Re: [tor-dev] PKCS#1 ASN.1 Public Key Encoding

[Gareth Owen]

Yawning

Thanks very much - you've saved me another few days down the wrong path!
 It seems I was taking the onion-key not the signing key.  Would never have
caught that this far down the rabbit hole without your response!

Now to work out why Tor is detecting a different identity to the SSL cert
I'm sending.

Best
Garth


On 17 August 2014 17:06, Yawning Angel  wrote:

> On Sun, 17 Aug 2014 16:19:56 +0100
> Gareth Owen  wrote:
>
> > I'm trying to generate the fingerprint given just the pubilc key in
> > Java and after almost a whole day I'm about to give up.  Does anyone
> > have a sample PKCS#1 encoded public key that is used immediately
> > before SHA-1 to generate the fingerprint?  e.g. a hex string is what
> > I'm after.
>
> Both descriptors and microdescriptors contain this in the appropriate
> format (albeit Base64 encoded and with a PEM envelope). Check the data
> directory of a running tor instance and look at
> cached-microdescs(.new), which will have onion-key entries for all the
> relays.
>
> > It seems there are subtle ways that an PKCS#1 can vary while encoding
> > the same information which affects the hash, Java seems to be doing
> > it one way, OpenSSL another, an example on stack overflow adds an
> > extra field, etc.
>
> The way that you care about (that matches how tor does it) is specified
> in RFC 2313.
>
>   7.1 Public-key syntax
>
>  An RSA public key shall have ASN.1 type RSAPublicKey:
>
>  RSAPublicKey ::= SEQUENCE {
>modulus INTEGER, -- n
>publicExponent INTEGER -- e }
>
>  (This type is specified in X.509 and is retained here for
>  compatibility.)
>
> How to do this in Java depends on which crypto API you are using, look
> at oracle.security.crypto.asn1 or org.bouncycastle.asn1.  Additionally
> this (http://lapo.it/asn1js/) will probably be useful.
>
> Regards,
>
> --
> Yawning Angel
>
> ___
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>


-- 
Dr Gareth Owen
Senior Lecturer
School of Computing, University of Portsmouth

Tel: 02392 846423
Web: ghowen.me
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] PKCS#1 ASN.1 Public Key Encoding

[Yawning Angel]

On Sun, 17 Aug 2014 16:19:56 +0100
Gareth Owen  wrote:

> I'm trying to generate the fingerprint given just the pubilc key in
> Java and after almost a whole day I'm about to give up.  Does anyone
> have a sample PKCS#1 encoded public key that is used immediately
> before SHA-1 to generate the fingerprint?  e.g. a hex string is what
> I'm after.

Both descriptors and microdescriptors contain this in the appropriate
format (albeit Base64 encoded and with a PEM envelope). Check the data
directory of a running tor instance and look at
cached-microdescs(.new), which will have onion-key entries for all the
relays.

> It seems there are subtle ways that an PKCS#1 can vary while encoding
> the same information which affects the hash, Java seems to be doing
> it one way, OpenSSL another, an example on stack overflow adds an
> extra field, etc.

The way that you care about (that matches how tor does it) is specified
in RFC 2313.

  7.1 Public-key syntax

 An RSA public key shall have ASN.1 type RSAPublicKey:

 RSAPublicKey ::= SEQUENCE {
   modulus INTEGER, -- n
   publicExponent INTEGER -- e }

 (This type is specified in X.509 and is retained here for
 compatibility.)

How to do this in Java depends on which crypto API you are using, look
at oracle.security.crypto.asn1 or org.bouncycastle.asn1.  Additionally
this (http://lapo.it/asn1js/) will probably be useful.

Regards,

-- 
Yawning Angel


signature.asc
Description: PGP signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev