On Thu, Dec 17, 2009 at 09:30:57AM +0530, tushar ganguli wrote:

> Hi,
> I have been trying to generate the value of the subject key identifier but
> am getting conflicting results:
> 
> RFC5280 section 4.2.1.2
> <http://tools.ietf.org/html/rfc5280#section-4.2.1.2>states that the
> subject key id is the sha1 hash of the public key.
> But when I do the following I get different results:
> 
> 1. openssl rsa -pubout -in my.key.pem | openssl sha1 -c
> Result: b0:83:be:ad:72:af:fd:25:ef:4b:dc:b2:b0:26:9c:54:24:de:13:c2

This calculates the sha1 hash of the PEM formatted file containing
the public key.

> 2. openssl x509 -inform der -in my.cer -text
> Result: C5:C1:98:9F:22:2E:13:25:31:E7:15:7C:2F:E2:C9:9D:45:94:56:D7

This is the sha1 hash of the public key itself.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to