Hi Steve, all, Thanks for the pointer to, among other things, i2d_RSA_PUBKEY. I am not sure of everything yet, but I can find out now, probably.
To respond to your question: I try to do something similar to what is done in ssh: store the SHA-1 of a peer's public key into a local table (e.g., on disk); each time a connection is set up a lookup is done in this table on whether the key (corresponding to the hash) is known already or not. I'd like to store the hash of the raw public key, not the certificate as a whole, as only the public key itself is constant in view of certificate expiration and renewal. A requirement is that the mechanism be portable and platform independent; the sha-1 digests may be stored on possibly shared (NFS) disks, used on both big and little endian machines, and accessed by different programs on different machines. The same program may even be implemented in different languages on different machines, e.g., C or Java. That means that the RSA public key datastructure(s) that are hashed have to be be platform independent, and also independent on the particular crypto library used, so not OpenSSL specific. Of course the data structures that are hashed have to present the full public key information. The implementation does not need to interoperate with existing programs. If I am not mistaken, the i2d_RSA_PUBKEY method (i2d meaning internal-to-DER?) does then indeed provide what I need, namely a method to encode the RSA public key data into a single, portable, platform independent data representation, DER, which I then can compute the SHA-1 hash over. But out of curiosity: are the raw datstructures in the EVP_PKEY datastructure also directly usable (i.e., the raw RSA data)? Rsa_st contains a few members, such as n, e, d, which seem to match the PKCS1 notation. However, I do not know if the RSA public key material is stored machine (byte-order) or OpenSSL independent in rsa_st. If it were, I suppose I could instead, for example, concatenate rsa_st.n (modulus) and rsa_st.e (the public exponent) and hash the result directly - or is that very naive? Thanks a lot, best regards, Guido. On Fri, Feb 27, 2004, Guido Noord wrote: > Hi, > > I am a newbe to openssl. The documentation is not very enlightning to me > so far I'm afraid. > > What I am trying to do is to take the "sha-1 hash of a public key > obtained from a peer". So, I first do a SSL_connect, > obtaining the X509 certificate of the peer. So far so good, this is > standard SSL stuff described in various examples. > > Then I obtain the RSA public key from this certificate using the call > pubkey = X509_get_pubkey(peer_cert); > where pubkey is of type EVP_PKEY*. > > However, after this I am not sure what to do. I cannot directly make a > digest of 'pubkey', as below: > > EVP_DigestInit(&ex, EVP_sha1()); > EVP_DigestUpdate(&ex, (void*)pubkey sizeof((void*)pubkey)); > EVP_DigestFinal(&ex, md_value ,(unsigned int*) &i); > > as this really only hashes the EVP_PKEY struct, not the public key itself. > > Can anyone shed some light on how to obtain the RSA public key > specifically and digest this key? I am a bit lost in the OpenSSL > datastructures.. I followed the EVP_PKEY struct definition back to rsa_st, > defined in rsa.h, however, this remains rather cryptic and I am not sure > how to use it (if I can use it directly). > > In the end, I suppose I need to do something like pubkey->pkey.rsa->... > however I am not sure what field(s) to use. Can anyone point me in the > right direction? E.g., what fields in the pkey.rsa (rsa_st) struct are > used to store the public key, or maybe someone can tell me how a > (raw) public key is 'normally' digested? > There isn't any single standard for how an RSA public key is hashed. What do you actually want from this hash? Do you want it simply to give an string indication that two keys with the same has are the same public key? If so you can use i2d_PUBKEY() to generate an encoding from an EVP_PKEY and hash that (see FAQ and manual pages for more info). That will then work with any key type. Alternatively do you want to interop with an existing implementation? If so then you need to find out how it is hashing the public key and use the same method. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
