On Thu, Feb 26, 2004, Mike Gagnon wrote:
> Hi list,
>
> I need to know how to calculate the fingerprint for public/private RSA/DSA keys. (4
> possibilities).
>
> Right now, for both public and private keys, I get the same fingerprint (which I
> think is wrong). I
> think I'm missing some fields needed for private keys, which ones? i.e., Will the
> code below only
> work for public DSA/RSA keys?
>
> case DSA:
> blob->put_cstring("ssh-dss");
> blob->put_bignum2(pKey->pkey.dsa->p);
> blob->put_bignum2(pKey->pkey.dsa->q);
> blob->put_bignum2(pKey->pkey.dsa->g);
> blob->put_bignum2(pKey->pkey.dsa->pub_key);
> case RSA:
> blob->put_cstring("ssh-rsa");
> blob->put_bignum2(pKey->pkey.rsa->e);
> blob->put_bignum2(pKey->pkey.rsa->n);
>
> The result is then the MD5 digest on the blob...
>
Depends on what you mean by "fingerprint": there isn't a standard for public
and private key fingerprints.
Does you want the public key have to have the same fingerprint as the private
key?
If so a simple way which is guaranteed to work for future algorithms is to
hash the encoding of the public key using i2d_PUBKEY(). This also contains the
algorithm information. It uses a standard format for the public keys: the same
format as used in certificates.
If you want them to be different you could take the PKCS#8 encoding for a
private key.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
