How to get AuthorityKeyIdentifier from Certificate

StackOverflow https://stackoverflow.com/questions/22888574

Question

I am attempting to generate a certificate using Bouncy Castle, yet I have found that I can't seem to get the AuthorityKeyIdentifier of the issuing certificate. I've been trying to identify what exactly is wrong, but so far I have no idea.

My certificate in the store that I am checking against has an Authority Key Identifier of 

KeyID=64 c1 59 db eb e7 2b f0 d7 e5 e3 81 77 d2 be b0
Certificate Issuer:
     CN=Test Certification Authority
Certificate SerialNumber=5c 27 00 3b 0f 0a a2 83 4a 8d 2b d5 45 d2 9c 3f

Yet, whenever I use the following code in bouncy castle to get the Key, it gives me a completely different AKI:

var password = "p@ssw0rd1";
var file = File.ReadAllBytes(@"C:\somefilepath\TESTCA.pfx");

Pkcs12Store st = new Pkcs12Store(new MemoryStream(file), password.ToCharArray());
var alias = st.Aliases.Cast<string>().Where (s => st.IsKeyEntry(s)).Single();
var cert = (X509Certificate)st.GetCertificate(alias).Certificate;

var subjectPKI = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo( cert.GetPublicKey());
var aki = new AuthorityKeyIdentifier(subjectPKI);
BitConverter.ToString(aki.GetKeyIdentifier()).Replace("-"," ").Dump();

Using this, I end up with an authority key identifier of:

68 22 23 ED 45 82 A6 0E D6 A4 87 74 F2 E0 22 C4 4B F7 7D DF

Yet I can't find any information in the certificate that seems to match that. Any ideas?

Was it helpful?

Solution

Have a look at the specification of the Authority Key Identifier in [RFC 5280][1]:

The value of the keyIdentifier field SHOULD be derived from the public key used to verify the certificate's signature or a method that generates unique values. Two common methods for generating key identifiers from the public key are described in Section 4.2.1.2. Where a key identifier has not been previously established, this specification RECOMMENDS use of one of these methods for generating keyIdentifiers or use of a similar method that uses a different hash algorithm. Where a key identifier has been previously established, the CA SHOULD use the previously established identifier.

...

KeyIdentifier ::= OCTET STRING

Thus, the value of the key identifier is just some octet string, some byte array, without any obvious inclusion of the certificate information. If you look at the common methods referred to

Two common methods for generating key identifiers from the public key are:

(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).

(2) The keyIdentifier is composed of a four-bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).

Here the key identifier essentially is some hash value

Thus, the key identifier component of the Authority Key Identifier does not immediately give the clear information of some certificate. The Authority Key Identifier may have additional fields with such information but they are optional. In essence, therefore:

In conforming CA certificates, the value of the subject key identifier MUST be the value placed in the key identifier field of the authority key identifier extension (Section 4.2.1.1) of certificates issued by the subject of this certificate.

Thus, you find matching issuer/issued certificate pairs by comparing these values as abstract byte arrays, no additional information implied.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top