Hi Dr. Henson,
Thanks for your reply, I don't want the same fingerprint for private keys - that's
where my problem
is coming from. I have an interface that shows both public and private keys - and
they're
enumerated by fingerprint. The uniqueness of the fingerprint guarantees a different
key - so my
public and private keys must have different fingerprints.
The code I have below lists the public elements of DSA and RSA keys and the method
works with what
servers send back for public keys, but what I'm asking is, what are the private fields
of a DSA key,
and what are the private fields of an RSA key?
I'd like to add all the missing private key fields to the blob for when I'm
calculating the private
key fingerprint - which would make them very different and quite unique... I'm
assuming since these
elements, when the valid key being fingerprinted is a private key, are always non-null
- so they
will always add data to the digest function, drastically changing the result and
giving me my unique
fingerprint for them..
Thanks,
Mike
> On Thu, Feb 26, 2004, Mike Gagnon wrote:
>
> > Hi list,
> >
> > I need to know how to calculate the fingerprint for public/private RSA/DSA keys. (4
possibilities).
> >
> > Right now, for both public and private keys, I get the same fingerprint (which I
> > think is
wrong). I
> > think I'm missing some fields needed for private keys, which ones? i.e., Will the
> > code below
only
> > work for public DSA/RSA keys?
> >
> > case DSA:
> > blob->put_cstring("ssh-dss");
> > blob->put_bignum2(pKey->pkey.dsa->p);
> > blob->put_bignum2(pKey->pkey.dsa->q);
> > blob->put_bignum2(pKey->pkey.dsa->g);
> > blob->put_bignum2(pKey->pkey.dsa->pub_key);
> > case RSA:
> > blob->put_cstring("ssh-rsa");
> > blob->put_bignum2(pKey->pkey.rsa->e);
> > blob->put_bignum2(pKey->pkey.rsa->n);
> >
> > The result is then the MD5 digest on the blob...
> >
>
> Depends on what you mean by "fingerprint": there isn't a standard for public
> and private key fingerprints.
>
> Does you want the public key have to have the same fingerprint as the private
> key?
>
> If so a simple way which is guaranteed to work for future algorithms is to
> hash the encoding of the public key using i2d_PUBKEY(). This also contains the
> algorithm information. It uses a standard format for the public keys: the same
> format as used in certificates.
>
> If you want them to be different you could take the PKCS#8 encoding for a
> private key.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
