[openssl-users] d2i_PUBKEY() and X509_get0_pubkey_bitstr() output differences

[Dr. Pala]

Hi all,

I have a small question - I am trying to calculate the HASH over a 
public key, and I want it to be reliable across different environments. 
In particular, I would like to be able to calculate an HASH over the 
public key (e.g., loaded from the keypair file) and or a key in a 
certificate and get the same value (given that they are the same keys :D).

It seems that by using the d2i_PUBKEY(), I get some extra data and that 
does not allow me to calculate correctly the HASH.

in particular, here's the output i2d_PUBKEY() and X509_get0_pubkey_bitstr():

    *[DEBUG] Cert Key Bit String X509_get0_pubkey_bitstr**()**:*
    30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:7C:EC:CB:E6:
    B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:FD:D1:A6:53:
    F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:35:52:4E:A9:
    0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:5E:DA:46:45:
    D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:9A:DA:95:E9:
    98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:E7:A4:B0:FA:
    50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:F0:18:2C:BD:
    FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:8A:29:5C:11:
    12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:6C:8F:41:BA:
    A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:4C:70:A3:A0:
    85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:1B:61:98:E8:
    55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:57:C7:CD:E0:
    28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:61:7A:82:74:
    33:30:AF:32:FF:02:03:01:00:01:

    *[DEBUG] i2d_PUBKEY() Bit String:*
    00:00:00:00:00:00:00:00:2A:86:48:86:F7:0D:01:01:01:05:00:03:
    82:01:0F:00:30:82:01:0A:02:82:01:01:00:BD:ED:42:7E:D4:2D:BD:
    7C:EC:CB:E6:B2:93:0D:E1:E1:A8:81:0C:01:A5:71:24:D6:65:D3:56:
    FD:D1:A6:53:F3:3F:F6:80:68:16:BF:7E:A9:2C:E2:10:10:77:FC:EF:
    35:52:4E:A9:0D:15:AF:8F:2C:2D:30:BC:60:C3:31:EE:6C:CC:66:86:
    5E:DA:46:45:D3:31:2D:0E:D1:C0:96:63:0C:C2:D1:CF:C6:47:C3:97:
    9A:DA:95:E9:98:92:3B:AB:14:CF:58:5B:B8:50:EB:25:0F:CA:25:07:
    E7:A4:B0:FA:50:B5:1E:6B:DE:D8:F7:BE:BA:35:9A:E9:D9:5A:05:22:
    F0:18:2C:BD:FC:DF:E7:38:70:E0:8D:DD:C3:53:EE:B4:21:26:66:84:
    8A:29:5C:11:12:59:C8:09:E4:C2:49:BA:3F:CC:3D:15:22:0F:EC:F6:
    6C:8F:41:BA:A7:7B:D0:66:C9:4A:89:1A:73:E9:E8:67:17:20:00:8F:
    4C:70:A3:A0:85:05:C9:60:CD:18:17:F4:28:BA:59:F2:49:88:C9:87:
    1B:61:98:E8:55:AD:A7:C2:B0:81:6C:63:C2:4E:92:6C:7B:45:F4:A5:
    57:C7:CD:E0:28:83:E7:F4:AB:E1:E2:79:71:31:F5:AE:05:A4:32:AB:
    61:7A:82:74:33:30:AF:32:FF:02:03:01:00:01:

Now, the output of the i2d_PUBKEY() has an extra 24 Bytes at the 
beginning (the match starts from 30:82010A... ) - what are those bytes? 
I guess some extra encoding that is needed... but is there a way to 
obtain the same values that does not depend on the type or size of the 
keys ? Is the 24 Bytes a constant size or ... ? Is there any 
documentation that would help me... ?

Cheers,
Max

-- 
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180526/c7f06a1d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: njgnnbedbaaedlhm.png
Type: image/png
Size: 3146 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180526/c7f06a1d/attachment-0001.png>