diff options
Diffstat (limited to 'doc/manpage.d/ipsec_keyblobtoid.3.html')
| -rw-r--r-- | doc/manpage.d/ipsec_keyblobtoid.3.html | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/doc/manpage.d/ipsec_keyblobtoid.3.html b/doc/manpage.d/ipsec_keyblobtoid.3.html new file mode 100644 index 000000000..109cfafa7 --- /dev/null +++ b/doc/manpage.d/ipsec_keyblobtoid.3.html @@ -0,0 +1,174 @@ +Content-type: text/html + +<HTML><HEAD><TITLE>Manpage of IPSEC_KEYBLOBTOID</TITLE> +</HEAD><BODY> +<H1>IPSEC_KEYBLOBTOID</H1> +Section: C Library Functions (3)<BR>Updated: 25 March 2002<BR><A HREF="#index">Index</A> +<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR> + + +<A NAME="lbAB"> </A> +<H2>NAME</H2> + +ipsec keyblobtoid, splitkeytoid - generate key IDs from RSA keys +<A NAME="lbAC"> </A> +<H2>SYNOPSIS</H2> + +<B>#include <<A HREF="file:/usr/include/freeswan.h">freeswan.h</A>></B> + +<P> +<B>size_t keyblobtoid(const unsigned char *blob,</B> + +<BR> + +<B>size_t bloblen, char *dst, size_t dstlen);</B> + +<BR> + +<B>size_t splitkeytoid(const unsigned char *e, size_t elen,</B> + +<BR> + +<B>const unsigned char *m, size_t mlen, char *dst,</B> + +<BR> + +<B>size_t dstlen);</B> + +<A NAME="lbAD"> </A> +<H2>DESCRIPTION</H2> + +<I>Keyblobtoid</I> + +and +<I>splitkeytoid</I> + +generate +key IDs +from RSA keys, +for use in messages and reporting, +writing the result to +<I>dst</I>. + +A +<I>key ID</I> + +is a short ASCII string identifying a key; +currently it is just the first nine characters of the base64 +encoding of the RFC 2537/3110 ``byte blob'' representation of the key. +(Beware that no finite key ID can be collision-proof: +there is always some small chance of two random keys having the +same ID.) +<P> + +<I>Keyblobtoid</I> + +generates a key ID from a key which is already in the form of an +RFC 2537/3110 binary key +<I>blob</I> + +(encoded exponent length, exponent, modulus). +<P> + +<I>Splitkeytoid</I> + +generates a key ID from a key given in the form of a separate +(binary) exponent +<I>e</I> + +and modulus +<I>m</I>. + +<P> + +The +<I>dstlen</I> + +parameter of either +specifies the size of the +<I>dst</I> + +parameter; +under no circumstances are more than +<I>dstlen</I> + +bytes written to +<I>dst</I>. + +A result which will not fit is truncated. +<I>Dstlen</I> + +can be zero, in which case +<I>dst</I> + +need not be valid and no result is written, +but the return value is unaffected; +in all other cases, the (possibly truncated) result is NUL-terminated. +The +<I>freeswan.h</I> + +header file defines a constant +<B>KEYID_BUF</B> + +which is the size of a buffer large enough for worst-case results. +<P> + +Both functions return +<B>0</B> + +for a failure, and otherwise +always return the size of buffer which would +be needed to +accommodate the full conversion result, including terminating NUL; +it is the caller's responsibility to check this against the size of +the provided buffer to determine whether truncation has occurred. + +With keys generated by +<I><A HREF="ipsec_rsasigkey.3.html">ipsec_rsasigkey</A></I>(3), + +the first two base64 digits are always the same, +and the third carries only about one bit of information. +It's worse with keys using longer fixed exponents, +e.g. the 24-bit exponent that's common in X.509 certificates. +However, being able to relate key IDs to the full +base64 text form of keys by eye is sufficiently useful that this +waste of space seems justifiable. +The choice of nine digits is a compromise between bulk and +probability of collision. +<A NAME="lbAE"> </A> +<H2>SEE ALSO</H2> + +RFC 3110, +<I>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</I>, +Eastlake, 2001 +(superseding the older but better-known RFC 2537). +<A NAME="lbAF"> </A> +<H2>DIAGNOSTICS</H2> + +Fatal errors are: +key too short to supply enough bits to construct a complete key ID +(almost certainly indicating a garbage key); +exponent too long for its length to be representable. +<A NAME="lbAG"> </A> +<H2>HISTORY</H2> + +Written for the FreeS/WAN project by Henry Spencer. +<P> + +<HR> +<A NAME="index"> </A><H2>Index</H2> +<DL> +<DT><A HREF="#lbAB">NAME</A><DD> +<DT><A HREF="#lbAC">SYNOPSIS</A><DD> +<DT><A HREF="#lbAD">DESCRIPTION</A><DD> +<DT><A HREF="#lbAE">SEE ALSO</A><DD> +<DT><A HREF="#lbAF">DIAGNOSTICS</A><DD> +<DT><A HREF="#lbAG">HISTORY</A><DD> +</DL> +<HR> +This document was created by +<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>, +using the manual pages.<BR> +Time: 21:40:18 GMT, November 11, 2003 +</BODY> +</HTML> |