Yawning

Thanks very much - you've saved me another few days down the wrong path!  It seems I was taking the onion-key not the signing key.  Would never have caught that this far down the rabbit hole without your response!

Now to work out why Tor is detecting a different identity to the SSL cert I'm sending.

Best
Garth


On 17 August 2014 17:06, Yawning Angel <yawning@schwanenlied.me> wrote:
On Sun, 17 Aug 2014 16:19:56 +0100
Gareth Owen <gareth.owen@port.ac.uk> wrote:

> I'm trying to generate the fingerprint given just the pubilc key in
> Java and after almost a whole day I'm about to give up.  Does anyone
> have a sample PKCS#1 encoded public key that is used immediately
> before SHA-1 to generate the fingerprint?  e.g. a hex string is what
> I'm after.

Both descriptors and microdescriptors contain this in the appropriate
format (albeit Base64 encoded and with a PEM envelope). Check the data
directory of a running tor instance and look at
cached-microdescs(.new), which will have onion-key entries for all the
relays.

> It seems there are subtle ways that an PKCS#1 can vary while encoding
> the same information which affects the hash, Java seems to be doing
> it one way, OpenSSL another, an example on stack overflow adds an
> extra field, etc.

The way that you care about (that matches how tor does it) is specified
in RFC 2313.

  7.1 Public-key syntax

     An RSA public key shall have ASN.1 type RSAPublicKey:

     RSAPublicKey ::= SEQUENCE {
       modulus INTEGER, -- n
       publicExponent INTEGER -- e }

     (This type is specified in X.509 and is retained here for
     compatibility.)

How to do this in Java depends on which crypto API you are using, look
at oracle.security.crypto.asn1 or org.bouncycastle.asn1.  Additionally
this (http://lapo.it/asn1js/) will probably be useful.

Regards,

--
Yawning Angel

_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev




--
Dr Gareth Owen
Senior Lecturer
School of Computing, University of Portsmouth

Tel: 02392 846423
Web: ghowen.me