Hi,
I want to create a "Subject Key ID" extension and place in a certificate. My plan is to follow RFC 3280 (Page 27) and sha-1-hash the public key.
Can I use CERTCertificateRequest.subjectPublicKeyInfo.subjectPublicKey? Or must I encode the key to DER first?
I can't find any example code for this.
This is what I have for the moment. It works but the SKI does not match the original certificate when I'm doing cross-certifications (on a bunch of certs).
---
ski = PK11_MakeIDFromPubKey(
&(request->subjectPublicKeyInfo.subjectPublicKey));
if(NULL != ski) {
encodedSki = SEC_ASN1EncodeItem (NULL, NULL, ski,
CERTSubjectKeyIDTemplate);
CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID,
encodedSki, PR_FALSE, PR_TRUE);
} else {
puts("failed to create SKI");
};
---
Emil Assarsson _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
