What is an RSA "key ID"?

In the case of Strongswan one can display what it refers to as the keyid using its command line utilities. The main point of the keyid is that it can be used to identify the actual public key contained within a certificate so that a certificate might change but by checking the keyid one can check whether the key has changed or not.

The pki command will list the keyids of an X.509 cert as follows (where the subjectPublicKeyInfo hash is the keyid):

pki --keyid --in cert.pem --type x509

Or for an RSA private key:

pki --keyid --in key.pem

The second command is ipsec which one can use to list all the certs (and config) installed in the /etc/ipsec.d subdirectories (this command will list the certificates and their corresponding keyid which is the same as their subjectPublicKeyInfo hash listed by the pki command):

ipsec listall

Also one can use openssl to generate Strongswan's idea of a keyid, which is basically the SHA1 of the actual RSA public key (the sed script just strips the '-----BEGIN PUBLIC KEY-----' and END banners) [Corrected after Micah's comment]:

openssl x509 -in cert.pem -noout -pubkey | sed 's/--.*$//g' | base64 --decode | sha1sum

When you decrypt using gpg it provides a "long" keyID hash. To verify which key was used list the keys in long format using:

gpg --list-keys --keyid-format long

To list the keys in a different keyring without updating the default keyring use:

gpg --keyring <path-to-pubring.kbx> --no-default-keyring --list-keys

In different formats (PGP, SSH, X.509 certificates) key ID has different meaning. Neither SSH nor X.509 have a "dedicated" concept of key ID, but some people use this term (including their software) - in this case it's usually a hash of the public key or of the certificate in whole.

Update: the comments reminded me that "key identifier" extensions exist in X.509 certifiactes, and they sometimes are being referred to as key IDs. Yet, this is not common - usually the hash (also sometimes called the fingerprint) is referenced as key ID.


Having just done this for my own purposes, I'll write this down while it's all fresh in my head...

The "official" key ID (that is, the content of the "X509v3 Subject Key Identifier" extension in an X509 certificate) is the SHA1 hash of the DER-encoded ASN.1 sequence consisting of the modulus and exponent of an RSA public key. It takes piecing together about three different RFCs and a bit of experimentation to come up with that, but that's how it works.

Some Ruby code to do the encoding looks like this -- feed it an RSA public or private key on stdin:

require 'openssl'

pkey = OpenSSL::PKey::RSA.new($stdin.read).public_key

seq = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(pkey.n),
                               OpenSSL::ASN1::Integer.new(pkey.e)])
puts Digest::SHA1.hexdigest(seq.to_der).upcase.scan(/../).join(':')