| ||||
| ||||
| Здравствуйте! Не подскажете как вычисляется Subject Key Identifier для создаваемого сертификата? Для работы с сертификатами пользуюсь OpenSSL. Пробовал считать хэш и так и сяк, и с помощъю криптопровайдера CryptoPro - не совпадает с тем, что есть в корневом тестовом сертификате КриптоПро. Заранее спасибо. | ||||
| Ответы: | ||||
| ||||
| http://www.ietf.org/rfc/rfc3280.txt?number=3280 4.2.1.2 Subject Key Identifier The subject key identifier extension provides a means of identifying certificates that contain a particular public key. To facilitate certification path construction, this extension MUST appear in all conforming CA certificates, that is, all certificates including the basic constraints extension (section 4.2.1.10) where the value of cA is TRUE. The value of the subject key identifier MUST be the value placed in the key identifier field of the Authority Key Identifier extension (section 4.2.1.1) of certificates issued by the subject of this certificate. For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Two common methods for generating key identifiers from the public key are: (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits). (2) The keyIdentifier is composed of a four bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bit string bits). В основном пользуют 20 байт SHA1 | ||||
Антон