Re: DER encoded algorithm identifier

On Sun, 03 Jun 2012 20:08:50 +0200, Hartmut <hartmut_99@xxxxxxxx>
wrote:

Hi all

for my crypto library i need a DER encoded algorithm identifier used
in the PKCS#1 signature padding scheme.
The algo is the korean HAS-160 hash algorithm
http://www.alvestrand.no/objectid/1.2.410.200004.1.2.html

Since the algorithm is based on the SHA1 hash algo, the encoding
could not be that far away from the SHA1 encoding (i guess).

You guess wrong. The OID value, and its encoding, depends on who
assigns it, not any semantics of the algorithm it identifies. Though
the encoding of the hash-value part does depend on its length.

I found the following hard coded DER encodings somewhere in the web,
but the HAS-160 was not among them:

MD2: (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 02 05 00 04 10
MD5: (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10
RIPEMD160: (0x)30 21 30 09 06 05 2B 24 03 02 01 05 00 04 14
SHA-1: (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14
SHA-224: (0x)30 2d 30 0d 06 09 60 86 48 01 65 03 04 02 04 05 00 04 1c
SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
SHA-384: (0x)30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 30
SHA-512: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40

Those are actually prefixes of DER encodings of a SEQUENCE containing
an AlgorithmIdentifier and an OCTETSTRING containing the hash. The
AlgorithmIdentifier in turn is a SEQUENCE of the OID and parameters,
which for many algos, including these and I think all hashes, is NULL.
(The AlgorithmIdentifier structure is also used for keys, ciphers, and
signature schemes, some of which do have non-NULL parameters.)
That is a form in which hash values are commonly represented,
including PKCS#1-type1, but it is not exactly what you asked for.

Any suggestions or links of how to build the DER encoding from the OID
value?
A hard coded octet string would do for the moment.

OpenSSL does have 1.2.410.200004 = KISA, and their SEED cipher (in 4
modes) under <KISA>.1, but not this hash, and anyway I don't know any
utility to output an OBJ without building it into a cert etc. or
writing some code, which isn't worth it here. A quick google finds
pages that are partly wrong, and nothing ready to use, bleah.

So going by hand (and I might make a mistake):

1x40+2=42=x2A 410=x19A 200004=x30D44 gives for the OID alone
06 08 2A 83 1A 8C 9A 44 01 02
and for the algid
30 0C <OID> 05 00

Assuming -160 means the value is 20 bytes, the combined prefix is
30 24 <algid> 04 14 (followed by hash value)

Cheers.
.

Quantcast