[openssl-users] d2i_PUBKEY() and X509_get0_pubkey_bitstr() output differences
Viktor Dukhovni
openssl-users at dukhovni.org
Sun May 27 04:59:00 UTC 2018
> On May 26, 2018, at 8:14 PM, Dr. Pala <director at openca.org> wrote:
>
> have a small question - I am trying to calculate the HASH over a public key, and I want it to be reliable across different environments. In particular, I would like to be able to calculate an HASH over the public key (e.g., loaded from the keypair file) and or a key in a certificate and get the same value (given that they are the same keys :D).
>
> It seems that by using the d2i_PUBKEY(), I get some extra data and that does not allow me to calculate correctly the HASH.
>
> in particular, here's the output i2d_PUBKEY() and X509_get0_pubkey_bitstr()
You're using the wrong function. i2d_PUBKEY() encodes just the public key bits, but not the SPKI algorithm oid and parameters (which is what you want in almost all cases).
The right function is i2d_X509_PUBKEY(). For example, see:
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_fprint.c#L351
--
Viktor.
More information about the openssl-users
mailing list