<html><head>
</head>
<body><div>On Thu, 2023-06-08 at 08:26 -0400, Robert Moskowitz wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><br></div><div class="moz-cite-prefix">On 6/8/23 01:53, David von Oheimb wrote:<br></div><div> <br></div><blockquote type="cite" cite="mid:a3bee7ca4683910e2615fa84c4da7c7ed727e0f3.camel@von-Oheimb.de" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div> <meta http-equiv="content-type" content="text/html; charset=UTF-8"></div><div>On Wed, 2023-06-07 at 10:46 -0400, Robert Moskowitz wrote:</div><div> <br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>thanks all. It is as I thought. You have to pretty much know what the <br></div><div>CA did. You can guess, but go read the CP!<br></div></blockquote><div><br></div><div>I doubt that you'll find such inessential info on SKIDs in a CP.<br> As Tomas wrote, it's just any identifier for the public key that is unique per CA.<br> Since RFC 5280 suggests using the SHA1 hash value of the key and this is a reasonably<br> unique and convenient way to achieve that, this is what most implementations do.<br> There is no need to use anything more involved such as any of the SHA-2 algos.</div></blockquote><div> <br> Only to look for exceptions to the norm.<br> <br> Say that the keying is EdDSA448 which uses SHAKE256 internally. Why require SHA code? So the SKIDs may be computed with SHAKE.</div></blockquote><div><br></div><div>Of course the cert producer (i.e., the CA) may use also SHAKE or whatever its implementer may dream up.</div><div><br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>There are other reasonable considerations. </div></blockquote><div><br></div><div>Yes - for instance, the CA might simply enumerate the public keys that it certifies and take the bit string of the resulting integer,<br>which has the advantage that the SKIDs have minimal encoding size.</div><div>The spec in <a href="https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.5">https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.5</a> is not entirely clear whether the key identification is required to be injective,<br><div style="font-size: 14.666667px;">(i.e., whether the same public key, even if contained in different certificates, must have the same identifier or not),<br>but looks like this is preferred, such that the CA would need to keep track of the numbers it assigned to public keys it certified.</div></div><div><br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div> They will tend to be noteworthy and thus noted accordingly.</div></blockquote><div><br></div><div>There is no need to let certificate users know how the CA came up with the SKIDs it produces - it's just an implementation detail. </div><div>The only thing that matters is the mentioned uniqueness, since cert path building procedures (typically) rely on it for efficiency.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>David </div><div><br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><blockquote type="cite" cite="mid:a3bee7ca4683910e2615fa84c4da7c7ed727e0f3.camel@von-Oheimb.de" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>On 6/7/23 10:37, Corey Bonnell wrote:</div><div> <br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>The hash method isn't explicitly encoded in the certificate, but it can be<br></div><div>derived if you have the SubjectPublicKey(Info). If you have the public key,<br></div><div>then you can calculate the IDs using the various methods and seeing which one<br></div><div>matches the ID encoded in the certificate. The first method defined in RFC<br></div><div>5280, section <a href="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2" moz-do-not-send="true" class="moz-txt-link-freetext">https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2</a><br></div><div>(SHA-1 of the subjectPublicKey field (not the SPKI as a whole)) is by far the<br></div><div>most common method. The two methods in RFC 5280 require only the<br></div><div>subjectPublicKey, whereas some of the methods defined in RFC 7093 use the<br></div><div>SubjectPublicKeyInfo as a whole.<br></div><div><br></div><div>Thanks,<br></div><div>Corey<br></div><div><br></div><div>-----Original Message-----<br></div><div>From: openssl-users <<a href="mailto:openssl-users-bounces@openssl.org" moz-do-not-send="true" class="moz-txt-link-freetext">openssl-users-bounces@openssl.org</a>> On Behalf Of Robert<br></div><div>Moskowitz<br></div><div>Sent: Wednesday, June 7, 2023 8:57 AM<br></div><div>To: <a href="mailto:openssl-users@openssl.org" moz-do-not-send="true" class="moz-txt-link-freetext">openssl-users@openssl.org</a><br></div><div>Subject: Subject Key Identifier hash method<br></div><div><br></div><div>I am trying to figure out if the Subject Key Identifier hash method is carried<br></div><div>in the certificate. An asn1dump of a "regular" cert shows:<br></div><div><br></div><div> 276:d=4 hl=2 l= 29 cons: SEQUENCE<br></div><div> 278:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key<br></div><div>Identifier<br></div><div> 283:d=5 hl=2 l= 22 prim: OCTET STRING [HEX<br></div><div>DUMP]:04144F0C1A75F4AF13DC67EC18465C020FC22A82616B<br></div><div> 307:d=4 hl=2 l= 31 cons: SEQUENCE<br></div><div> 309:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key<br></div><div>Identifier<br></div><div> 314:d=5 hl=2 l= 24 prim: OCTET STRING [HEX<br></div><div>DUMP]:30168014A8885F91878E4ED6AA2056C535E2212413F96BA2<br></div><div><br></div><div><br></div><div>I cannot easily see if the hashing method is contained here. I am assuming it<br></div><div>is a sha2 hash of the EdDSA public keys, but how do I tell?<br></div><div><br></div><div>Of course I am asking as I want to use the rfc9374 DETs here.<br></div><div><br></div><div>thanks</div></blockquote></blockquote></blockquote></blockquote></body></html>