Re: Finding Certificate by MD5 hash

From: Dan Griffin (dangriff_at_online.microsoft.com)
Date: 11/16/04

• Next message: Eric Perlin [MS]: "Re: Replacement GINA using smart cards fail to display user Taskbar and user Icons."
• Previous message: Dan Griffin: "Re: Use of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed"
• In reply to: Craig: "Finding Certificate by MD5 hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 15 Nov 2004 16:09:17 -0800

Craig, there may be a couple of easier ways to do this. On the side where
you create the hash, first create a certificate context - it looks like
you're already doing that. Then call CertGetCertificateContextProperty
(CERT_MD5_HASH_PROP_ID). Note, I believe that's the hash of the whole cert,
and not just the public key. Let me know if that's a problem.

On the side that must search for the cert, use CertFindCertificateInStore
(CERT_FIND_MD5_HASH).

Note, if you really want to hash just the public key, verify that you're
literally doing just that. For example, don't hash the whole
CERT_PUBLIC_KEY_INFO structure.

-- 
Dan Griffin [MS]
Please do not send email directly to this alias.  This alias is for 
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Craig" <anonymous@discussions.microsoft.com> wrote in message 
news:328d01c4c2ce$39ecac80$a401280a@phx.gbl...
> Hi,
>
> I am searching for a certificate by the MD5-hashed public
> key, but it isn't finding the certificate. Should I be
> creating an MD5 hash of the Public Key Info or of some
> other Public Key data?
>
> This is what I am doing:
>
> When creating the MD5-hash, I get the CERT_PUBLIC_KEY_INFO
> from the certificate. I then call CryptHashPublicKeyInfo
> to create an MD5 hash of this Public Key Info.
>
> At the end that has to search for the certificate, I read
> in this MD5-Hash and store to a CRYPT_HASH_BLOB. I then
> call CertFindCertificateInStore passing in the
> CRYPT_HASH_BLOB and use the CERT_FIND_PUBKEY_MD5_HASH flag.
>
> Thanks,
> Craig.
> 

---

• Next message: Eric Perlin [MS]: "Re: Replacement GINA using smart cards fail to display user Taskbar and user Icons."
• Previous message: Dan Griffin: "Re: Use of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed"
• In reply to: Craig: "Finding Certificate by MD5 hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Question about Digital Signatures ... digitally sign a certificate by first creating a hash, ... the hash using its private key. ... digitally signed certificate to the client, ... public key and compares it with the hash value it calculates for the ... (sci.crypt) Re: Question regarding SSL/TLS ... the hash using its private key. ... digitally signed certificate to the client, ... public key and compares it with the hash value it calculates for the ... (comp.security.misc) X.509 Digital Certificates ... I'm trying to verify a X509 Certificate. ... I am able to get the Public Key & then the exponent & modulus. ... I believe that the hash is just the "thumbprint" of the certificate. ... (comp.security.misc) X509 Certificates Signature ... I'm trying to verify a X509 Certificate. ... I am able to get the Public Key & then the exponent & modulus. ... I believe that the hash is just the "thumbprint" of the certificate. ... (microsoft.public.dotnet.languages.csharp) Re: Hash of Public key ... I answered you several times you can hash your public key in many different ... Calculate hash on concatenation of little endian modulus with little ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2004-11