Thumbprint algorithm

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Thumbprint algorithm

kartik rustagi
Hello everyone,

Can anyone tell me the what exactly is thumbprint algorithm? All the certificates that I am creating using openssl have thumbprint algorithm as SHA1. I see no configuration to change that in openssl.cnf . As I understood, the only hash that is required in a certificate is the signature, which is the hash of the whole certificate using the algorithm mentioned in signature algorithm. Can't figure out where does thumbprint algorithm fit in and how can it be changed.
Needless to say, I have already exhausted my searching skills to find the answer my self. 

--
Regards
Kartik Rustagi
Reply | Threaded
Open this post in threaded view
|

Re: Thumbprint algorithm

Kyle Hamilton
  On 9/1/10 9:53 PM, kartik rustagi wrote:
> Hello everyone,
>
> Can anyone tell me the what exactly is thumbprint algorithm? All the
> certificates that I am creating using openssl have thumbprint algorithm as
> SHA1. I see no configuration to change that in openssl.cnf .
It is actually 'default_md' -- default 'message digest'.

>   As I
> understood, the only hash that is required in a certificate is the
> signature, which is the hash of the whole certificate using the algorithm
> mentioned in signature algorithm. Can't figure out where does thumbprint
> algorithm fit in and how can it be changed.
The only hash that is stored in the certificate is the signature, yes.  
The keyid is currently (RFC5280) recommended to be the 160-bit SHA-1
hash of the bit string key (excluding its tag, length, and number of
unused bits packing).

-Kyle H


smime.p7s (8K) Download Attachment