> Well the first embedded SEQUENCE is the tbsCertificate data. You
> need to hash
> all of that including the SEQUENCE tag+length bytes.
This is correct. My previous statement that you don't include the tag and
length bytes was incorrect. Sorry.
DS
> There is an example here:
>
> http://www.openssl.org/docs/apps/rsautl.html#EXAMPLES
>
Awesome, that is exactly what I'm looking for.
Thanks!
Anthony.
__
OpenSSL Project http://www.openssl.org
On Fri, May 09, 2008, Anthony Floyd wrote:
> To generate the signature, has that first embedded SEQUENCE (the one
> that contains the certificate data) been hashed entirely? Including the
> tag and length fields? Or has some subset of that been hashed? I
> assume that the SEQUENCE with the hash
On Fri, May 09, 2008, Anthony Floyd wrote:
> To generate the signature, has that first embedded SEQUENCE (the one
> that contains the certificate data) been hashed entirely? Including the
> tag and length fields? Or has some subset of that been hashed? I
> assume that the SEQUENCE with the hash
> This page is helpful as well:
> http://en.wikipedia.org/wiki/X.509
>
> Under "Structure of a certificate", it shows that a
> certificate consists of
> an inner certificate (sometimes called the TBS certificate),
> followed by the
> certificate signature algorithm and the signature itself. The
> To do that properly you do need to at least parse some of the
> ASN1 data. There
> is some header information at the start which contains the
> SEQUENCE tag+length
> bytes.
Right. This isn't a problem, as I've been pulling the data out by
parsing the ASN.1 data anyway.
> The actual bit you
> To do that properly you do need to at least parse some of the
> ASN1 data. There
> is some header information at the start which contains the
> SEQUENCE tag+length
> bytes.
>
> The actual bit you will hash is in the middle of the data. One SEQUENCE
> header is deleted from the start and some dat
On Thu, May 08, 2008, Anthony Floyd wrote:
> Hi,
>
> I have a self-signed certificate generated by OpenSSL. I'm using Python
> and various libraries (PyCrypto, tlslite) to programmatically access the
> certificate. I'm not having any problems pulling the data out of the
> certificate.
>
> Now
> So to check the signature, it should be as easy as to hash
> the data, decrypt the signature with the public key and
> compare the two.
Of course, I meant: hash the data, encrypt the hash with the public key
and compare to signature.
Thanks,
Anthony.
Hi,
I have a self-signed certificate generated by OpenSSL. I'm using Python
and various libraries (PyCrypto, tlslite) to programmatically access the
certificate. I'm not having any problems pulling the data out of the
certificate.
Now I want to validate the certificate. My current understandin
10 matches
Mail list logo
