I am trying to modify fabric-sdk-node project to use it with RSA certs and keys.
And for now I have no idea on how to produce a SKI (X509v3 Subject Key Identifier) with a RSA public key.
That project is using jsrsasign package on the crypto things.
I have found in the jsrsasign issue page on Github.com which can produce SKI with ECDSA, but still no clue in the RSA ones.
Any advice will be welcomed!
Thanks!
I have almost test every method in package jsrsasign, but still not found anything useful.
So I look outside the box and think, the X509V3 Subject Key Identifier(SKI) was produced by the default sha1 hash algo. However, what we have done in the hyperledger/fabric, defined that the hash algo to be sha256. So what if the jsrsasign has made that hash algo hardcoded with sha1? (This is a guess, please correct me if I am wrong.)
With that thought, I have tried on another package node-forge, which just solved my problem.
Here is the demo:
const nodeForge = require("node-forge");
const pki = nodeForge.pki;
const jsrsa = require("jsrsasign");
const KEYUTIL = jsrsa.KEYUTIL;
const rsaPubKeyPem = `-----BEGIN CERTIFICATE-----
MIID<.........>Y/gRUg==
-----END CERTIFICATE-----
`;
const pubKey = KEYUTIL.getKey(rsaPubKeyPem);
const publicKey = pki.rsa.setPublicKey(pubKey.n,pubKey.e);
console.log(pki.getPublicKeyFingerprint(publicKey,{
md: nodeForge.sha256.create(),
encoding: 'hex',
delimiter: ':'}));
And we have got the exactly same SKI as the openssl did. This will import another crypto package, and it looked ugly. Please advise if you have any good ideas.
Thanks!