tags:

views:

89

answers:

2
+2  Q: 

x509 certificate Information 

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number: 95 (0x5f)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=, O=, CN=
    Validity
        Not Before: Apr 22 16:42:11 2008 GMT
        Not After : Apr 22 16:42:11 2009 GMT
    Subject: C=, O=, CN=, L=, ST=
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (1024 bit)
            Modulus (1024 bit):
                ...
                ...
                ...
            Exponent: 65537 (0x10001)
    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 Extended Key Usage: critical
            Code Signing
        X509v3 Authority Key Identifier:
            keyid: ...

Signature Algorithm: sha1WithRSAEncryption
    a9:55:56:9b:9e:60:7a:57:fd:7:6b:1e:c0:79:1c:50:62:8f:
    ...
    ...
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----

In This Certificate, Which is the public key? is Modulus? what does the Signature Algorithm, a9:55:56:... represent (is it message digest)? And what is between -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----, is That the whole certificate?

As I am novice, little bit confusing between the message digest and public key?

Thanks in Advance-opensid

+3  A: 

An RSA public key consists of a modulus and exponent pair, which is shown in the "RSA Public Key" stanza. So that is the raw public key.

An x509 certificate is also signed by the certification authority- so the data in the "Signature Algorithm" stanza is that signature, an RSA-encrypted SHA1 digest of the preceding "Data:" section.

The base64-encoded data between "BEGIN CERTIFICATE" and "END CERTIFICATE" is the x509 certificate in machine-readable form (all the textual data above is for human consumption). When processing a PEM-format file such as this, only the data between the "BEGIN" and "END" lines is actually read.

araqnid  2010-04-28 12:55:23
A: 

Public key is made of modulus and public exponent.

The hex strings after signature algorithm is the signature.

The X509 is encoded in a binary encoding (DER) of ASN.1. It's normally converted to a text format called PEM, which is all the text between the begin/end markers (inclusive).

ZZ Coder  2010-04-28 12:55:49

related questions

OpenSSL and generating CSRs at client side
Encrypting data in Cocoa, decoding in PHP (and vice versa)
SSCrypto/OpenSSL to C# Crypto
How do you test a public/private keypair?
Python memory debugging with GDB
Programmatically Create X509 Certificate using OpenSSL
Understanding engine initialization in OpenSSL
Net::SSLeay post_https compilation error: Too many arguments
Opening an RSA private key from Ruby
How can I parse a Certificate Signing Request with Perl?
How to deploying a self signed SSL certificate to multiple servers
Building libcurl with SSL support on Windows
Self Signed Certificate in Windows without makecert?
"CURLE_OUT_OF_MEMORY" error when posting via https
How would you test an SSL connection?
Crypto/x509 certificate parsing libraries for Python (pyOpenSSL vs Python OpenSSL Wrappers vs...)
Strange call stack, could it be problem in asio's usage of openssl?
Is it a problem if multiple different accepting sockets use the same OpenSSL context?
Ruby on Rails: no such file to load -- openssl on RedHat Linux Enterprise
Using openssl what does "unable to write 'random state'" mean?
Using openssl encryption with Java
C# utility to create a CA
Easy expanation of setting up Openssl on Windows.
Getting ASN.1 Issuer strings from PEM files?
What Certificate Authority Software is Available?