Merge pull request #40 from dmcgowan/fingerprint-update

Updated key ID generation to use standard ASN1 encoding
docker · Nov 13, 2014 · 230dfd1 · 230dfd1
2 parents 1aadff9 + 2c24450
commit 230dfd1
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 20 deletions.
diff --git a/ec_key.go b/ec_key.go
@@ -55,16 +55,7 @@ func (k *ecPublicKey) CurveName() string {
 
 // KeyID returns a distinct identifier which is unique to this Public Key.
 func (k *ecPublicKey) KeyID() string {
-	// Generate and return a libtrust fingerprint of the EC public key.
-	// For an EC key this should be:
-	//   SHA256("EC"+curveName+bytes(X)+bytes(Y))
-	// Then truncated to 240 bits and encoded into 12 base32 groups like so:
-	//   ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
-	hasher := crypto.SHA256.New()
-	hasher.Write([]byte(k.KeyType() + k.CurveName()))
-	hasher.Write(k.X.Bytes())
-	hasher.Write(k.Y.Bytes())
-	return keyIDEncode(hasher.Sum(nil)[:30])
+	return keyIDFromCryptoKey(k)
 }
 
 func (k *ecPublicKey) String() string {

diff --git a/rsa_key.go b/rsa_key.go
@@ -34,16 +34,7 @@ func (k *rsaPublicKey) KeyType() string {
 
 // KeyID returns a distinct identifier which is unique to this Public Key.
 func (k *rsaPublicKey) KeyID() string {
-	// Generate and return a 'libtrust' fingerprint of the RSA public key.
-	// For an RSA key this should be:
-	//   SHA256("RSA"+bytes(N)+bytes(E))
-	// Then truncated to 240 bits and encoded into 12 base32 groups like so:
-	//   ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
-	hasher := crypto.SHA256.New()
-	hasher.Write([]byte(k.KeyType()))
-	hasher.Write(k.N.Bytes())
-	hasher.Write(serializeRSAPublicExponentParam(k.E))
-	return keyIDEncode(hasher.Sum(nil)[:30])
+	return keyIDFromCryptoKey(k)
 }
 
 func (k *rsaPublicKey) String() string {

diff --git a/util.go b/util.go
@@ -2,6 +2,7 @@ package libtrust
 
 import (
 	"bytes"
+	"crypto"
 	"crypto/elliptic"
 	"crypto/x509"
 	"encoding/base32"
@@ -52,6 +53,21 @@ func keyIDEncode(b []byte) string {
 	return buf.String()
 }
 
+func keyIDFromCryptoKey(pubKey PublicKey) string {
+	// Generate and return a 'libtrust' fingerprint of the public key.
+	// For an RSA key this should be:
+	//   SHA256(DER encoded ASN1)
+	// Then truncated to 240 bits and encoded into 12 base32 groups like so:
+	//   ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
+	derBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey())
+	if err != nil {
+		return ""
+	}
+	hasher := crypto.SHA256.New()
+	hasher.Write(derBytes)
+	return keyIDEncode(hasher.Sum(nil)[:30])
+}
+
 func stringFromMap(m map[string]interface{}, key string) (string, error) {
 	val, ok := m[key]
 	if !ok {