Hi Victor, Thanks for the response. So should I take the PEM formatted output, strip the --- BEGIN -- / -- END -- lines from the key and then convert the Base64 encoding to binary format and then calculated the hash? Will that be the same as displayed in the certificate?
Tushar. On Thu, Dec 17, 2009 at 10:12 AM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Thu, Dec 17, 2009 at 09:30:57AM +0530, tushar ganguli wrote: > > > Hi, > > I have been trying to generate the value of the subject key identifier > but > > am getting conflicting results: > > > > RFC5280 section 4.2.1.2 > > <http://tools.ietf.org/html/rfc5280#section-4.2.1.2>states that the > > subject key id is the sha1 hash of the public key. > > But when I do the following I get different results: > > > > 1. openssl rsa -pubout -in my.key.pem | openssl sha1 -c > > Result: b0:83:be:ad:72:af:fd:25:ef:4b:dc:b2:b0:26:9c:54:24:de:13:c2 > > This calculates the sha1 hash of the PEM formatted file containing > the public key. > > > 2. openssl x509 -inform der -in my.cer -text > > Result: C5:C1:98:9F:22:2E:13:25:31:E7:15:7C:2F:E2:C9:9D:45:94:56:D7 > > This is the sha1 hash of the public key itself. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
