Missing the method to compute the Subject Key Identifier in Native C509 Certificate #179
Assignees
Labels
Comments
xipki
changed the title
|
@gselander Could you add the discussion result here? |
emanjon
added a commit
that referenced
this issue
Dec 19, 2024
|
I intended to make a PR but accidently pushed to main. |
|
Changed to "In natively signed certificates, KeyIdentifier SHOULD be composed of the leftmost 160-bits of the SHA-256 hash of the CBOR encoded subjectPublicKey. Other methods of generating unique numbers can be used." @xipki can we close this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need to specify the method to compute the key identifier over the public key. The method specified in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) cannot be used here, due to the possible different encoded
subjectPublicKey.For the EC public keys (Weierstraß, EdDSA, X25519/X448), the
subjectPublicKeyare of the same in X509 and C509. But at least for RSA, it is different.The text was updated successfully, but these errors were encountered: