Re: Subject Key Identifier hash method

Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> · Thu, 8 Jun 2023 08:26:14 -0400



    On 6/8/23 01:53, David von Oheimb
      wrote:

    
      On Wed, 2023-06-07 at 10:46 -0400, Robert Moskowitz wrote:
      
        thanks all.  It is as I thought.  You have to pretty much
          know what the 

        
        CA did.  You can guess, but go read the CP!

        
      I doubt that you'll find such inessential info on SKIDs in a
        CP.

        As Tomas wrote, it's just any identifier for the public key that
        is unique per CA.

        Since RFC 5280 suggests using the SHA1 hash value of the key and
        this is a reasonably

        unique and convenient way to achieve that, this is what most
        implementations do.

        There is no need to use anything more involved such as any of
        the SHA-2 algos.
    
    
    Only to look for exceptions to the norm.

    
    Say that the keying is EdDSA448 which uses SHAKE256 internally.  Why
    require SHA code?  So the SKIDs may be computed with SHAKE.

    
    There are other reasonable considerations.  They will tend to be
    noteworthy and thus noted accordingly.

    
      	David
      

        On 6/7/23 10:37, Corey Bonnell wrote:

        
          The hash method isn't explicitly encoded in the
            certificate, but it can be

          
          derived if you have the SubjectPublicKey(Info). If you
            have the public key,

          
          then you can calculate the IDs using the various methods
            and seeing which one

          
          matches the ID encoded in the certificate. The first
            method defined in RFC

          
          5280, section https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2

          
          (SHA-1 of the subjectPublicKey field (not the SPKI as a
            whole)) is by far the

          
          most common method. The two methods in RFC 5280 require
            only the

          
          subjectPublicKey, whereas some of the methods defined in
            RFC 7093 use the

          
          SubjectPublicKeyInfo as a whole.

          
          Thanks,

          
          Corey

          
          -----Original Message-----

          
          From: openssl-users <openssl-users-bounces@xxxxxxxxxxx>
            On Behalf Of Robert

          
          Moskowitz

          
          Sent: Wednesday, June 7, 2023 8:57 AM

          
          To: openssl-users@xxxxxxxxxxx

          
          Subject: Subject Key Identifier hash method

          
          I am trying to figure out if the Subject Key Identifier
            hash method is carried

          
          in the certificate.  An asn1dump of a "regular" cert
            shows:

          
              276:d=4  hl=2 l=  29 cons:     SEQUENCE

          
              278:d=5  hl=2 l=   3 prim:      OBJECT           
            :X509v3 Subject Key

          
          Identifier

          
              283:d=5  hl=2 l=  22 prim:      OCTET STRING     
            [HEX

          
          DUMP]:04144F0C1A75F4AF13DC67EC18465C020FC22A82616B

          
              307:d=4  hl=2 l=  31 cons:     SEQUENCE

          
              309:d=5  hl=2 l=   3 prim:      OBJECT           
            :X509v3 Authority Key

          
          Identifier

          
              314:d=5  hl=2 l=  24 prim:      OCTET STRING     
            [HEX

          
          DUMP]:30168014A8885F91878E4ED6AA2056C535E2212413F96BA2

          
          I cannot easily see if the hashing method is contained
            here.  I am assuming it

          
          is a sha2 hash of the EdDSA public keys, but how do I
            tell?

          
          Of course I am asking as I want to use the rfc9374 DETs
            here.

          
          thanks