CA/Revocation Reasons: Difference between revisions

Jump to navigation Jump to search

CA/Revocation Reasons (view source)

Revision as of 23:12, 14 April 2022

104 bytes added ,  14 April 2022
continued drafting text
(continued drafting text)
(continued drafting text)
Line 87: Line 87:
* Compare a hash of the public key from the private key
* Compare a hash of the public key from the private key
** First check the consistency of a private key
** First check the consistency of a private key
*** openssl rsa -in [privatekey] -check
*** openssl rsa -in privatekey -check
** Then compare the public key
** Then compare the public key
*** openssl publicKey -in privateKey.key -pubout -outform pem | sha256sum
*** openssl publicKey -in privateKey -pubout -outform pem | sha256sum
*** openssl x509 -in certificate].crt -pubkey |openssl publicKey -pubin -pubout -outform pem | sha256sum
*** openssl x509 -in certificate.crt -pubkey |openssl publicKey -pubin -pubout -outform pem | sha256sum
* Sign a message with the private key and then verify it with the public key.  
* Sign a message with the private key and then verify it with the public key.  
** openssl x509 -in [certificate] -noout -pubkey > pubkey.pem
** openssl x509 -in certificate.crt -noout -pubkey > publicKey.pem
** dd if=/dev/urandom of=rnd bs=32 count=1
** dd if=/dev/urandom of=random bs=32 count=1
** openssl rsautl -sign -pkcs -inkey [privatekey] -in rnd -out sig
** openssl rsautl -sign -pkcs -inkey privateKey -in random -out signed
** openssl rsautl -verify -pkcs -pubin -inkey pubkey.pem -in sig -out check
** openssl rsautl -verify -pkcs -pubin -inkey publicKey.pem -in signed -out check
** cmp rnd check
** cmp random check
** rm rnd check sig pubkey.pem
** rm random check signed publicKey.pem
*** If cmp produces no output then the signature matches.
*** If cmp produces no output then the signature matches.
* Use a well known script/tool
* Use an existing script/tool
** [https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Hanno Böck's script]: https://github.com/hannob/tlshelpers/blob/master/matchcertkey
** [https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Hanno Böck's script]: https://github.com/hannob/tlshelpers/blob/master/matchcertkey
***
*** [https://www.sslshopper.com/certificate-key-matcher.html Certificate Key Matcher]


== OCSP ==
== OCSP ==
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1241897"

Navigation menu