On Mon, May 14, 2012 at 2:04 AM, Karsten Loesing karsten@torproject.org wrote:
Hi Beck,
I don't have good answers to your questions. To be honest, when I implemented the Java verification code for #2768, I looked for hints in an old Java version of Tor, rewrote that code, updated it for current BouncyCastle versions using their JavaDocs and examples, and tweaked everything until it finally worked. :)
On 5/13/12 9:04 AM, Beck Chen wrote:
- Specs says signing key is "a public key in PEM format" [1], but
what standard does it use? I tried to use M2Crypto, a Python wrapper for OpenSSL, to import this key, but failed. Then I found out that OpenSSL uses X.509 for its public keys, thus M2Crypto only supports X.509 public keys. Then I looked at the Java code for determineKeyHash() and it suggests that the key uses PKCS standard. It seems that PKCS#1 is the final answer, but the javadoc page of PEMReader in BouncyCastle says it can read "OpenSSL PEM encoded streams containing X509 certificates, PKCS8 encoded keys and PKCS7 objects" [2]. So is it PKCS#1 or PKCS#8?
In crypto_pk_write_to_string_impl, it's generated via PEM_write_bio_RSAPublicKey, so (according the manpage) that's a PKCS#1 RSAPublicKey structure. Let's hope the mangpage is right.
And what's the difference?
I'd have to read the standards to find out; if the standards don't make that clear, let me know and I can give it a try myself.
- Specs says fingerprint is "a HASH_LEN-byte of asn1 encoded public
key, encoded in hex" [1]. But to me, it seems to be "a SHA1 digest of DER encoded public key, encoded in hex". Specifically, is it necessary to specify the length of fingerprint?
That should indeed say say "a HASH_LEN-byte SHA1 digest of"....
"digest" is the part that's strictly necessary to specify, since I think we say that everything's SHA1 unless somebody says otherwise.
And ASN1 is a standard with several possible encoding rules, do we always use DER?
I believe so.