You can pass any bytes value to the constructor: https://cryptography.io/en/latest/x509/reference/#cryptography.x509.SubjectKeyIdentifier (Sphinx doesn't highlight it, but you can see the constructor's signature `SubjectKeyIdentifier(digest)`).
Alex On Thu, Mar 13, 2025 at 5:32 PM Robert Moskowitz <r...@htt-consult.com> wrote: > > Per RFC5280 > > Although the common practice for SubjectKeyIdentifier is to SHA1 hash > the public key, sec 4.2.1.2 clearly states that: > > "Other methods of generating unique numbers are also acceptable." > > And in fact, using openSSL I have set whatever value I have wanted into > SubjectKeyIdentifier in the config file. > > But it seems in > > https://cryptography.io/en/latest/x509/reference/#cryptography.x509.SubjectKeyIdentifier.from_public_key > > "digest" is the only allowed option. > > For example I have an IPv6 address that the reverse lookup will get you > all the RR you may need for the thing. So I would want > > 2001003ffe3ff805f64b0a656aaee56 > > as my SubjectKeyIdentifier > > How can I do this? What type does that value need to be? > > Of course for AuthorityKeyIdentifier I think can "cheat" by using the > int value of that ipv6 addr and feeding it in as the serial_number. > > thank you > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
