Skip to main content
Information Security

Return to Question

deleted 45 characters in body
Source Link
user9371654
user9371654
  • 589
  • 2
  • 8
  • 17

I have some SW that extracts certificates data and the SW utilizes OpenSSL. I am confused what is the difference between the subjectKeyIdentifier and the sha1Fingerprint. Both are hash values. My intuition is that the subjectKeyIdentifier is the hash of the public-key of the certificate and the sha1Fingerprint is the hash of the overall fields of the certificate. My research made more confused. For example, thisThis reference says about the subjectKeyIdentifier:

This is a hash value of the SSL certificate.

This is an example of what I get from the SW:

"subjectKeyIdentifier": "A8:4AXX:6A:63XX:04:7D:DD:BA:E6:D1:39XX:B7XX:A6XX:45:65:EF:F3:A8XX:EC:A1"XX", "sha1Fingerprint": "E6:A3XX:B4XX:5B:06:2DXX:50:9B:33XX:82:28XX:2D:19XX:6E:FEXX:97:D5XX:95:6CXX:CB"

Note: XX in the examples is used for redaction.

The question is: What is the difference between the two hashes? What each hash is for?

I have some SW that extracts certificates data and the SW utilizes OpenSSL. I am confused what is the difference between the subjectKeyIdentifier and the sha1Fingerprint. Both are hash values. My intuition is that the subjectKeyIdentifier is the hash of the public-key of the certificate and the sha1Fingerprint is the hash of the overall fields of the certificate. My research made more confused. For example, this reference says about the subjectKeyIdentifier:

This is a hash value of the SSL certificate.

This is an example of what I get from the SW:

"subjectKeyIdentifier": "A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1", "sha1Fingerprint": "E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB"

What is the difference between the two hashes? What each hash is for?

I have some SW that extracts certificates data and the SW utilizes OpenSSL. I am confused what is the difference between the subjectKeyIdentifier and the sha1Fingerprint. Both are hash values. My intuition is that the subjectKeyIdentifier is the hash of the public-key of the certificate and the sha1Fingerprint is the hash of the overall fields of the certificate. This reference says about the subjectKeyIdentifier:

This is a hash value of the SSL certificate.

This is an example of what I get from the SW:

"subjectKeyIdentifier": "A8:XX:6A:XX:04:7D:DD:BA:E6:D1:XX:XX:XX:45:65:EF:F3:XX:EC:XX", "sha1Fingerprint": "E6:XX:XX:5B:06:XX:50:9B:XX:82:XX:2D:XX:6E:XX:97:XX:95:XX:CB"

Note: XX in the examples is used for redaction.

The question is: What is the difference between the two hashes? What each hash is for?

Tweeted twitter.com/StackSecurity/status/1077307998815600646
Source Link
user9371654
user9371654
  • 589
  • 2
  • 8
  • 17

The difference between Subject Key Identifier and sha1Fingerprint in X509 Certificates

I have some SW that extracts certificates data and the SW utilizes OpenSSL. I am confused what is the difference between the subjectKeyIdentifier and the sha1Fingerprint. Both are hash values. My intuition is that the subjectKeyIdentifier is the hash of the public-key of the certificate and the sha1Fingerprint is the hash of the overall fields of the certificate. My research made more confused. For example, this reference says about the subjectKeyIdentifier:

This is a hash value of the SSL certificate.

This is an example of what I get from the SW:

"subjectKeyIdentifier": "A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1", "sha1Fingerprint": "E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB"

What is the difference between the two hashes? What each hash is for?