views:

224

answers:

1

Hello,

I'm using digital certificates to sign a transaction results, also, I need to print out a slip with information and digital signature on it.

I was wondering if there is any shorter representation of X.509 digital signature specifically designed for printed media? Maybe some kind of hash or something similar...

Thank you very much!

A: 

The "openssl x509" tool gives a nice, concise, human readable text representation of a x.509 certificate using the "-text" option:

openssl x509 -noout -text -in CA_2048bit.pem

The output looks like this:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:11:22:33:44:55:66:77:88:99
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=Some CA, OU=Dept, O=MyOrganization, ST=Mazowieckie, C=PL
        Validity
            Not Before: Jun 17 14:24:59 2009 GMT
            Not After : Jun 17 14:24:57 2029 GMT
        Subject: CN=Some Party, OU=Dept, O=MyOrganization, ST=Mazowieckie, C=PL
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:
                    00:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
    Signature Algorithm: sha1WithRSAEncryption
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:
        00:11:22:33

This is of course a bit long due to the signature and the modulus information.

Unfortunately, all of this this data is required in full for verifying the certificate authenticity and for using it to verify the digital signatures authenticated with it, respectively.

Without these the rest of certificate contents don't prove anything.

Aleksander Adamowski