Hello Michael,
First, thanks for your instructions.
Second, please don't read my last message I post it before reading your answer :$
And after reading your kind answer, I'm a little confused. Reading the perl code that OpenCA uses after the user writes in the Public Interface the CRIN code for his(her) certificate, I thought that OpenCA first hashes that written CRIN and compares it with the PIN in the DB, and I thought that was the way OpenCA uses to verify the CRIN code entered by the user, but now, after your reply, I'm thinking it twice. So a new question, that I have to add to my large queue, is that PIN a hashed representation of the CRIN code for the cert? If it isn't how can I verify the CRIN entered by the user?
The question is based on the fact that I used the command you recommend me, but that doesn't look like that PIN in the DB:
I'm executing this command:
openssl dgst -sha1 CRIN11
SHA1(CRIN11)= db61f83ee19208bbc976ba9685b4f686efd22018
but the result is different from what I have in the DB
PIN in db:
5e86d229d29e4f856f9b798cad5fe007808c6afc
openssl dgst -sha1 CRIN11
SHA1(CRIN11)= db61f83ee19208bbc976ba9685b4f686efd22018
but the result is different from what I have in the DB
PIN in db:
5e86d229d29e4f856f9b798cad5fe007808c6afc
Thanks a lot for your patience with me :-)
Johnny
Michael Bell <[EMAIL PROTECTED]> escribió:
Michael Bell <[EMAIL PROTECTED]> escribió:
Johnny Gonzalez wrote:
> I tryed using openca-digest too, but the output is
> different from the PIN stored in the db, so my new
> question is: how is this PIN generated? in the
> "certificate" table in "data" field thereis a PIN, I
> thinks that is the only parameter OpenCA uses to check
> the CRIN, so I'm trying to use it too but that PIN
> also is different to the output of openca-digest
> command:
>
> openca-digest sha1 TMS8hU+b8oPhoYS55b/NaQ
> Digest: SHA1
> String: TMS8hU+b8oPhoYS55b/NaQ
> SHA1: 22H4PuGSCLvJdrqWhbT2hu/SIBg
>
> and the cert PIN in DB is:
> PIN=5e86d229d29e4f856f9b798cad5fe007808c6afc
The PIN will be created during the certificate creation. Sometimes the
users don't like it and use the PIN of the request but I describe the
default model. Thi s PIN will be hashed with SHA1. This hash/digest is
stored in the header (PIN=...).
The original command is the following:
openssl dgst -sha1 < stdin
You can use "openssl dgst -sha1 CLEAR_PIN" too.
So are you sure that you have the correct clear text PIN? How do you get
the clear text PIN.
Michael
--
_______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice
Fax: +49 (0)30-2093 2704 Unter den Linden 6
[EMAIL PROTECTED] D-10099 Berlin
_______________________________________________________________
Correo Yahoo!
Comprueba qué es nuevo, aquí
http://correo.yahoo.es
