-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
access to raw public key, or keyid #163
Comments
RFC5280 has an example, which is available at: you want example C.2. Download it as rfc5280_cert2.cer. Start an irb:
(matches line 7930 of rfc5280, so this is the right object)
YEAH. So getting it out of openssl/ruby-openssl is a bit daft, but it works and gives the right answer. Should this be added as ruby code until we find a better way to get it out of the OpenSSL API? |
With the current Ruby/OpenSSL, it has to be extracted from the output of cert = OpenSSL::X509::Certificate.new
cert.public_key = ...
ef = OpenSSL::X509::ExtensionFactory.new(nil, cert)
p ext = ef.create_extension("subjectKeyIdentifier", "hash") Actually, OpenSSL provides X509_get0_pubkey_bitstr() function that does the job. It's possible to add a binding to that, but I wonder what use case this would benefit. |
RFC5280, section 4.2.1.2 defines keyid as the SHA1 of the subjectPublicKey encoding.
reveals the public key info via an OpenSSL method that produces text. This is the input that we need for the SHA1, and I guess I could decode the text back to binary if I had to, but this seems really wrong....
While there is some code in openssl/crypto/x509v3/v3_skey.c that calculates what I want, it's buried inside an extension definition, and can't (AFAIK) be used directly.
I can get what I want via:
a1 = OpenSSL::ASN1.decode(pubkey.to_der)
a1.value[1].value
but that just seems wrong. Is there another way to pull the encoded public key out?
Should getting this keyid be ruby or C code?
The text was updated successfully, but these errors were encountered: