[tor-dev] PKCS#1 ASN.1 Public Key Encoding

Gareth Owen gareth.owen at port.ac.uk
Sun Aug 17 17:05:24 UTC 2014


Thanks very much - you've saved me another few days down the wrong path!
 It seems I was taking the onion-key not the signing key.  Would never have
caught that this far down the rabbit hole without your response!

Now to work out why Tor is detecting a different identity to the SSL cert
I'm sending.


On 17 August 2014 17:06, Yawning Angel <yawning at schwanenlied.me> wrote:

> On Sun, 17 Aug 2014 16:19:56 +0100
> Gareth Owen <gareth.owen at port.ac.uk> wrote:
> > I'm trying to generate the fingerprint given just the pubilc key in
> > Java and after almost a whole day I'm about to give up.  Does anyone
> > have a sample PKCS#1 encoded public key that is used immediately
> > before SHA-1 to generate the fingerprint?  e.g. a hex string is what
> > I'm after.
> Both descriptors and microdescriptors contain this in the appropriate
> format (albeit Base64 encoded and with a PEM envelope). Check the data
> directory of a running tor instance and look at
> cached-microdescs(.new), which will have onion-key entries for all the
> relays.
> > It seems there are subtle ways that an PKCS#1 can vary while encoding
> > the same information which affects the hash, Java seems to be doing
> > it one way, OpenSSL another, an example on stack overflow adds an
> > extra field, etc.
> The way that you care about (that matches how tor does it) is specified
> in RFC 2313.
>   7.1 Public-key syntax
>      An RSA public key shall have ASN.1 type RSAPublicKey:
>      RSAPublicKey ::= SEQUENCE {
>        modulus INTEGER, -- n
>        publicExponent INTEGER -- e }
>      (This type is specified in X.509 and is retained here for
>      compatibility.)
> How to do this in Java depends on which crypto API you are using, look
> at oracle.security.crypto.asn1 or org.bouncycastle.asn1.  Additionally
> this (http://lapo.it/asn1js/) will probably be useful.
> Regards,
> --
> Yawning Angel
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Dr Gareth Owen
Senior Lecturer
School of Computing, University of Portsmouth

Tel: 02392 846423
Web: ghowen.me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140817/f975ce5c/attachment.html>

More information about the tor-dev mailing list