diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2013-03-12 19:19:12 -0400 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2013-03-12 19:19:12 -0400 |
commit | 7381666124d30961ecf5c77fdfc0977942d6862f (patch) | |
tree | 38e82ecf5a84810e25f4673de8b18427671fc83a /doc/cha-tokens.texi | |
parent | a9a3a26ac27d2b003c4d245d32b59c92aa5ded35 (diff) | |
download | gnutls-7381666124d30961ecf5c77fdfc0977942d6862f.tar.gz |
Document mechanism used for *_key_id() creation.
For the rationale behind this, see the gnutls-devl thread 'X.509 "Key
Identifiers" in GnuTLS' found either at
http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.html
and
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
Diffstat (limited to 'doc/cha-tokens.texi')
-rw-r--r-- | doc/cha-tokens.texi | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index 444927f952..88dbc40ef7 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -88,6 +88,13 @@ Additional functions are available that will return information over a public key, as well as a function that given a public key fingerprint would provide a memorable sketch. +The key_id and random_art functions are based on an SHA1 digest of the +the public key canonicalized as a DER-formatted, ASN.1-encoded +subjectPublicKeyInfo object. This is different from the ``common +method'' described by section 4.2.1.2 of @xcite{RFC5280} in that +GnuTLS includes the algorithmIdentifier (algorithm plus parameters) in +addition to the raw key material itself. + @showfuncD{gnutls_pubkey_get_pk_algorithm,gnutls_pubkey_get_preferred_hash_algorithm,gnutls_pubkey_get_key_id,gnutls_random_art} To export the key-specific parameters, or obtain a unique key ID the following functions are provided. |