On Thu, Dec 11, 2014 at 04:02:10PM +0100, Jan Danielsson wrote:
> If I would want to use the hash of a EVP_PKEY to uniquely identify
> the key (regardless of whether it contains the private key or not), what
> would be the best way to do this? (I.e. how do I deterministically hash
> the public key of a EVP_PKEY?).
Be careful to produce a hash of a full SPKI structure (algorithm
oid, parameters, key bits) and not just the key bits. Without the
algorithm and parameter context, there is I think a likelihood of
attacks depending on how the hashes are to be used.
> -----------------
> int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned
> char *md, unsigned int *len)
> {
> ASN1_BIT_STRING *key;
> key = X509_get0_pubkey_bitstr(data);
> if(!key) return 0;
> return EVP_Digest(key->data, key->length, md, len, type, NULL);
> }
> -----------------
This is used to compute the SHA-1 keybits hash for "authority key
identifier" computations, but is NOT the appropriate hash to use
in general. It is exactly the "key-bits only" digest I am suggesting
you avoid.
Instead, use i2d_PUBKEY() and compute the appropriate digest of
that.
--
Viktor.
