Re: How is Authority Key Identifier generated with openssl?

Tue, 19 Sep 2000 00:15:47 -0700 

Dr S N Henson wrote:

> Sebastiano Di Paola wrote:
> >
> > Hi all,
> > well this could seem a stupid question,
> > I would like to know if there is a function provided with openssl to
> > generate the x.509v3 extension
> > Authority Key Identifier.
> > I read rfc2459 to know how to calculate it:
> > it says:
> >
> > 1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
> >       value of the BIT STRING subjectPublicKey (excluding the tag,
> >       length, and number of unused bits).
> >
> > Or
> >
> > (2) The keyIdentifier is composed of a four bit type field with
> >       the value 0100 followed by the least significant 60 bits of the
> >       SHA-1 hash of the value of the BIT STRING subjectPublicKey.
> >
>
> I think that quote refers to subject key identifier.
>

[..]

Well, I re-read rfc2459. The quotes is written in the paragraph related to

Subject key Identifier ,but refers alsto to Authority Key Identifier.
Besides this issue

If Openssl copy Authority key info from subject key info of the issuer's
certificate How does openssl generate Subject Key Identifier for the new
certificate signed?

I would like to know if there is some high level function which can
generate the
Subject Key Identifier from a public key (as X509_digest for the whole
certificate)
If yes what is it?
if no how to generate by hand the Subject key id?
I have a PKCS12 bag with private key and certificate.
1) Extract certficate from pkcs12 with PKCS12_parse
2) Extract Public Key with X509_get_pubKey
3) Extract DER encoding of Pub Pkey with i2d_PublicKey
4) Create a sha1 digest of the buffer filled with i2d_PublicKey.

Is there something wrong because the value calculated in tha way differs
from the
value of the Subject Key Identifier already present in the certificate!!

Does the buffer filled with i2d_PublicKey contains tag,length,unused bits
or not ?
if the value of my buffer is:
3048024100BB9D0D9DBBCC80EA16F64206797A6137C93B1CE2840D1324AD6CCF5F34C8F3E1A0FE871321619AB77ADB3B668C2ABC5A5651F45E6BCB3CAED79CA29A4247B2410203010001

and the public key modulus starts with 00:BB:9D:0D  ... and ends with
42:47:B2:41
and Pub key exponent is 0x10001
What are the bytes on whic hash sha1 must be calculated??
I hope you can really help me!

Kind Regards
Sebastiano Di Paola

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to