Hi, I made a function that does the Key ID in the same way as Openssl and CMS.
The main problem was that I didn't know that subjectPublicKey length is the BIT length! It was a lot easier to make a valid sha1 hash after that ;-)
Some toilet literaure... ------------------------------------- /* Make a Subject Public Key ID for the SKI extension Needs * CERTSubjectKeyIDTemplate to create DER encoding Returns a * SECItem with the SubjectPublicKeyID ready to be added as an extension */
static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
{ SEC_ASN1_OCTET_STRING }
};SECItem *
TEST_MakeSubjectPublicKeyID(CERTCertificateRequest *request)
{
SECItem *ski = NULL;
SECItem *encodedSki = NULL;
PK11Context *sha1cxt = NULL;
SECStatus rv; sha1cxt = PK11_CreateDigestContext(SEC_OID_SHA1);
rv = PK11_DigestBegin(sha1cxt);
if(SECSuccess != rv) goto fail;
/* About subjectPublicKey.len...
* This is the length in BITS! not in bytes.
*/
rv = PK11_DigestOp(sha1cxt,
request->subjectPublicKeyInfo.subjectPublicKey.data,
request->subjectPublicKeyInfo.subjectPublicKey.len / 8); if(SECSuccess != rv) goto fail;
ski = (SECItem *)PORT_Alloc(sizeof(SECItem));
ski->len = SHA1_LENGTH;
ski->data = (unsigned char*)PORT_Alloc(ski->len);
rv = PK11_DigestFinal(sha1cxt,ski->data,&ski->len, SHA1_LENGTH); if(SECSuccess != rv) goto fail;
encodedSki = SEC_ASN1EncodeItem (NULL, NULL, ski,
CERTSubjectKeyIDTemplate); /* muddle through */
fail:
if(NULL != sha1cxt) PK11_DestroyContext(sha1cxt,PR_TRUE);
if(NULL != ski) PORT_Free(ski);
return(encodedSki);
}
--------------------------------Emil Assarsson _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
