signature of X509 certificates
- From: jogerhard <johannes.gerhard@xxxxxxxxxxxxxx>
- Date: Thu, 29 Jan 2009 14:20:02 -0800 (PST)
I'm trying to understand the signature value of X509-Certificates. As
far as I understand the signature value is the hash-value of the
certificate h(c) encrypted with the private key of the corresponding
Certification Authority. For the signature algorithm
"sha1WithRSASignature", e.g. this would mean that
s = h(c)^d mod n
with (d,n) as the private key.
To decrypt the signature the public key (e, n) is used
h(c) = s^e mod n
If this value is the same as the hash value of the certificate the
certificate is valid.
I tried to check this for several certificates, but I always fail to
validate the certificate. One certificate I tried to verify is the
root certificate "Thawte Personal Basic CA". The signature value (PKCS
#1 MD5 with RSA-encryption) is
s =
2d e2 99 6b b0 3d 7a 89 d7 59 a2 94 01 1f 2b dd
12 4b 53 c2 ad 7f aa a7 00 5c 91 40 57 25 4a 38
aa 84 70 b9 d9 80 0f a5 7b 5c fb 73 c6 bd d7 8a
61 5c 03 e3 2d 27 a8 17 e0 84 85 42 dc 5e 9b c6
b7 b2 6d bb 74 af e4 3f cb a7 b7 b0 e0 5d be 78
83 25 94 d2 db 81 0f 79 07 6d 4f f4 39 15 5a 52
01 7b de 32 d6 4d 38 f6 12 5c 06 50 df 05 5b bd
14 4b a1 df 29 ba 3b 41 8d f7 63 56 a1 df 22 b1
and the public key
n =
bc bc 93 53 6d c0 50 4f 82 15 e6 48 94 35 a6 5a
be 6f 42 fa 0f 47 ee 77 75 72 dd 8d 49 9b 96 57
a0 78 d4 ca 3f 51 b3 69 0b 91 76 17 22 07 97 6a
c4 51 93 4b e0 8d ef 37 95 a1 0c 4d da 34 90 1d
17 89 97 e0 35 38 57 4a c0 f4 08 70 e9 3c 44 7b
50 7e 61 9a 90 e3 23 d3 88 11 46 27 f5 0b 07 0e
bb dd d1 7f 20 0a 88 b9 56 0b 2e 1c 80 da f1 e3
9e 29 ef 14 bd 0a 44 fb 1b 5b 18 d1 bf 23 93 21
e=
01 00 01
When I calculate
h(c) = s^e mod n
the result is
01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF 00 30 20 30
0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10 FE
A8 EB 41 35 4A 5F 1C D9 BE 24 C6 A4 04 3A 60
As the algorithm ID for MD5 is
30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10
the calculation cannot be completely wrong.
The hash value then seems to consist of the last 8 bytes, i.e.
h(c) =
FE A8 EB 41 35 4A 5F 1C D9 BE 24 C6 A4 04 3A 60
The MD5 fingerprint of the certificate, however, is
E6 0B D2 C9 CA 2D 88 DB 1A 71 0E 4B 78 EB 02 41
which is obviously different from the calculated value. Does anyone
know what I'm doing wrong?
Thank you very much for your help.
.
- Follow-Ups:
- Re: signature of X509 certificates
- From: Bryan Olson
- Re: signature of X509 certificates
- From: Bruce Stephens
- Re: signature of X509 certificates
- Prev by Date: Re: Coming soon: Full-disk encryption for all computer drives
- Next by Date: Re: signature of X509 certificates
- Previous by thread: Coming soon: Full-disk encryption for all computer drives
- Next by thread: Re: signature of X509 certificates
- Index(es):
Relevant Pages
|
