On Thu, Nov 20, 2014 at 12:16:41PM -0700, Philip Prindeville wrote:
> I'm also looking for a function to generate a fingerprint (either MD5 or
> SHA-1 digest)
> over a public key DER string.
C or command-line? On the command-line:
$ pkey_digest() {
openssl x509 -in "$1" -noout -pubkey |
openssl pkey -pubin -outform DER |
openssl dgst -"$2" -binary |
hexdump -ve '/1 "%02X"'; printf "\n"
}
$ pkey_digest cert1.pem md5
$ pkey_digest cert2.pem sha256
...
In C:
const char *digest_alg; /* = "sha1" for example */
const EVP_MD *md;
unsigned char mdbuf[EVP_MAX_MD_SIZE];
unsigned char *buf;
unsigned char *buf2;
unsigned int len;
unsigned int len2;
X509 *cert;
/* get a cert from somewhere */
/* choose a value for digest_alg */
if ((md = EVP_get_digestbyname(digest_alg)) == 0)
/* error */
len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
if (buf)
i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2);
else
/* error */
OPENSSL_assert(buf2 - buf == len);
if (ok = EVP_Digest(buf, len, mdbuf, &len2, md, 0))
OPENSSL_free(buf);
if (! ok)
/* error */
/* Encode len2 bytes of digest in buf to hex or whatever */
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
