[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quickest way to get SHA-1 thumbprint of a cert from a SecCertificateRef?

Subject: Re: Quickest way to get SHA-1 thumbprint of a cert from a SecCertificateRef?
From: Ken McLeod <email@hidden>
Date: Wed, 27 Sep 2006 10:46:04 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden


On Sep 27, 2006, at 9:29 AM, Paul Nelson wrote:

Signatures can be made with different algorithms. Are you trying to use the signature to verify something, or just to uniquely identify a cert? If any case you should use CSSMOID_X509V1Signature and the data returned will be the signature bytes. If you need the signature algorithm, you should get that using CSSMOID_X509V1SignatureAlgorithm

I don’t think that “CSSMOID_X509V1SignatureCStruct” works, nor does “CSSMOID_X509V1SignatureStruct” Paul Nelson Thursby Software Systems, Inc.

Those OIDs represent the signature portion of the X.509 certificate, which is not the same thing as what Nathan wants (a SHA-1 "fingerprint" digest of the entire certificate.)

Our certificate view code calculates the SHA-1 and MD5 digests on the fly using a convenience SPI, SecDigestGetData() in SecCertificatePriv.h, which is essentially a wrapper around the CSSM digest calls. There is no precalculated SHA-1 digest field that the CL will give you.

-ken

 on 9/26/06 10:38 PM, Nathan Herring at email@hidden wrote:
I could go through the certificate and do the SHA-1 calculation via SecCertificateGetData, CSSM_CreateDigestDataContext, etc., but is there just some key field that I could pull out of the CL layer? From looking at the docs, X509V1Signature looks potentially useful, but perhaps not what I want – the related Signature OIDs (e.g., X509V1SignatureCStruct) don’t appear to have a definition as to what would their format for me to read out of. Thx, nh
 _______________________________________________
 Do not post admin requests to the list. They will be ignored.
 Apple-cdsa mailing list      (email@hidden)
 Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
  _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden

References:
	>Re: Quickest way to get SHA-1 thumbprint of a cert from a SecCertificateRef? (From: Paul Nelson <email@hidden>)

Prev by Date: Re: Quickest way to get SHA-1 thumbprint of a cert from a SecCertificateRef?
Next by Date: Re: in-memory keychain or keychain-oidal data store?
Previous by thread: Re: Quickest way to get SHA-1 thumbprint of a cert from a SecCertificateRef?
Next by thread: SFCertificateView sometimes shows a cert is expired when it isn't
Index(es):
- Date
- Thread

Home