[openssl-users] Hashing public keys in EVP_PKEY's

Jan Danielsson jan.m.danielsson at gmail.com
Thu Dec 11 15:02:10 UTC 2014


Hello,

   If I would want to use the hash of a EVP_PKEY to uniquely identify
the key (regardless of whether it contains the private key or not), what
would be the best way to do this?  (I.e. how do I deterministically hash
the public key of a EVP_PKEY?).

   Performance is not a major concern.

   The system has buffers which contain keys which are base64 encoded
versions of what i2d_{RSA,DSA,EC}_PUBKEY() outputs.  Internally in the
applications these are made into EVP_PKEY's again by
d2i_{RSA,DSA,EC_KEY}_PUBKEY() + EVP_PKEY_assign_{RSA,DSA,EC_KEY}().

   How bit-by-bit identical are buffers produced by:

   out = NULL;
   switch(EVP_PKEY_type(pkey->type)) {
     case EVP_PKEY_RSA:
       len = i2d_RSA_PUBKEY(pkey->pkey.rsa, &out);
       break;
     case EVP_PKEY_DSA:
       len = i2d_DSA_PUBKEY(pkey->pkey.dsa, &out);
       break;
     case EVP_PKEY_EC:
       len = i2d_EC_PUBKEY(pkey->pkey.ec, &out);
       break;
     default:
       return SOHERR_BAD_PARAM;
   }

   .. ?

   I'm assuming it'll be pretty safe to hash the rsa buffer (..?) but I
feel like the DSA and EC buffers are a little more sketchy (because of
potential parameter issues).

   I browsed around in the source tree and found this:

-----------------
   int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned
char *md, unsigned int *len)
   {
     ASN1_BIT_STRING *key;
     key = X509_get0_pubkey_bitstr(data);
     if(!key) return 0;
     return EVP_Digest(key->data, key->length, md, len, type, NULL);
   }
-----------------

   Apart from that it uses an X509, it looks like exactly what I need,
and it made me realize that the deterministic properly I'm looking for
is internally called "bitstream".

   I tried to follow the clues from x509_get0_pubkey_bitstr(), but I
quickly got confused in the ASN1 code.  :)

   Is it safe to hash the output from i2d_*_PUBKEY?  Is it
super-deterministic as long as one doesn't change parameters around for
DSA and EC?

-- 
Kind Regards,
Jan


More information about the openssl-users mailing list