El Martes 01 Agosto 2006 23:16, Nelson Bolyard escribió: > On Tue, 2006-08-01 at 15:38 +0200, Paul Santapau Nebot wrote: > >> I'm trying to guess how the CKA_ID is calculated from the > >> public key when nss generates a rsa key pair and try to store in > >> a smart card via pkcs11 (C_CreateObject) assigning an ID > >> (CKA_ID). > >> Somewhere in the documentation [1] is said that CKA_ID is > >> generated from some part of the public key but it is not > >> specified which part. > > The documentation is out of date. I think part of the problem is > that presently it's way WAY too difficult for volunteers to update > it. There was talk about moving all that documentation to a wikki > where volunteers could update it.
I think that would be a great idea. > But that hasn't happened, > probably because of a chicken-and-egg problem. Sorry. > No matter. > [...] > If I'm not mistaken, it is a hash of the "unsigned" modulus, > meaning the modulus with no leading zero bytes (that is, with > leading zero bytes removed), You are not. We have done an openssl based program [1] with your indications which finally reproduced this CKA_ID in the correct way. > Robert Relyea wrote: > > For RSA keys' is the raw modulus as an unsigned value (which > > means it usually has a 'zero' byte prepended to it). > > Actually, IIRC, being an unsigned value means it does NOT have any > leading zero bytes, because the high order bit of the first byte is > NOT a sign bit. > > My guess about why Mr. Nebot couldn't reproduce NSS's results is > that he hashed the RSA modulus *including* one or more leading zero > bytes. Really we mislead with the byte order thinking we have to convert the big endian notation into little endian to compute the hash but it is not the case. [1]. https://mortadelo.act.uji.es/cka_id.c.html Thank you all for your help. Greetings. -- Paul Santapau Nebot Universitat Jaume I Clauer Project (http://clauer.nisu.org) Ext 8250 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
