diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2013-03-12 19:19:12 -0400 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2013-03-12 19:19:12 -0400 |
| commit | 7381666124d30961ecf5c77fdfc0977942d6862f (patch) | |
| tree | 38e82ecf5a84810e25f4673de8b18427671fc83a | |
| parent | a9a3a26ac27d2b003c4d245d32b59c92aa5ded35 (diff) | |
| download | gnutls-7381666124d30961ecf5c77fdfc0977942d6862f.tar.gz | |
Document mechanism used for *_key_id() creation.
For the rationale behind this, see the gnutls-devl thread 'X.509 "Key
Identifiers" in GnuTLS' found either at
http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.html
and
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
| -rw-r--r-- | doc/cha-bib.texi | 6 | ||||
| -rw-r--r-- | doc/cha-tokens.texi | 7 |
2 files changed, 13 insertions, 0 deletions
diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi index b99afce4ef..9acc86cce5 100644 --- a/doc/cha-bib.texi +++ b/doc/cha-bib.texi @@ -113,6 +113,12 @@ E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer Security (TLS) Renegotiation Indication Extension", February 2010, available from @url{http://www.ietf.org/rfc/rfc5746}. +@item @anchor{RFC5280}[RFC5280] +D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and +W. Polk, "Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile", May 2008, available from +@url{http://www.ietf.org/rfc/rfc5280}. + @item @anchor{TLSTKT}[TLSTKT] Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport Layer Security (TLS) Session Resumption without Server-Side State", diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index 444927f952..88dbc40ef7 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -88,6 +88,13 @@ Additional functions are available that will return information over a public key, as well as a function that given a public key fingerprint would provide a memorable sketch. +The key_id and random_art functions are based on an SHA1 digest of the +the public key canonicalized as a DER-formatted, ASN.1-encoded +subjectPublicKeyInfo object. This is different from the ``common +method'' described by section 4.2.1.2 of @xcite{RFC5280} in that +GnuTLS includes the algorithmIdentifier (algorithm plus parameters) in +addition to the raw key material itself. + @showfuncD{gnutls_pubkey_get_pk_algorithm,gnutls_pubkey_get_preferred_hash_algorithm,gnutls_pubkey_get_key_id,gnutls_random_art} To export the key-specific parameters, or obtain a unique key ID the following functions are provided. |