[tor-dev] [tor-assistants] Python metrics-lib

Karsten Loesing karsten at torproject.org
Mon May 14 06:04:00 UTC 2012

Hi Beck,

I don't have good answers to your questions.  To be honest, when I
implemented the Java verification code for #2768, I looked for hints in
an old Java version of Tor, rewrote that code, updated it for current
BouncyCastle versions using their JavaDocs and examples, and tweaked
everything until it finally worked. :)

On 5/13/12 9:04 AM, Beck Chen wrote:
> 1. Specs says signing key is "a public key in PEM format" [1], but
> what standard does it use? I tried to use M2Crypto, a Python wrapper
> for OpenSSL, to import this key, but failed. Then I found out that
> OpenSSL uses X.509 for its public keys, thus M2Crypto only supports
> X.509 public keys. Then I looked at the Java code for
> determineKeyHash() and it suggests that the key uses PKCS standard. It
> seems that PKCS#1 is the final answer, but the javadoc page of
> PEMReader in BouncyCastle says it can read "OpenSSL PEM encoded
> streams containing X509 certificates, PKCS8 encoded keys and PKCS7
> objects" [2]. So is it PKCS#1 or PKCS#8? And what's the difference?
> 2. Specs says fingerprint is "a HASH_LEN-byte of asn1 encoded public
> key, encoded in hex" [1]. But to me, it seems to be "a SHA1 digest of
> DER encoded public key, encoded in hex". Specifically, is it necessary
> to specify the length of fingerprint? And ASN1 is a standard with
> several possible encoding rules, do we always use DER?

I'm cc'ing Nick who would have much better answers to your questions.


More information about the tor-dev mailing list