On 20-07-2010 20:40, PS wrote:
Let us say I have a certificate and a private key pair (C1, K1)
Now, lets say I received a Certificate, C2 on the wire. Now, I want to know
whether the pvt-key K1 corresponds to the private key of C2. One method is
encrypt a Known random number with pub-key in C2 and decrypt with K1 and see
if the number is same. But this is expensive.
I thought of another method and wanted to know if this is correct:
Do a byte-for-byte compare of the pub-key in C1 with that of C2. If they are
same, then we can assume that K1 must be the private-key of C2. Am I
correct?
If you want to know if the party sending your C2 is trying to fool you
by sending you a copy of your own public key, then directly comparing
C1 and C2 IS the good test.
BUT, some public key algorithms and/or transmission formats allow the
same public key (or at least public keys corresponding to the same
private key) to be encoded in multiple ways, and someone trying to cheat
you into talking to yourself will probably take advantage of this if
you don't check for it.
So the appropriate way to compare C1 and C2 depends on the algorithm.
For DH and DSA you should extract the BIGNUMs from C1 and C2 and
compare them as numbers, not as bit strings (this eliminates the
trick of adding leading zeroes to the encoding to confuse you).
Also remember to reject keys that are >= p.
For RSA you should extract the modulus (n) as a BIGNUM and compare
only that. If someone gives you an RSA key with the same n but
different e, they are probably up to no good.
For ECDH and ECDSA, you should extract the curve and points. If the
curves are of different order, the keys are different. If the curves
are of the same order but seems mathematically different, then the
other guy may have converted your public key to another equivalent
curve and you should reject C2 as MAYBE equal to C1. If the curves
are the same curve with the same representation, compare the points
as points. If they are the same point (not necessarily the same bit
representation), then C2 is a copy of C1.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
