Hi Steve,
In continuance to my previous mail:
If I retrieve the publick key from the certificate:
openssl asn1parse -inform der -in mycert.cer -strparse 194 -out
pubkeyfromcert.der
0:d=0 hl=3 l= 137 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER :
135:d=1 hl=2 l= 3 prim: INTEGER :
and then take the hash then it matches perfectly.
Which I think means that the hash taken is including the ASN.1 structure, am
I correct in assuming that?
If so isn't that a bug in openssl?
Regards,
Tushar
On Fri, Dec 18, 2009 at 11:07 AM, tushar ganguli
<tushar.gang...@gmail.com>wrote:
> Hi Steve,
> I did what you said (please correct me if I am wrong) and still the ouput
> is not mappiing, below please find the steps I'd taken:
>
> 1. openssl asn1parse -inform der -in my.key
> 0:d=0 hl=4 l= 629 cons: SEQUENCE
> 4:d=1 hl=2 l= 1 prim: INTEGER :00
>
> 7:d=1 hl=2 l= 13 cons: SEQUENCE
> 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
> 20:d=2 hl=2 l= 0 prim: NULL
> 22:d=1 hl=4 l= 607 prim: OCTET STRING [HEX DUMP]:
>
> 2. openssl asn1parse -inform der -in my.key -strparse 22 -out mypubkey.der
> 3. openssl sha1 -c mypubkey.der
> SHA1(mypubkey.der)=
> 8d:51:f3:a7:03:5a:79:ca:14:1c:5f:9d:92:39:32:28:a8:1e:e3:7f
>
> SKID stored in the certificate is :
> C5:C1:98:9F:22:2E:13:25:31:E7:15:7C:2F:E2:C9:9D:45:94:56:D7
>
> Which still differs from the original one.
>
> Regards,
> Tushar.
>
>
> On Thu, Dec 17, 2009 at 7:00 PM, Dr. Stephen Henson <st...@openssl.org>wrote:
>
>> On Thu, Dec 17, 2009, tushar ganguli wrote:
>>
>> > So should I take the PEM formatted output, strip the --- BEGIN -- / --
>> END
>> > -- lines from the key and then convert the Base64 encoding to binary
>> format
>> > and then calculated the hash? Will that be the same as displayed in the
>> > certificate?
>> >
>>
>> If it was just the DER form then adding -outform DER to the rsa command
>> would
>> work. However the operation isn't based on the whole key. Here's an
>> example
>> using the OpenSSL tools...
>>
>> openssl asn1parse -in key.pem
>>
>> 0:d=0 hl=3 l= 159 cons: SEQUENCE
>> 3:d=1 hl=2 l= 13 cons: SEQUENCE
>> 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 16:d=2 hl=2 l= 0 prim: NULL
>> 18:d=1 hl=3 l= 141 prim: BIT STRING
>>
>> The actual SKID is the contents of that BIT STRING so you do:
>>
>> openssl asn1parse -in key.pem -strparse 18 -out key.der
>>
>> Then:
>>
>> openssl sha1 key.der
>>
>> That will give you exactly the same hash as that placed in SKID.
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majord...@openssl.org
>>
>
>
