Thanks, Greg. I was afraid of this.
I wanted to hash the public key and use that as a part of the DN as
specified in the CSR. I shall now try this with openssl dgst.
If I hash the certificate, I cant include that in the certificate (in the
DN) as the hash will change (circular dependency) !!! I realise now however,
that this hash of public key will not match the thumbprint Windows reports.
Too bad.
Regards,
Sandipan
----- Original Message -----
From: Greg Stark
To: [EMAIL PROTECTED]
Sent: Wednesday, March 07, 2001 12:21 AM
Subject: Re: Thumbprint of Digital ID
It is the hash of the entire DER encoded certificate.
You can calculate it using the 'openssl' utility via:
openssl dgst -sha1 -c < cert.der
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: Sandipan Gangopadhyay
To: [EMAIL PROTECTED]
Sent: Tuesday, March 06, 2001 1:52 AM
Subject: Thumbprint of Digital ID
I used Xenroll and openssl to create a Digital ID on a Windows System. This
is working fine. I can use it to sign emails.
My question is that when I view this certificate on IE or OE, Windows shows
the digital ID's SHA1 Thumbprint.
This obviously is a hash, but of what ? The public key in a particular
format ? The certificate in a particular format ?
If this is of the public key alone, could I calculate this myself using
openssl and the PKCS10 .csr ?
Regards,
Sandipan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
