On Fri, Mar 05, 2004, Claus Nagel wrote:
> > The SKID can be calculated automatically by the extension code (see
> > doc/openssl.txt). The AKID is normally copied from the SKID of the issuers
> > certificate.
>
> As for the SKID I found the following in the openssl.txt:
> Example: subjectKeyIdentifier=hash
> But which values are taken to calculate that hash and which algorithm is
> used?
>
It follows the RFC3280 recommendation in 4.2.1.2 (1):
The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
