Re: [pkix] draft-turner-additional-methods-4kis to ISE - example
"Manger, James H" <James.H.Manger@team.telstra.com> Fri, 22 June 2012 03:32 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBFD921F84D6 for <pkix@ietfa.amsl.com>; Thu, 21 Jun 2012 20:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[AWL=-0.332, BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjcQkia5GLQj for <pkix@ietfa.amsl.com>; Thu, 21 Jun 2012 20:32:01 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id 1654421F84D0 for <pkix@ietf.org>; Thu, 21 Jun 2012 20:32:00 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,455,1336312800"; d="scan'208";a="81197540"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipocvi.tcif.telstra.com.au with ESMTP; 22 Jun 2012 13:31:59 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6749"; a="71446944"
Received: from wsmsg3755.srv.dir.telstra.com ([172.49.40.196]) by ipcdvi.tcif.telstra.com.au with ESMTP; 22 Jun 2012 13:31:54 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3755.srv.dir.telstra.com ([172.49.40.196]) with mapi; Fri, 22 Jun 2012 13:31:42 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Sean Turner <turners@ieca.com>
Date: Fri, 22 Jun 2012 13:31:41 +1000
Thread-Topic: [pkix] draft-turner-additional-methods-4kis to ISE - example
Thread-Index: Ac1Py8Hw+gN8MQ4mQvyKYz98uFJaLgATbN3g
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F59AAD21@WSMSG3153V.srv.dir.telstra.com>
References: <20120530193526.22578.94157.idtracker@ietfa.amsl.com> <4FC6775F.3070206@ieca.com> <4FE09FA0.7070006@ieca.com> <255B9BB34FB7D647A506DC292726F6E114F593B71D@WSMSG3153V.srv.dir.telstra.com> <4FE34D1C.1040704@ieca.com>
In-Reply-To: <4FE34D1C.1040704@ieca.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] draft-turner-additional-methods-4kis to ISE - example
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2012 03:32:02 -0000
>> I think we better put an example in the draft: a
>> SubjectPublicKeyValue; 2 (or 4) subjectKeyId extension values; and 2
>> (or 4) corresponding ext-skiSemantics values.
>
> I'll add a new section:
>
> ****
>
> This section provides some examples. The keys and key identifiers are
> presented in hexadecimal (two hex digits per byte).
>
> Given the following P-256 ECDSA key:
>
> 047F7F35A79794C950060B8029FC8F363A28F11159692D9D34E6AC94819043
> 4735F833B1A66652DC514337AFF7F5C9C75D670C019D95A5D639B72744C64A
> 9128BB
Better to start with a SPKI value.
Given the following DER-encoded SubjectPublicKeyInfo value holding an P-256 ECDSA key:
30 59
30 13
06 07 2A8648CE3D0201 -- id-ecPublicKey
06 08 2A8648CE3D030107 -- secp256r1
03 42 00
04 7F7F35A79794C950060B8029FC8F363A
28F11159692D9D34E6AC948190434735
F833B1A66652DC514337AFF7F5C9C75D
670C019D95A5D639B72744C64A9128BB
The SHA-256 hash of the 65 bytes 047F7F...BB is
BF37B3E5808FD46D54B28E846311BCCE1CAD2E1A62AA9092EF3EFB3F11451F44
The SHA-1 hash of these 65 bytes is
6FEF9162C0A3F2E7608956D41C37DA0C8E87F0AE
The SHA-256 hash of the 91 bytes 305930...BB is
6D20896AB8BD833B6B66554BD59B20225D8A75A296088148399D7BF763D57405
Using method 1 from section 2, the subject key id
extension and the key id semantics extension would be:
30 1D
06 03 551D0E -- id-ce-subjectKeyIdentifier
04 16
04 14 BF37B3E5808FD46D54B28E846311BCCE1CAD2E1A
30 xx
06 xx xxxxxx -- id-pe-skiSemantics
04 xx
30 xx
06 xx xxxxxx -- id-keyHash
06 09 608648016503040201 -- id-sha256
Using method 1 from RFC5280 the two extensions would be:
30 1D
06 03 551D0E -- id-ce-subjectKeyIdentifier
04 16
04 14 6FEF9162C0A3F2E7608956D41C37DA0C8E87F0AE
30 xx
06 xx xxxxxx -- id-pe-skiSemantics
04 xx
30 xx
06 xx xxxxxx -- id-keyHash
06 05 2B0E03021A -- id-sha1
Using method 3 from section 2 the two extensions would be:
30 1D
06 03 551D0E -- id-ce-subjectKeyIdentifier
04 16
04 14 6D20896AB8BD833B6B66554BD59B20225D8A75A2
30 xx
06 xx xxxxxx -- id-pe-skiSemantics
04 xx
30 xx
06 xx xxxxxx -- id-keyInfoHash
06 09 608648016503040201 -- id-sha256
>
> The SHA-256 hash output of the key is as follows:
>
> E72EE6C9C63D2B7F960F0E0611B9800917B5F9494182403EF1BBA8927A57625E
Not quite.
This is the SHA-256 hash of the 130 ASCII hex digits, not the 65 bytes.
--
James Manger
- Re: [pkix] I-D Action: draft-turner-additional-me… Sean Turner
- [pkix] draft-turner-additional-methods-4kis to ISE Sean Turner
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H
- Re: [pkix] draft-turner-additional-methods-4kis t… Sean Turner
- Re: [pkix] draft-turner-additional-methods-4kis t… Martin Rex
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H
- Re: [pkix] draft-turner-additional-methods-4kis t… Manger, James H