Topic: x509 digest with CyaSSL
2010-09-13 17:20:54 UTC
Hello! How do I create a SHA1 fingerprint from a certificate using CyaSSL? OpenSSL code to do it: X509* x = /* get certificate */; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD* evp_type = EVP_sha1(); X509_digest(x, evp_type, md, &n); or: X509* x = /* get certificate */; int i; const ASN1_ITEM *it = ASN1_ITEM_rptr(X509); const EVP_MD* evp_type = EVP_sha1(); ASN1_VALUE *asn = (ASN1_VALUE *)x; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; unsigned char *str = NULL; i = ASN1_item_i2d(asn, &str, it); EVP_Digest(str, i, md, n, evp_type, NULL); I should be able to verify SHA1 hash generated by OpenSSL, so fingerprint generated with CyaSSL should be the same. Thanks!
2010-10-01 17:07:21 UTC
Hi, sorry for the delay, don't think I got a notification for this one. I'm not totally clear on what you're trying to do. Do you just need the hash over every byte of the certificate? If so, that is easy. Read in all the bytes and use ShaUpdate() and ShaFinal(). On the other hand, if you need the hash over just the Subject's Name in the cert there is no easy way to get this currently from CyaSSL. CyaSSL keeps track of this internally but doesn't yet "export" the hash. We can add that if it's something that's needed.