2 Replies Latest reply: Jul 11, 2010 1:31 PM by 796386 RSS

    Trying to figure out the public key?

    796386
      Hi,
      I am following the Sun / Oracle security tutorial here:

      http://download.oracle.com/docs/cd/E17409_01/javase/tutorial/security/toolsign/step3.html

      Out of curiosity, after I put the certificate in the keystore, I wish to have a look at it.
      I run:

      keytool -list -v -keystore susanstore -storepass ab987c -alias signFiles

      and I get back the following...

      Alias name: signFiles
      Creation date: 08-May-2010
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=Susan Jones, OU=Purchasing, O=ABC, L=Cupertino, ST=CA, C=US
      Issuer: CN=Susan Jones, OU=Purchasing, O=ABC, L=Cupertino, ST=CA, C=US
      Serial number: 4be5c953
      Valid from: Sat May 08 21:28:03 BST 2010 until: Fri Aug 06 21:28:03 BST 2010
      Certificate fingerprints:
      MD5: E7:34:33:3C:F8:7E:47:22:65:F6:F3:09:5E:A7:C9:92
      SHA1: 8A:CA:CF:2E:C5:02:D8:EF:75:AD:C8:EE:A7:0D:3C:03:8A:17:08:B5
      Signature algorithm name: SHA1withDSA
      Version: 3

      So some questions:
      1. Where is the public key? I can't see it?
      2. Why is the certificate signed with both MD5 and SHA1?
      3. The signature(s) is a hash of something? What?

      Thanks in advance...
        • 1. Re: Trying to figure out the public key?
          843811
          beginner2 wrote:
          So some questions:
          1. Where is the public key? I can't see it?
          2. Why is the certificate signed with both MD5 and SHA1?
          3. The signature(s) is a hash of something? What?
          It can't be displayed directly with any keytool command. You can use -exportcert to get out the actual certificate and use other tools to view the public key. Or you can write a short program that uses the KeyStore class. The MD5 and SHA1 fingerprints are unrelated to the signature. The signature is not just a hash of anything. It is a combination of a hash algorithm and a public key algorithm like RSA or DSA. The signature is computed over most of the fields in the certificate. The thing that is signed is called a TBSCertificate, where the TBS part mean "to be signed" of course. [ RFC 5280 |http://www.rfc-editor.org/rfc/rfc5280.txt] has the gory details.
          • 2. Re: Trying to figure out the public key?
            796386
            What is the difference between a fingerprint and a signature?
            Thanks