Hello,
I'm using digital certificates to sign a transaction results, also, I need to print out a slip with information and digital signature on it.
I was wondering if there is any shorter representation of X.509 digital signature specifically designed for printed media? Maybe some kind of hash or something similar...
Thank you very much!
The "openssl x509" tool gives a nice, concise, human readable text representation of a x.509 certificate using the "-text" option:
openssl x509 -noout -text -in CA_2048bit.pem
The output looks like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
00:11:22:33:44:55:66:77:88:99
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Some CA, OU=Dept, O=MyOrganization, ST=Mazowieckie, C=PL
Validity
Not Before: Jun 17 14:24:59 2009 GMT
Not After : Jun 17 14:24:57 2029 GMT
Subject: CN=Some Party, OU=Dept, O=MyOrganization, ST=Mazowieckie, C=PL
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
00:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
Signature Algorithm: sha1WithRSAEncryption
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
00:11:22:33
This is of course a bit long due to the signature and the modulus information.
Unfortunately, all of this this data is required in full for verifying the certificate authenticity and for using it to verify the digital signatures authenticated with it, respectively.
Without these the rest of certificate contents don't prove anything.