[ksba] Formatting of public keys
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Tue Jan 7 18:40:52 CET 2014
On Tue, Jan 7, 2014 at 9:08 PM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 7 Jan 2014 17:27, dbaryshkov at gmail.com said:
>
>> I need to convert pubkeys differently depending on the hashing algo (old
>> or new one) used with the certificate. Is there a way to cleanly express that
>> in libksba?
>
> Can you please explain that in more detail. What are the desired inputs
> and outputs?
This is quite a problematic story. Old format is defined in rfc4491 with
parameters being defined in rfc4357. An example of the certificate can be found
at https://tools.ietf.org/html/rfc4491#section-4.2 (note - you should
care only about 34.10-2001 example).
New format is a draft (currently) and is described only in Russian.
See http://tc26.ru/metodiki/draft/Addition_to_PKCS12_v2.pdf.
Examples can be found in section 7.1
I settled for the following S-expressions:
Sexp for the old public key used with old hash algorithm:
(public-key (gost (curve 16:1.2.643.2.2.35.1 )(digest
16:1.2.643.2.2.30.1 )(q #04........# )))
For the new hash algorithm (stribog):
(public-key (gost (curve 16:1.2.643.2.2.35.1 )(q #04...........# )))
You see, even the curves used are the same. The only difference in public key
information seems to be the information about digest (and optional
cipher) parameters -
the OID named digest.
--
With best wishes
Dmitry
More information about the Gnupg-devel
mailing list