On Mon, 18 Jun 2012 16:08:28 +0200 Dirk Menstermann <noadsple...@web.de> wrote:
> Would anybody be so kind to explain me how I can read the digest
> algorithm (sha1, sha256, other) from a X509 struct that was used by a
> CA when issuing the certificate (I am using version 0.9.8).
openssl x509 -in [filename of certificate] -text
Then you will get a long output with various details, you have to look
for a line like:
Signature Algorithm: sha1WithRSAEncryption
which obviously means sha1. If it's sha256WithRSAEncryption, it's
sha256 etc.
For non-RSA-algorihtms or RSA-PSS, the situation can be more complex,
but you won't find any of them in the wild.
You'll also rarely find anything else than sha1 today - md5 and
earlier are (luckily) almost distinct and for strange reasons CAs seem
to resist the idea of replacing sha1 with the more secure
sha256/sha512-algorithms.
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature
