[foaf-protocols] The case for massive simplification and foaf:key
Nathan
nathan at webr3.org
Tue Sep 21 17:17:01 CEST 2010
Henry Story wrote:
> So just to take the following two points of your argument:
>
> On 21 Sep 2010, at 14:10, Nathan wrote:
>
>> typically you won't have to parse it at all, you'll be string comparing base64 DER with base64 DER, stripping whitespace is the most that is needed.
>
>
>> When I say DER formatted public key, i am talking about 'just the public key', and as above, to the best of my knowledge, most languages/runtimes/tooling support DER formatted keys better than modulus/exponent only (in fact most don't support modulus/exponent only).
>
> So this will work if encoding a public key in DER format always gives the same
> binary result.
>
> So given a public key defined by a modulus exponent pair (m,e)
> and given any method of encoding it E1, E2, E3, ... that results
> in a DER encoded string we have the following
>
> E1(m1,e1) = s1
> E2(m2,e2) = s2
> E3(m3,e3) = s3
> ....
>
> What we need to show is that whenever s1 == s2 then (m1,e1) = (m2,e2) . Right?
Yes we need to prove that..
For a short answer, s1 contains (m1,e1) as is, it doesn't pack or encode
it in any way that could lead to ambiguity.
An RSA public key should be represented with the ASN.1 type
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
typically in ASN.1 that's a structure like:
identifier: 30
Length: ???
identifier: 30
Length: 13
identifier: 6
Length: 9
string 1.2.840.113549.1.1.1 // "rsaEncryption"
identifier: 5
Length: 0
NULL
identifier: 3
Length: ???
identifier: 30
Length: ???
identifier: 2
Length: ???
string "FDB6FB1159710..." // modulus
identifier: 2
Length: 3
int(65537) // exponent
or in hex:
30 ?L 30 ?TYPE 5 0 3 ?L 0 30 ?L 2 ?L 0 ?MODULUS 2 3 1 0 1
where ?L is a length, ?TYPE is one of "rsaEncryption"
"md5withRSAEncryption" "sha1withRSAEncryption" and ?MODULUS is modulus,
the last 5 octets are the modulus, usually int(2), length(3) and the
value 65537(1 0 1)
ASN.1 structure doesn't change, the rules are set (digital encoding
rules - DER), and base64 doesn't produce variable results either.
So, unless somebody can point me to something strange abnormality or
varying encoding rule I'd be fine to assert that:
whenever s1 == s2 then (m1,e1) == (m2,e2)
Best,
Nathan
More information about the foaf-protocols
mailing list