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: [EMAIL PROTECTED] |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
