On 9/1/10 9:53 PM, kartik rustagi wrote:
Hello everyone,Can anyone tell me the what exactly is thumbprint algorithm? All the certificates that I am creating using openssl have thumbprint algorithm as SHA1. I see no configuration to change that in openssl.cnf .
It is actually 'default_md' -- default 'message digest'.
The only hash that is stored in the certificate is the signature, yes. The keyid is currently (RFC5280) recommended to be the 160-bit SHA-1 hash of the bit string key (excluding its tag, length, and number of unused bits packing).As I understood, the only hash that is required in a certificate is the signature, which is the hash of the whole certificate using the algorithm mentioned in signature algorithm. Can't figure out where does thumbprint algorithm fit in and how can it be changed.
-Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
