RE: Why public key SHA1 is not same as Subject key Identifier

[Salz, Rich]

Right, that’s the main point.  SKI is just an opaque identifier.  It “used to” 
“mostly” be SHA1 of the key, but there was never any requirement that it MUST 
be so.

--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz

Re: Why public key SHA1 is not same as Subject key Identifier

[Jakob Bohm]

On 05/11/2014 09:11, Jerry OELoo wrote:

Hi All:
As I know, When calculate Public key in certificate, it's SHA1 value
is equal to Subject Key Identifier in certificate, and I verify this,
and found that some websites are follow this.

But when I go to www.google.com website, I find the leaf certificate
and intermediate certificate is ok, but root CA certificate (GeoTrust
Global CA) is not.

For Geo Trust Global CA certificate.
Public key:
30 82 01 0a 02 82 01 01 00 da cc 18 63 30 fd f4 17 23 1a 56 7e 5b df
3c 6c 38 e4 71 b7 78 91 d4 bc a1 d8 4c f8 a8 43 b6 03 e9 4d 21 07 08
88 da 58 2f 66 39 29 bd 05 78 8b 9d 38 e8 05 b7 6a 7e 71 a4 e6 c4 60
a6 b0 ef 80 e4 89 28 0f 9e 25 d6 ed 83 f3 ad a6 91 c7 98 c9 42 18 35
14 9d ad 98 46 92 2e 4f ca f1 87 43 c1 16 95 57 2d 50 ef 89 2d 80 7a
57 ad f2 ee 5f 6b d2 00 8d b9 14 f8 14 15 35 d9 c0 46 a3 7b 72 c8 91
bf c9 55 2b cd d0 97 3e 9c 26 64 cc df ce 83 19 71 ca 4e e6 d4 d5 7b
a9 19 cd 55 de c8 ec d2 5e 38 53 e5 5c 4f 8c 2d fe 50 23 36 fc 66 e6
cb 8e a4 39 19 00 b7 95 02 39 91 0b 0e fe 38 2e d1 1d 05 9a f6 4d 3e
6f 0f 07 1d af 2c 1e 8f 60 39 e2 fa 36 53 13 39 d4 5e 26 2b db 3d a8
14 bd 32 eb 18 03 28 52 04 71 e5 ab 33 3d e1 38 bb 07 36 84 62 9c 79
ea 16 30 f4 5f c0 2b e8 71 6b e4 f9 02 03 01 00 01

Public Key SHA1: 00:f9:2a:c3:41:91:b6:c9:c2:b8:3e:55:f2:c0:97:11:13:a0:07:20

Subject Key Identifier: c0 7a 98 68 8d 89 fb ab 05 64 0c 11 7d aa 7d
65 b8 ca cc 4e

As you can above, Public Key SHA1 is not same as Subject Key Identifier.

What' wrong about this? Thanks a lot!

The subject key identifier is any short value that the CA can come
up with to use as a kind of "alternative serial number" of the
certificate.  It could be a checksum of the public key (using any
algorithm), or it could just bea reference to an internal CA
database.  The only important thing is that in some cases, the
certificate may bereferenced by this number and not the full
subject distinguished name.

Using SHA1(public key) used to be a common practice, but as use of
SHA1 is being phased out in favor of new hash algorithms with longer
values, CAs are going to start to use other formulas for making up
unique key identifiers, andmost of them are not going to reveal
their chosen formula.

One formula that should work far into the future could be
AES-encrypt(some-unpublished-key, concat(sequential CA id,
sequential database ID)), this will fit nicely in just 16 bytes
(128 bits) yet be guaranteed unique within a CA company
regardless of hash collisions.  Cracking that AES key would gain
an attacker very little (except perhaps a way to enumerate
certificates using lookup mechanisms that require knowledge of
the SKI as proof of need to know).


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

RE: Why public key SHA1 is not same as Subject key Identifier

[Dave Thompson]

> From: owner-openssl-us...@openssl.org On Behalf Of Jerry OELoo
> Sent: Wednesday, November 05, 2014 03:11

> But when I go to www.google.com website, I find the leaf certificate
> and intermediate certificate is ok, but root CA certificate (GeoTrust
> Global CA) is not.

> Public Key SHA1:
> 00:f9:2a:c3:41:91:b6:c9:c2:b8:3e:55:f2:c0:97:11:13:a0:07:20
> 
> Subject Key Identifier: c0 7a 98 68 8d 89 fb ab 05 64 0c 11 7d aa 7d
> 65 b8 ca cc 4e
> 
http://tools.ietf.org/html/rfc5280.html#section-4.2.1.2

notice the difference between MUST and SHOULD.
See the referenced RFC 2119 if necessary.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org