Re: [pkix] draft-turner-additional-methods-4kis to ISE - example
"Manger, James H" <James.H.Manger@team.telstra.com> Fri, 22 June 2012 03:32 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBFD921F84D6 for <pkix@ietfa.amsl.com>; Thu, 21 Jun 2012 20:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[AWL=-0.332, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjcQkia5GLQj for <pkix@ietfa.amsl.com>; Thu, 21 Jun 2012 20:32:01 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id 1654421F84D0 for <pkix@ietf.org>; Thu, 21 Jun 2012 20:32:00 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,455,1336312800"; d="scan'208";a="81197540"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipocvi.tcif.telstra.com.au with ESMTP; 22 Jun 2012 13:31:59 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6749"; a="71446944"
Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcdvi.tcif.telstra.com.au with ESMTP; 22 Jun 2012 13:31:54 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3755.srv.dir.telstra.com ([172.49.40.196]) with mapi; Fri, 22 Jun 2012 13:31:42 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Sean Turner <turners@ieca.com>
Date: Fri, 22 Jun 2012 13:31:41 +1000
Thread-Topic: [pkix] draft-turner-additional-methods-4kis to ISE - example
Thread-Index: Ac1Py8Hw+gN8MQ4mQvyKYz98uFJaLgATbN3g
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F59AAD21@WSMSG3153V.srv.dir.telstra.com>
References: <20120530193526.22578.94157.idtracker@ietfa.amsl.com> <4FC6775F.3070206@ieca.com> <4FE09FA0.7070006@ieca.com> <255B9BB34FB7D647A506DC292726F6E114F593B71D@WSMSG3153V.srv.dir.telstra.com> <4FE34D1C.1040704@ieca.com>
In-Reply-To: <4FE34D1C.1040704@ieca.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] draft-turner-additional-methods-4kis to ISE - example
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2012 03:32:02 -0000
>> I think we better put an example in the draft: a >> SubjectPublicKeyValue; 2 (or 4) subjectKeyId extension values; and 2 >> (or 4) corresponding ext-skiSemantics values. > > I'll add a new section: > > **** > > This section provides some examples. The keys and key identifiers are > presented in hexadecimal (two hex digits per byte). > > Given the following P-256 ECDSA key: > > 047F7F35A79794C950060B8029FC8F363A28F11159692D9D34E6AC94819043 > 4735F833B1A66652DC514337AFF7F5C9C75D670C019D95A5D639B72744C64A > 9128BB Better to start with a SPKI value. Given the following DER-encoded SubjectPublicKeyInfo value holding an P-256 ECDSA key: 30 59 30 13 06 07 2A8648CE3D0201 -- id-ecPublicKey 06 08 2A8648CE3D030107 -- secp256r1 03 42 00 04 7F7F35A79794C950060B8029FC8F363A 28F11159692D9D34E6AC948190434735 F833B1A66652DC514337AFF7F5C9C75D 670C019D95A5D639B72744C64A9128BB The SHA-256 hash of the 65 bytes 047F7F...BB is BF37B3E5808FD46D54B28E846311BCCE1CAD2E1A62AA9092EF3EFB3F11451F44 The SHA-1 hash of these 65 bytes is 6FEF9162C0A3F2E7608956D41C37DA0C8E87F0AE The SHA-256 hash of the 91 bytes 305930...BB is 6D20896AB8BD833B6B66554BD59B20225D8A75A296088148399D7BF763D57405 Using method 1 from section 2, the subject key id extension and the key id semantics extension would be: 30 1D 06 03 551D0E -- id-ce-subjectKeyIdentifier 04 16 04 14 BF37B3E5808FD46D54B28E846311BCCE1CAD2E1A 30 xx 06 xx xxxxxx -- id-pe-skiSemantics 04 xx 30 xx 06 xx xxxxxx -- id-keyHash 06 09 608648016503040201 -- id-sha256 Using method 1 from RFC5280 the two extensions would be: 30 1D 06 03 551D0E -- id-ce-subjectKeyIdentifier 04 16 04 14 6FEF9162C0A3F2E7608956D41C37DA0C8E87F0AE 30 xx 06 xx xxxxxx -- id-pe-skiSemantics 04 xx 30 xx 06 xx xxxxxx -- id-keyHash 06 05 2B0E03021A -- id-sha1 Using method 3 from section 2 the two extensions would be: 30 1D 06 03 551D0E -- id-ce-subjectKeyIdentifier 04 16 04 14 6D20896AB8BD833B6B66554BD59B20225D8A75A2 30 xx 06 xx xxxxxx -- id-pe-skiSemantics 04 xx 30 xx 06 xx xxxxxx -- id-keyInfoHash 06 09 608648016503040201 -- id-sha256 > > The SHA-256 hash output of the key is as follows: > > E72EE6C9C63D2B7F960F0E0611B9800917B5F9494182403EF1BBA8927A57625E Not quite. This is the SHA-256 hash of the 130 ASCII hex digits, not the 65 bytes. -- James Manger
- Re: [pkix] I-D Action: draft-turner-additional-me… Sean Turner
- [pkix] draft-turner-additional-methods-4kis to ISE Sean Turner
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H
- Re: [pkix] draft-turner-additional-methods-4kis t… Sean Turner
- Re: [pkix] draft-turner-additional-methods-4kis t… Martin Rex
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H