Hi Steve, I did what you said (please correct me if I am wrong) and still the ouput is not mappiing, below please find the steps I'd taken:
1. openssl asn1parse -inform der -in my.key 0:d=0 hl=4 l= 629 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l= 607 prim: OCTET STRING [HEX DUMP]: 2. openssl asn1parse -inform der -in my.key -strparse 22 -out mypubkey.der 3. openssl sha1 -c mypubkey.der SHA1(mypubkey.der)= 8d:51:f3:a7:03:5a:79:ca:14:1c:5f:9d:92:39:32:28:a8:1e:e3:7f SKID stored in the certificate is : C5:C1:98:9F:22:2E:13:25:31:E7:15:7C:2F:E2:C9:9D:45:94:56:D7 Which still differs from the original one. Regards, Tushar. On Thu, Dec 17, 2009 at 7:00 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Thu, Dec 17, 2009, tushar ganguli wrote: > > > So should I take the PEM formatted output, strip the --- BEGIN -- / -- > END > > -- lines from the key and then convert the Base64 encoding to binary > format > > and then calculated the hash? Will that be the same as displayed in the > > certificate? > > > > If it was just the DER form then adding -outform DER to the rsa command > would > work. However the operation isn't based on the whole key. Here's an example > using the OpenSSL tools... > > openssl asn1parse -in key.pem > > 0:d=0 hl=3 l= 159 cons: SEQUENCE > 3:d=1 hl=2 l= 13 cons: SEQUENCE > 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption > 16:d=2 hl=2 l= 0 prim: NULL > 18:d=1 hl=3 l= 141 prim: BIT STRING > > The actual SKID is the contents of that BIT STRING so you do: > > openssl asn1parse -in key.pem -strparse 18 -out key.der > > Then: > > openssl sha1 key.der > > That will give you exactly the same hash as that placed in SKID. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >