d2i_PUBKEY() and X509_get0_pubkey_bitstr() output differences

"Dr. Pala" <director@xxxxxxxxxx> · Sat, 26 May 2018 18:14:15 -0600



    Hi all,
    I have a small question - I am trying to calculate the HASH over
      a public key, and I want it to be reliable across different
      environments. In particular, I would like to be able to calculate
      an HASH over the public key (e.g., loaded from the keypair file)
      and or a key in a certificate and get the same value (given that
      they are the same keys :D).
    It seems that by using the d2i_PUBKEY(), I get some extra data
      and that does not allow me to calculate correctly the HASH.
     in particular, here's the output i2d_PUBKEY() and
      X509_get0_pubkey_bitstr():
    
      [DEBUG] Cert
            Key Bit String X509_get0_pubkey_bitstr():

          30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:7C:EC:CB:E6:

          B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:FD:D1:A6:53:

          F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:35:52:4E:A9:

          0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:5E:DA:46:45:

          D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:9A:DA:95:E9:

          98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:E7:A4:B0:FA:

          50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:F0:18:2C:BD:

          FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:8A:29:5C:11:

          12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:6C:8F:41:BA:

          A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:4C:70:A3:A0:

          85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:1B:61:98:E8:

          55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:57:C7:CD:E0:

          28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:61:7A:82:74:

          33:30:AF:32:FF:02:03:01:00:01:
      [DEBUG]
          i2d_PUBKEY() Bit String:

        00:00:00:00:00:00:00:00:2A:86:48:86:F7:0D:01:01:01:05:00:03:

        82:01:0F:00:30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:

        7C:EC:CB:E6:B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:

        FD:D1:A6:53:F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:

        35:52:4E:A9:0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:

        5E:DA:46:45:D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:

        9A:DA:95:E9:98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:

        E7:A4:B0:FA:50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:

        F0:18:2C:BD:FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:

        8A:29:5C:11:12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:

        6C:8F:41:BA:A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:

        4C:70:A3:A0:85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:

        1B:61:98:E8:55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:

        57:C7:CD:E0:28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:

        61:7A:82:74:33:30:AF:32:FF:02:03:01:00:01:

    
    Now, the output of the i2d_PUBKEY() has an extra 24 Bytes at the
      beginning (the match starts from 30:82010A... ) - what are those
      bytes? I guess some extra encoding that is needed... but is there
      a way to obtain the same values that does not depend on the type
      or size of the keys ? Is the 24 Bytes a constant size or ... ? Is
      there any documentation that would help me... ?
    Cheers,

      Max

    
    -- 

      
        Best Regards,
        
          Massimiliano Pala, Ph.D.

          OpenCA Labs Director

        
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users