[openssl-users] Hashing public keys in EVP_PKEY's

[Viktor Dukhovni]

On Thu, Dec 11, 2014 at 04:02:10PM +0100, Jan Danielsson wrote:

>    If I would want to use the hash of a EVP_PKEY to uniquely identify
> the key (regardless of whether it contains the private key or not), what
> would be the best way to do this?  (I.e. how do I deterministically hash
> the public key of a EVP_PKEY?).

Be careful to produce a hash of a full SPKI structure (algorithm
oid, parameters, key bits) and not just the key bits.  Without the
algorithm and parameter context, there is I think a likelihood of
attacks depending on how the hashes are to be used.

> -----------------
>    int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned
> char *md, unsigned int *len)
>    {
>      ASN1_BIT_STRING *key;
>      key = X509_get0_pubkey_bitstr(data);
>      if(!key) return 0;
>      return EVP_Digest(key->data, key->length, md, len, type, NULL);
>    }
> -----------------

This is used to compute the SHA-1 keybits hash for "authority key
identifier" computations, but is NOT the appropriate hash to use
in general.  It is exactly the "key-bits only" digest I am suggesting
you avoid.

Instead, use i2d_PUBKEY() and compute the appropriate digest of
that.

-- 
	Viktor.