1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_KEYBLOBTOID
</TITLE>
5 <H1>IPSEC_KEYBLOBTOID
</H1>
6 Section: C Library Functions (
3)
<BR>Updated:
25 March
2002<BR><A HREF=
"#index">Index
</A>
7 <A HREF=
"http://localhost/cgi-bin/man/man2html">Return to Main Contents
</A><HR>
10 <A NAME=
"lbAB"> </A>
13 ipsec keyblobtoid, splitkeytoid - generate key IDs from RSA keys
14 <A NAME=
"lbAC"> </A>
17 <B>#include
<<A HREF=
"file:/usr/include/freeswan.h">freeswan.h
</A>></B>
20 <B>size_t keyblobtoid(const unsigned char *blob,
</B>
24 <B>size_t bloblen, char *dst, size_t dstlen);
</B>
28 <B>size_t splitkeytoid(const unsigned char *e, size_t elen,
</B>
32 <B>const unsigned char *m, size_t mlen, char *dst,
</B>
36 <B>size_t dstlen);
</B>
38 <A NAME=
"lbAD"> </A>
49 for use in messages and reporting,
56 is a short ASCII string identifying a key;
57 currently it is just the first nine characters of the base64
58 encoding of the RFC
2537/
3110 ``byte blob'' representation of the key.
59 (Beware that no finite key ID can be collision-proof:
60 there is always some small chance of two random keys having the
66 generates a key ID from a key which is already in the form of an
67 RFC
2537/
3110 binary key
70 (encoded exponent length, exponent, modulus).
75 generates a key ID from a key given in the form of a separate
88 specifies the size of the
92 under no circumstances are more than
98 A result which will not fit is truncated.
101 can be zero, in which case
104 need not be valid and no result is written,
105 but the return value is unaffected;
106 in all other cases, the (possibly truncated) result is NUL-terminated.
110 header file defines a constant
113 which is the size of a buffer large enough for worst-case results.
116 Both functions return
119 for a failure, and otherwise
120 always return the size of buffer which would
122 accommodate the full conversion result, including terminating NUL;
123 it is the caller's responsibility to check this against the size of
124 the provided buffer to determine whether truncation has occurred.
126 With keys generated by
127 <I><A HREF=
"ipsec_rsasigkey.3.html">ipsec_rsasigkey
</A></I>(
3),
129 the first two base64 digits are always the same,
130 and the third carries only about one bit of information.
131 It's worse with keys using longer fixed exponents,
132 e.g. the
24-bit exponent that's common in X
.509 certificates.
133 However, being able to relate key IDs to the full
134 base64 text form of keys by eye is sufficiently useful that this
135 waste of space seems justifiable.
136 The choice of nine digits is a compromise between bulk and
137 probability of collision.
138 <A NAME=
"lbAE"> </A>
142 <I>RSA/SHA-
1 SIGs and RSA KEYs in the Domain Name System (DNS)
</I>,
144 (superseding the older but better-known RFC
2537).
145 <A NAME=
"lbAF"> </A>
149 key too short to supply enough bits to construct a complete key ID
150 (almost certainly indicating a garbage key);
151 exponent too long for its length to be representable.
152 <A NAME=
"lbAG"> </A>
155 Written for the FreeS/WAN project by Henry Spencer.
159 <A NAME=
"index"> </A><H2>Index
</H2>
161 <DT><A HREF=
"#lbAB">NAME
</A><DD>
162 <DT><A HREF=
"#lbAC">SYNOPSIS
</A><DD>
163 <DT><A HREF=
"#lbAD">DESCRIPTION
</A><DD>
164 <DT><A HREF=
"#lbAE">SEE ALSO
</A><DD>
165 <DT><A HREF=
"#lbAF">DIAGNOSTICS
</A><DD>
166 <DT><A HREF=
"#lbAG">HISTORY
</A><DD>
169 This document was created by
170 <A HREF=
"http://localhost/cgi-bin/man/man2html">man2html
</A>,
171 using the manual pages.
<BR>
172 Time:
21:
40:
18 GMT, November
11,
2003