On Sun, 17 Aug 2014 16:19:56 +0100 Gareth Owen gareth.owen@port.ac.uk wrote:
I'm trying to generate the fingerprint given just the pubilc key in Java and after almost a whole day I'm about to give up. Does anyone have a sample PKCS#1 encoded public key that is used immediately before SHA-1 to generate the fingerprint? e.g. a hex string is what I'm after.
Both descriptors and microdescriptors contain this in the appropriate format (albeit Base64 encoded and with a PEM envelope). Check the data directory of a running tor instance and look at cached-microdescs(.new), which will have onion-key entries for all the relays.
It seems there are subtle ways that an PKCS#1 can vary while encoding the same information which affects the hash, Java seems to be doing it one way, OpenSSL another, an example on stack overflow adds an extra field, etc.
The way that you care about (that matches how tor does it) is specified in RFC 2313.
7.1 Public-key syntax
An RSA public key shall have ASN.1 type RSAPublicKey:
RSAPublicKey ::= SEQUENCE { modulus INTEGER, -- n publicExponent INTEGER -- e }
(This type is specified in X.509 and is retained here for compatibility.)
How to do this in Java depends on which crypto API you are using, look at oracle.security.crypto.asn1 or org.bouncycastle.asn1. Additionally this (http://lapo.it/asn1js/) will probably be useful.
Regards,