|Applies To||Information about the SignedPublicKeyAndChallenge is available at http://home.netscape.com/eng/security/ca-interface.html|
RSA BSAFE Cert-C
RSA BSAFE Crypto-C
|Issue||How to parse Netscape SignedPublicKeyAndChallenge|
|Resolution||Use the RSA BSAFE Cert-C APIs to extract the SubjectPublicKeyInfo from the PublicKeyAndChallenge, which is contained in the SignedPublicKeyAndChallenge.|
Crypto-C, when using B_SetKeyInfo with KI_RSAPublicBER, expects a SubjectPublicKeyInfo as input.
More detailed outline of the solution:
First, use C_BERDecodeList on the pbkey.ber binary. This will give you a LIST_OBJ containing the entries in the SignedPublicKeyAndChallenge. Basically, C_GetListObjectCount on the result of C_BERDecodeList should be 3. Feel free to do whatever you need to do to the second and third entries, but it's the first entry, the publicKeyAndChallenge, that you're interested in. Do a C_GetListObjectEntry with index 0 to get the ITEM containing the BER-encoded publicKeyAndChallenge. Something like this (where spkacEntryList is the LIST_OBJ filled in by C_BERDecodeList):
ITEM *publicKeyAndChallenge = NULL;
status = C_GetListObjectEntry (spkacEntryList, 0, (POINTER *)&publicKeyAndChallenge);
if (status != 0)
To double-check that this went fine, you can try doing a RSA_PrintBuf on publicKeyAndChallenge->data and publicKeyAndChallenge->len to view the data.
Now, you want to access the SubjectPublicKeyInfo in the publicKeyAndChallenge. Use C_BERDecodeList on the publicKeyAndChallenge. The resulting LIST_OBJ should have two entries. Verify this by calling C_GetListObjectCount. You can then call C_GetListObjectEntry with index 0 to get the ITEM containing the BER-encoded spki (SubjectPublicKeyInfo). You can then call B_SetKeyInfo with KI_RSAPublicBER, using that SubjectPublicKeyInfo.
|Legacy Article ID||a4098|