On Fri, Feb 27, 2004, Guido Noord wrote: > Hi, > > I am a newbe to openssl. The documentation is not very enlightning to me > so far I'm afraid. > > What I am trying to do is to take the "sha-1 hash of a public key > obtained from a peer". So, I first do a SSL_connect, > obtaining the X509 certificate of the peer. So far so good, this is > standard SSL stuff described in various examples. > > Then I obtain the RSA public key from this certificate using the call > pubkey = X509_get_pubkey(peer_cert); > where pubkey is of type EVP_PKEY*. > > However, after this I am not sure what to do. I cannot directly make a > digest of 'pubkey', as below: > > EVP_DigestInit(&ex, EVP_sha1()); > EVP_DigestUpdate(&ex, (void*)pubkey sizeof((void*)pubkey)); > EVP_DigestFinal(&ex, md_value ,(unsigned int*) &i); > > as this really only hashes the EVP_PKEY struct, not the public key itself. > > Can anyone shed some light on how to obtain the RSA public key > specifically and digest this key? I am a bit lost in the OpenSSL > datastructures.. I followed the EVP_PKEY struct definition back to rsa_st, > defined in rsa.h, however, this remains rather cryptic and I am not sure > how to use it (if I can use it directly). > > In the end, I suppose I need to do something like pubkey->pkey.rsa->... > however I am not sure what field(s) to use. Can anyone point me in the > right direction? E.g., what fields in the pkey.rsa (rsa_st) struct are > used to store the public key, or maybe someone can tell me how a > (raw) public key is 'normally' digested? >
There isn't any single standard for how an RSA public key is hashed. What do you actually want from this hash? Do you want it simply to give an string indication that two keys with the same has are the same public key? If so you can use i2d_PUBKEY() to generate an encoding from an EVP_PKEY and hash that (see FAQ and manual pages for more info). That will then work with any key type. Alternatively do you want to interop with an existing implementation? If so then you need to find out how it is hashing the public key and use the same method. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
