How to get value of public key for hashing (PyKCS11)
Question
While using PyKCS11, I extracted a public key from a smartcard. Now, I need to hash that key with sha256. However, the public key object contains a lot of values:
CKA_ALWAYS_SENSITIVE: True
CKA_CLASS: CKO_PUBLIC_KEY
CKA_DECRYPT: False
CKA_DERIVE: False
CKA_ENCRYPT: False
(...)
CKA_KEY_TYPE: CKK_RSA
CKA_MODIFIABLE: False
CKA_MODULUS: (200, 163, 157, 146, 3, (...))
To hash the key (using hashlib) it is required only one of the attributes (it doesn't accept iterables).
What attribute should I use? I was thinking about CK_VALUE or CK_MODULUS, but the documentation on PyKCS11 doesn't make it very clear which one is correct.
Thanks
1 answers
solution1
1 2018-01-27 17:26:56
What you need to hash depends on what you require.
Generally the modulus is hashed, not the encoding of the entire key. Hashing the modulus will result in the same value for both the public and private key so that you can identify both as being from the same pair. The result or the leftmost bytes of the result are often used as key check value or KCV.
The modulus should be unique for each key pair. If it isn't your random number generator is likely broken or not well seeded (it can't hurt to check this if you generate multiple keys). So a hash over the modulus will uniquely identify your public key, even if the exponent wasn't hashed.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.