I don't understand your question. As you can see, the value you pass as the digest is the same as the value the SKI instance has. And as the documentation states, digest and key_identifier are aliases for each other (as attributes on an SKI).
Alex On Thu, Mar 13, 2025 at 5:53 PM Robert Moskowitz <r...@htt-consult.com> wrote: > > I can't see to defeat it digesting the argument: > > print(type(detb), detb) > ski = x509.SubjectKeyIdentifier(detb) > print(type(ski), ski) > > <class 'bytes'> b'2001003ffe3ff805f64b0a656aaee568' > <class 'cryptography.x509.extensions.SubjectKeyIdentifier'> > <SubjectKeyIdentifier(digest=b'2001003ffe3ff805f64b0a656aaee568')> > > I don't WANT detb to be digested. I just want its value in > SubjectKeyIdentifier > > I tried, after rereading that web page doc: > > ski = x509.SubjectKeyIdentifier(key_identifier=detb) > > But that threw an error > > > On 3/13/25 5:34 PM, Alex Gaynor via Cryptography-dev wrote: > > You can pass any bytes value to the constructor: > > https://cryptography.io/en/latest/x509/reference/#cryptography.x509.SubjectKeyIdentifier > > (Sphinx doesn't highlight it, but you can see the constructor's > > signature `SubjectKeyIdentifier(digest)`). > > > > Alex > > > > On Thu, Mar 13, 2025 at 5:32 PM Robert Moskowitz <r...@htt-consult.com> > > wrote: > >> Per RFC5280 > >> > >> Although the common practice for SubjectKeyIdentifier is to SHA1 hash > >> the public key, sec 4.2.1.2 clearly states that: > >> > >> "Other methods of generating unique numbers are also acceptable." > >> > >> And in fact, using openSSL I have set whatever value I have wanted into > >> SubjectKeyIdentifier in the config file. > >> > >> But it seems in > >> > >> https://cryptography.io/en/latest/x509/reference/#cryptography.x509.SubjectKeyIdentifier.from_public_key > >> > >> "digest" is the only allowed option. > >> > >> For example I have an IPv6 address that the reverse lookup will get you > >> all the RR you may need for the thing. So I would want > >> > >> 2001003ffe3ff805f64b0a656aaee56 > >> > >> as my SubjectKeyIdentifier > >> > >> How can I do this? What type does that value need to be? > >> > >> Of course for AuthorityKeyIdentifier I think can "cheat" by using the > >> int value of that ipv6 addr and feeding it in as the serial_number. > >> > >> thank you > >> > >> > >> _______________________________________________ > >> Cryptography-dev mailing list > >> Cryptography-dev@python.org > >> https://mail.python.org/mailman/listinfo/cryptography-dev > > > > > -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
