On Thu, Apr 01, 2004, Lutz Feldgen wrote: > Hi, > > I try to figure out openssls handling of keys with negative exponent (to > be exact, the exponent of 1024 bit key seems to be missing the first > byte.) It also seems that openssl is then automatically adding this > null-byte as there are no negative exponents...and my codec is not. Am I > right with this guess? > > The problem is that my ocspresponder takes the rawkey of a certificate > for hashing and comparing to the keyhash of an ocsprequest. > Somehow openssl calculates another keyhash than me if the key is like I > described above. > Can anybode help me in this case a little? >
The key will be interpreted as positive by effectively inserting the missing leading zero as you said. The hash however should be based on the encoded format (as specified by the RFC) and if that doesn't include the leading zero it will hash without it. You might try reencoding the key using the openssl utilities and calculating the hash manually to see if that matches the expected value. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
