 |
|
| Science Forum Index » Cryptography Forum » RSA key "short ID"... |
|
Page 1 of 1 |
|
| Author |
Message |
| Fabrice... |
 Posted: Fri Oct 16, 2009 1:05 pm |
|
|
|
Guest
|
Hi,
Its not really a hard crypto question, its more related to key
management.
I'm looking into a way of identifying any RSA public key with a short
ID. Short meaning about 32 bits
PGP keys have fingerprint (which are long) from which the 32 bit Key
ID is extracted. I understand that the fingerprint is the hash of
some data including the rsa pubkey, but also some parameters like
protocol versions and so on.
I also know there x509 certificates have standard fingerprints. In
that case my understanding is that the fingerprint is based not only
the RSA key, but also the name and other parameters included in the
certificate.
But I'm working with (public) RSA keys only without certificates.
There does not seem to be an equivalent to a "fingerprint" or key ID
for standalone public keys only.
Am I missing any standard, or should I just do my own (eg, based on a
md5, sha1 or sha256 hash of the public key modulus)
This ID or fingerprint is not to be used for security purpose, but
rather for management and user interface purpose.
Thanks |
|
|
| Back to top |
|
|
|
| Fabrice... |
| Posted: Fri Oct 16, 2009 1:50 pm |
|
|
|
Guest
|
On Oct 16, 4:32 pm, "Joseph Ashwood" <ashw... at (no spam) msn.com> wrote:
[quote:239a3d7f3e]"Fabrice" <fabrice.gaut... at (no spam) gmail.com> wrote in message
news:46797110-7ddf-4fed-9d51-a488ca8754d0 at (no spam) i12g2000prg.googlegroups.com...
I'm looking into a way of identifying any RSA public key with a short
ID. Short meaning about 32 bits
Am I missing any standard, or should I just do my own (eg, based on a
md5, sha1 or sha256 hash of the public key modulus)
This ID or fingerprint is not to be used for security purpose, but
rather for management and user interface purpose.
I don't know of any standards you've missed, but the obvious way is to just
run a convenient hash on the modulus along with any necessary configuration
data (maybe protocol version?), trim and store. A standard is unnecessary..
Joe
[/quote:239a3d7f3e]
A standard would be convenient, so that I dont need to write both a
spec and a tool to calculate this ID that would only be used for my
own purpose 
I dont mean a "standard" as in ISO or something like that, but maybe
an RFC or maybe a de-facto standard used in some other applications,
or maybe something that is used as a small part of another bigger
standard.
There are always issue with byte ordering, which side to trim etc...
that are just annoying and sources of confusion... |
|
|
| Back to top |
|
|
|
| Joseph Ashwood... |
| Posted: Fri Oct 16, 2009 5:32 pm |
|
|
|
Guest
|
"Fabrice" <fabrice.gautier at (no spam) gmail.com> wrote in message
news:46797110-7ddf-4fed-9d51-a488ca8754d0 at (no spam) i12g2000prg.googlegroups.com...
[quote:63f8effa48]I'm looking into a way of identifying any RSA public key with a short
ID. Short meaning about 32 bits
Am I missing any standard, or should I just do my own (eg, based on a
md5, sha1 or sha256 hash of the public key modulus)
This ID or fingerprint is not to be used for security purpose, but
rather for management and user interface purpose.
[/quote:63f8effa48]
I don't know of any standards you've missed, but the obvious way is to just
run a convenient hash on the modulus along with any necessary configuration
data (maybe protocol version?), trim and store. A standard is unnecessary.
Joe |
|
|
| Back to top |
|
|
|
| Joseph Ashwood... |
| Posted: Fri Oct 16, 2009 10:26 pm |
|
|
|
Guest
|
"Fabrice" <fabrice.gautier at (no spam) gmail.com> wrote in message
news:adfd275c-ace2-40f1-8b9c-f57b8977abc6 at (no spam) x5g2000prf.googlegroups.com...
[quote:ad9211c0e4]I dont mean a "standard" as in ISO or something like that, but maybe
an RFC or maybe a de-facto standard used in some other applications,
or maybe something that is used as a small part of another bigger
standard.
There are always issue with byte ordering, which side to trim etc...
that are just annoying and sources of confusion...
[/quote:ad9211c0e4]
ID = First32bits(MD5(modulus))
shouldn't require much debugging.
Joe |
|
|
| Back to top |
|
|
|
| Jean-Marc Desperrier... |
| Posted: Mon Oct 19, 2009 6:33 am |
|
|
|
Guest
|
Fabrice wrote:
[quote]I dont mean a "standard" as in ISO or something like that, but maybe
an RFC
[/quote]
RFC5280 : 4.2.1.2. Subject Key Identifier
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits). |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Tue Dec 15, 2009 12:54 am
|
|