>The hash value, BTW, is just the subject key identifier extension >field in the cert. It's computed by the CA, you don't compute it >yourself. (Only guaranteed to be unique for a single CA.) sc_auth is >just a script layered on top of "dscl" and "security" if you feel like >looking at such things.
The hash value is a SHA-1 hash of the DER encoded subjectPublicKey structure. Per RFC5280, the subject key identifier is allowed to be literally anything at all. SHA-1 hash for SKID is most common, but CAs exist that do other things. >That would make sense, since I gather 2048-bit keys are uncommon. Not quite true. Everyone in the field has known 2048 has been coming for about half a decade now. In fact, ability to grok 2048 is in the relevant standards as a MUST clause. -- Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel