[ksba] Formatting of public keys

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Tue Jan 7 18:40:52 CET 2014

On Tue, Jan 7, 2014 at 9:08 PM, Werner Koch <wk at gnupg.org> wrote:
> On Tue,  7 Jan 2014 17:27, dbaryshkov at gmail.com said:
>> I need to convert pubkeys differently depending on the hashing algo (old
>> or new one) used with the certificate. Is there a way to cleanly express that
>> in libksba?
> Can you please explain that in more detail.  What are the desired inputs
> and outputs?

This is quite a problematic story. Old format is defined in rfc4491 with
parameters being defined in rfc4357. An example of the certificate can be found
at https://tools.ietf.org/html/rfc4491#section-4.2  (note - you should
care only about 34.10-2001 example).

New format is a draft (currently) and is described only in Russian.
See http://tc26.ru/metodiki/draft/Addition_to_PKCS12_v2.pdf.
Examples can be found in section 7.1

I settled for the following S-expressions:

Sexp for the old public key used with old hash algorithm:

(public-key (gost (curve 16:1.2.643. )(digest
16:1.2.643. )(q #04........# )))

For the new hash algorithm (stribog):

(public-key (gost (curve 16:1.2.643. )(q #04...........# )))

You see, even the curves used are the same. The only difference in public key
information seems to be the information about digest (and optional
cipher) parameters -
the OID named digest.

With best wishes

More information about the Gnupg-devel mailing list