x509 certificate Information
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 95 (0x5f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=, O=, CN=
Validity
Not Before: Apr 22 16:42:11 2008 GMT
Not After : Apr 22 16:42:11 2009 GMT
Subject: C=, O=, CN=, L=, ST=
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
...
...
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage: critical
Code Signing
开发者_开发知识库 X509v3 Authority Key Identifier:
keyid: ...
Signature Algorithm: sha1WithRSAEncryption
a9:55:56:9b:9e:60:7a:57:fd:7:6b:1e:c0:79:1c:50:62:8f:
...
...
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
In This Certificate, Which is the public key? is Modulus? what does the Signature Algorithm, a9:55:56:... represent (is it message digest)? And what is between -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----, is That the whole certificate?
As I am novice, little bit confusing between the message digest and public key?
Thanks in Advance-opensid
An RSA public key consists of a modulus and exponent pair, which is shown in the "RSA Public Key" stanza. So that is the raw public key.
An x509 certificate is also signed by the certification authority- so the data in the "Signature Algorithm" stanza is that signature, an RSA-encrypted SHA1 digest of the preceding "Data:" section.
The base64-encoded data between "BEGIN CERTIFICATE" and "END CERTIFICATE" is the x509 certificate in machine-readable form (all the textual data above is for human consumption). When processing a PEM-format file such as this, only the data between the "BEGIN" and "END" lines is actually read.
Public key is made of modulus and public exponent.
The hex strings after signature algorithm is the signature.
The X509 is encoded in a binary encoding (DER) of ASN.1. It's normally converted to a text format called PEM, which is all the text between the begin/end markers (inclusive).
精彩评论