[tor-dev] PKCS#1 ASN.1 Public Key Encoding

Yawning Angel yawning at schwanenlied.me
Sun Aug 17 16:06:32 UTC 2014

On Sun, 17 Aug 2014 16:19:56 +0100
Gareth Owen <gareth.owen at port.ac.uk> wrote:

> I'm trying to generate the fingerprint given just the pubilc key in
> Java and after almost a whole day I'm about to give up.  Does anyone
> have a sample PKCS#1 encoded public key that is used immediately
> before SHA-1 to generate the fingerprint?  e.g. a hex string is what
> I'm after.

Both descriptors and microdescriptors contain this in the appropriate
format (albeit Base64 encoded and with a PEM envelope). Check the data
directory of a running tor instance and look at
cached-microdescs(.new), which will have onion-key entries for all the

> It seems there are subtle ways that an PKCS#1 can vary while encoding
> the same information which affects the hash, Java seems to be doing
> it one way, OpenSSL another, an example on stack overflow adds an
> extra field, etc.

The way that you care about (that matches how tor does it) is specified
in RFC 2313.

  7.1 Public-key syntax

     An RSA public key shall have ASN.1 type RSAPublicKey:

     RSAPublicKey ::= SEQUENCE {
       modulus INTEGER, -- n
       publicExponent INTEGER -- e }

     (This type is specified in X.509 and is retained here for

How to do this in Java depends on which crypto API you are using, look
at oracle.security.crypto.asn1 or org.bouncycastle.asn1.  Additionally
this (http://lapo.it/asn1js/) will probably be useful.


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140817/eac4f8a4/attachment.sig>

More information about the tor-dev mailing list