[Opendnssec-develop] hsm-toolkit questions
Rick van Rein
rick at openfortress.nl
Wed Mar 11 14:19:03 UTC 2009
John,
> + /* Hash the modulus bits */
> + SHA1_Update(&sha1ctx, &keysize, sizeof (keysize));
Not seeing the keysize in this patch, I'm assuming it is a value
of platform-independent endianness? We don't want to get into
trouble when moving the signing service from an i386 Mac to a
PowerPC Mac, so to speak. Also, the sizeof (keysize) is the
same for all platforms, I hope?
Actually, this same reasoning also applies to strengthen my
previous remark about hashing XML representations of keys.
Lacking a canonical form for XML (even if the name is coined
for something that approaches it) we cannot assume that the
"canonical" form of any XML document yields the same hash.
> + for (j = 0; j < SHA_DIGEST_LENGTH; j++) {
> + printf("%02x", md[j]);
> + }
I also agree that hex is more practical for us developers, and
don't mind a few bytes being wasted on it. Not even if the
context in which it is stored is as scarce in memory as a token.
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list