[gnutls-help] Setting Subject Key Identifier and Authority Key Identifier
Markus Karch
dietmakarch at gmail.com
Mon Jul 16 15:45:54 CEST 2018
Hello everyone,
I have another example which make things a little bit more clear:
In the code below am setting the SKI with the hash value of the private
key (as supposed) using the gnutls_pubkey_import_x509-function.
Then I am setting the AKI with the hash value of the private key (this is
wrong but useful for test purposes).
Unfortunately both values are the same. Why is it that way?
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t privKey;
gnutls_x509_crt_init(&crt);
gnutls_x509_privkey_init(&privKey);
int gnuErr = gnutls_x509_privkey_generate(privKey, GNUTLS_PK_RSA, 2048, 0);
gnuErr = gnutls_x509_crt_set_dn (crt, "O=test,CN=test", NULL);
gnuErr = gnutls_x509_crt_set_key(crt, privKey);
gnutls_x509_crt_set_version(crt, 3);
int serialNumber = rand();
gnuErr = gnutls_x509_crt_set_serial(crt, &serialNumber, sizeof(int));
//Here is the problem
gnutls_pubkey_t pubKey;
gnuErr = gnutls_pubkey_init(&pubKey);
gnuErr = gnutls_pubkey_import_x509(pubKey, crt,0 );
unsigned char test[20];
size_t size = sizeof(test);
gnuErr = gnutls_pubkey_get_key_id(pubKey, 0, test, &size);
gnuErr = gnutls_x509_crt_set_subject_key_id(crt, test, size);
gnutls_privkey_t priv;
gnutls_privkey_init(&priv);
gnutls_privkey_import_x509(priv, privKey, 0);
unsigned char test2[20]; // Normally 20 bytes (SHA1)
size_t size2 = sizeof(test2);
gnutls_x509_privkey_get_key_id(privKey, 0, test2, &size2);
gnuErr = gnutls_x509_crt_set_authority_key_id(crt, test2, size2);
/////////////////////////////////////////////////////////////////
gnuErr = gnutls_x509_crt_set_key_usage(crt,
GNUTLS_KEY_DIGITAL_SIGNATURE
| GNUTLS_KEY_CRL_SIGN
| GNUTLS_KEY_KEY_CERT_SIGN);
gnuErr = gnutls_x509_crt_set_activation_time(crt, time(NULL));
gnuErr = gnutls_x509_crt_set_expiration_time(crt, time(NULL) + (60
* 60 * 24 * 365 * 10));
gnuErr = gnutls_x509_crt_sign2(crt, crt, privKey, GNUTLS_DIG_SHA256, 0);
Regards,
ckmk14
2018-07-16 15:06 GMT+02:00 Markus Karch <dietmakarch at gmail.com>:
> Hello,
>
> I am creating a self signed X.509 certificate and trying to set the SKI
> and the AKI.
> These values should be the SHA-1 of the public key.
> But when I am settign these values I am only getting the SHA-1 hash value
> of the private key.
> What am I doing wrong? Here is a code snippet :
>
>
>
> gnutls_x509_crt_t crt;
> gnutls_x509_privkey_t privKey;
>
> gnutls_x509_crt_init(&crt);
> gnutls_x509_privkey_init(&privKey);
>
> int gnuErr = gnutls_x509_privkey_generate(privKey, GNUTLS_PK_RSA, 2048, 0);
> gnuErr = gnutls_x509_crt_set_dn (crt, "O=test,CN=test", NULL);
> gnuErr = gnutls_x509_crt_set_key(crt, privKey);
> gnutls_x509_crt_set_version(crt, 3);
> int serialNumber = rand();
> gnuErr = gnutls_x509_crt_set_serial(crt, &serialNumber, sizeof(int));
>
> //Here is the problem
> gnutls_pubkey_t pubKey;
> gnuErr = gnutls_pubkey_init(&pubKey);
> gnuErr = gnutls_pubkey_import_x509(pubKey, crt,0 );
> unsigned char test[20]; // Normally 20 bytes (SHA1)
> size_t size = sizeof(test);
> //Here I am getting the hash of the private key
> gnuErr = gnutls_pubkey_get_key_id(pubKey, 0, test, &size);
> gnuErr = gnutls_x509_crt_set_subject_key_id(crt, test, size);
>
> //....
>
> Regards,
> ckmk14
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180716/a1ba2e74/attachment.html>
More information about the Gnutls-help
mailing list