[gnutls-help] Setting Subject Key Identifier and Authority Key Identifier

Markus Karch dietmakarch at gmail.com
Mon Jul 16 20:08:37 CEST 2018 

Hello everyone,

sorry for the multiple mails but I think I found my issue. In the
documentation I discovered this:

"Note that gnutls_pubkey_get_key_id
<https://www.gnutls.org/manual/html_node/Abstract-key-API.html#gnutls_005fpubkey_005fget_005fkey_005fid>
 calculates a SHA1 digest of the public key as a DER-formatted,
subjectPublicKeyInfo object. Other implementations use different
approaches, e.g., some use the “common method” described in section 4.2.1.2
of [RFC5280
<https://www.gnutls.org/manual/html_node/Bibliography.html#RFC5280>] which
calculates a digest on a part of the subjectPublicKeyInfo object. "

Is it with gnutls possible to generate the key id with one of the "common
methods" described in RFC5280?

Regards,
ckmk14

2018-07-16 15:06 GMT+02:00 Markus Karch <dietmakarch at gmail.com>:

> Hello,
>
> I am creating a self signed X.509 certificate and trying to set the SKI
> and the AKI.
> These values should be the SHA-1 of the public key.
> But when I am settign these values I am only getting the SHA-1 hash value
> of the private key.
> What am I doing wrong? Here is a code snippet :
>
>
>
> gnutls_x509_crt_t crt;
> gnutls_x509_privkey_t privKey;
>
> gnutls_x509_crt_init(&crt);
> gnutls_x509_privkey_init(&privKey);
>
> int gnuErr = gnutls_x509_privkey_generate(privKey, GNUTLS_PK_RSA, 2048, 0);
> gnuErr = gnutls_x509_crt_set_dn (crt, "O=test,CN=test", NULL);
> gnuErr = gnutls_x509_crt_set_key(crt, privKey);
> gnutls_x509_crt_set_version(crt, 3);
> int serialNumber = rand();
> gnuErr = gnutls_x509_crt_set_serial(crt, &serialNumber, sizeof(int));
>
> //Here is the problem
> gnutls_pubkey_t pubKey;
> gnuErr = gnutls_pubkey_init(&pubKey);
> gnuErr =  gnutls_pubkey_import_x509(pubKey, crt,0 );
> unsigned char test[20]; // Normally 20 bytes (SHA1)
> size_t size = sizeof(test);
> //Here I am getting the hash of the private key
> gnuErr = gnutls_pubkey_get_key_id(pubKey, 0, test, &size);
> gnuErr = gnutls_x509_crt_set_subject_key_id(crt, test, size);
>
> //....
>
> Regards,
> ckmk14
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180716/7195260b/attachment.html>

More information about the Gnutls-help mailing list