000026052 - How to parse Netscape SignedPublicKeyAndChallenge

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026052
Applies ToInformation about the SignedPublicKeyAndChallenge is available at http://home.netscape.com/eng/security/ca-interface.html
IssueHow to parse Netscape SignedPublicKeyAndChallenge
ResolutionUse the RSA BSAFE Cert-C APIs to extract the SubjectPublicKeyInfo from the PublicKeyAndChallenge, which is contained in the SignedPublicKeyAndChallenge.

Crypto-C, when using B_SetKeyInfo with KI_RSAPublicBER, expects a SubjectPublicKeyInfo as input.
More detailed outline of the solution:

First, use C_BERDecodeList on the pbkey.ber binary.  This will give you a LIST_OBJ containing the entries in the SignedPublicKeyAndChallenge.  Basically, C_GetListObjectCount on the result of C_BERDecodeList should be 3.  Feel free to do whatever you need to do to the second and third entries, but it's the first entry, the publicKeyAndChallenge, that you're interested in.  Do a C_GetListObjectEntry with index 0 to get the ITEM containing the BER-encoded publicKeyAndChallenge.  Something like this (where spkacEntryList is the LIST_OBJ filled in by C_BERDecodeList):

ITEM *publicKeyAndChallenge = NULL;

status = C_GetListObjectEntry (spkacEntryList, 0, (POINTER *)&publicKeyAndChallenge);
if (status != 0)
 goto CLEANUP;

To double-check that this went fine, you can try doing a RSA_PrintBuf on publicKeyAndChallenge->data and publicKeyAndChallenge->len to view the data.

Now, you want to access the SubjectPublicKeyInfo in the publicKeyAndChallenge.  Use C_BERDecodeList on the publicKeyAndChallenge.  The resulting LIST_OBJ should have two entries.  Verify this by calling C_GetListObjectCount.  You can then call C_GetListObjectEntry with index 0 to get the ITEM containing the BER-encoded spki (SubjectPublicKeyInfo).  You can then call B_SetKeyInfo with KI_RSAPublicBER, using that SubjectPublicKeyInfo.
Legacy Article IDa4098