[gnutls-help] Setting Subject Key Identifier and Authority Key Identifier

Markus Karch dietmakarch at gmail.com
Mon Jul 16 15:06:32 CEST 2018


I am creating a self signed X.509 certificate and trying to set the SKI and
the AKI.
These values should be the SHA-1 of the public key.
But when I am settign these values I am only getting the SHA-1 hash value
of the private key.
What am I doing wrong? Here is a code snippet :

gnutls_x509_crt_t crt;
gnutls_x509_privkey_t privKey;


int gnuErr = gnutls_x509_privkey_generate(privKey, GNUTLS_PK_RSA, 2048, 0);
gnuErr = gnutls_x509_crt_set_dn (crt, "O=test,CN=test", NULL);
gnuErr = gnutls_x509_crt_set_key(crt, privKey);
gnutls_x509_crt_set_version(crt, 3);
int serialNumber = rand();
gnuErr = gnutls_x509_crt_set_serial(crt, &serialNumber, sizeof(int));

//Here is the problem
gnutls_pubkey_t pubKey;
gnuErr = gnutls_pubkey_init(&pubKey);
gnuErr =  gnutls_pubkey_import_x509(pubKey, crt,0 );
unsigned char test[20]; // Normally 20 bytes (SHA1)
size_t size = sizeof(test);
//Here I am getting the hash of the private key
gnuErr = gnutls_pubkey_get_key_id(pubKey, 0, test, &size);
gnuErr = gnutls_x509_crt_set_subject_key_id(crt, test, size);


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180716/8269d869/attachment-0001.html>

More information about the Gnutls-help mailing list