Per RFC5280
Although the common practice for SubjectKeyIdentifier is to SHA1 hash
the public key, sec 4.2.1.2 clearly states that:
"Other methods of generating unique numbers are also acceptable."
And in fact, using openSSL I have set whatever value I have wanted into
SubjectKeyIdentifier in the config file.
But it seems in
https://cryptography.io/en/latest/x509/reference/#cryptography.x509.SubjectKeyIdentifier.from_public_key
"digest" is the only allowed option.
For example I have an IPv6 address that the reverse lookup will get you
all the RR you may need for the thing. So I would want
2001003ffe3ff805f64b0a656aaee56
as my SubjectKeyIdentifier
How can I do this? What type does that value need to be?
Of course for AuthorityKeyIdentifier I think can "cheat" by using the
int value of that ipv6 addr and feeding it in as the serial_number.
thank you
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
