EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate and Fingerprint(Thumbprint)

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#7916
Posted: 10/20/2008 07:13:22
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Hi,
I have a question about certificate and fingerprint,
What information of certificate or subject (in certificate) is result to fingerprint?

thanks.
#7917
Posted: 10/20/2008 07:41:37
by Rogerio Oliveira (Basic support level)
Joined: 10/17/2008
Posts: 1

All return messages:

10:28:06 Connectin to "IP"
10:28:06 Server key ["key"] received
10:28:06 Authentication type [16] failed
10:28:06 Authentication succeeded
10:28:08 SFTP connection established
10:28:11 Retrieving file list


thanks.
#7919
Posted: 10/20/2008 08:13:37
by Ken Ivanov (EldoS Corp.)

Fingerprints are usually calculated over the entire certificate data (in its binary DER representation). I.e., fingeprinting procedure hashes all the information contained in the public part of the certificate.
#7923
Posted: 10/20/2008 08:37:59
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

thanks,
Quote
Fingerprints are usually calculated over the entire certificate data


Fingerprint itself is part of certificate data!

Quote
fingeprinting procedure hashes all the information contained in the public part of the certificate.


Which part is public part? Did you mean Subject Public Key Info ?

#7925
Posted: 10/20/2008 08:45:38
by Ken Ivanov (EldoS Corp.)

Quote
Fingerprint itself is part of certificate data!

No, if you are talking about the fingerprint referred to by the Thumbprint field of the Windows certificate manager.

Actually, there's no exact definition of the "Fingerprint" term with regard to certificates. I.e., we need to clarify the meaning of this term first.

Quote
Which part is public part? Did you mean Subject Public Key Info ?

I mean the whole certificate body in binary DER format (as defined by the X.509 RFC).
#7927
Posted: 10/20/2008 08:54:59
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

As input to signature calculation process is used DER-encoded tbsCertificate structure, exact format of which is described in RFC 3280.
#7928
Posted: 10/20/2008 09:02:07
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Oops, sorry, misunderstood.
tbsCertificate is signed, but the key identifier is calculated as SHA-1 hash over the public key.
#7929
Posted: 10/20/2008 09:10:08
by Ken Ivanov (EldoS Corp.)

Mykola, as I said, it is necessary to clarify the term "fingerprint" before giving the exact answer to this question. Usually the "fingeprint" term is used as a synonym for "thumbprint" displayed by e.g. Windows certificate manager. However, the exact answer depends on what Mr. Khorsandi does mean by this word.
#7930
Posted: 10/21/2008 00:31:05
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

thanks,
I mean of fingerprint exactly is thumprint that displayed by windows certificate manager.
Another question,
Is it correct that thumbprint is result of encrypted hashed certificate data?
#7931
Posted: 10/21/2008 00:48:06
by Ken Ivanov (EldoS Corp.)

Thank you. That fingerprint is calculated as simple SHA-1 hash over the binary certificate data.

Quote
Is it correct that thumbprint is result of encrypted hashed certificate data?

No. The fingerprint is just a result of SHA-1 hash function applied to the certificate data. There's no sense in encrypting the fingerprint as the main purpose of it is to identify a particular certificate among others.
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 3486 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!