On Thu, Dec 17, 2009, tushar ganguli wrote:
> So should I take the PEM formatted output, strip the --- BEGIN -- / -- END
> -- lines from the key and then convert the Base64 encoding to binary format
> and then calculated the hash? Will that be the same as displayed in the
> certificate?
>
If it was just the DER form then adding -outform DER to the rsa command would
work. However the operation isn't based on the whole key. Here's an example
using the OpenSSL tools...
openssl asn1parse -in key.pem
0:d=0 hl=3 l= 159 cons: SEQUENCE
3:d=1 hl=2 l= 13 cons: SEQUENCE
5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
16:d=2 hl=2 l= 0 prim: NULL
18:d=1 hl=3 l= 141 prim: BIT STRING
The actual SKID is the contents of that BIT STRING so you do:
openssl asn1parse -in key.pem -strparse 18 -out key.der
Then:
openssl sha1 key.der
That will give you exactly the same hash as that placed in SKID.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
