[3126] in WWW Security List Archive
Re: Certificates and Fingerprints
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Wed Oct 2 05:17:10 1996
Date: Tue, 01 Oct 1996 23:26:19 -0700
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: Jeroen de Borst <jeroen@hprc.tandem.com>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Jeroen de Borst wrote:
>
> Hi,
>
> Maybe somebody can help me with these two questings.
>
> 1. Why do all the certificates I see have a leading zero in the
> "modulus" value of the public key. I suspect that some software
> even starts behave buggy when this is not present. I thought that
> the "modulus" value was stored as a der encoded integer (not
> bitstring) so why this zero?
Integers are signed, so if the high bit of the bit value of the
modulus is 1, you need the leading zero to prevent it from being
treated as a negative number.
> 2. What is the algorithm to calculate a certificate fingerprint.
> I have looked in various places but can't find a definition,
> eventhough applications dealing with certificates (like
> netscape) allways show this fingerprint.
MD5 hash of the DER encoded signed certificate.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
