Re: possible Bug in OpenSSL - rfc 3161 - TSA service

kapetr Mon, 11 Mar 2013 14:32:26 -0700


Dne 11.3.2013 21:42, Peter Sylvester napsal(a):

the second ess certid says


SEQUENCE {
                        OCTET STRING
                         52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
                        EB 6C D7 AC
                     }

by 3721926ea67e877df5f4e35dd3c87397eef33d4f
is the hash of the der version of te intermediate cert.

???

it is the sha1 hash itself and it is NOT hash of any cert inverification chain.

52EE29A7350304F894214872769F2478EB6CD7AC is hash of the TAC (attributecertificate)


$ asn1 -inform pem -in DEMO_TSA.pem -noout -out /dev/stdout|sha1sum
3cada1a29af6279454ffb22b96cd45e148c8ab6c  -
$ asn1 -inform pem -in demo_Qualified.pem -noout -out /dev/stdout|sha1sum
3721926ea67e877df5f4e35dd3c87397eef33d4f  -
$ asn1 -inform pem -in demo_root.pem -noout -out /dev/stdout|sha1sum
aa9653baf834abb3e293aa96d78fc77a65a194be  -

the first one (3cada1a29af6279454ffb22b96cd45e148c8ab6c)
is the hash in previous ESSCertID.

See:
http://2i.cz/dcc5b69c4f


--kapetr
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: possible Bug in OpenSSL - rfc 3161 - TSA service

Reply via email to