This discussion is archived
2 Replies Latest reply: Jul 11, 2010 11:31 AM by 796386 RSS

Trying to figure out the public key?

796386 Newbie
Currently Being Moderated
Hi,
I am following the Sun / Oracle security tutorial here:

http://download.oracle.com/docs/cd/E17409_01/javase/tutorial/security/toolsign/step3.html

Out of curiosity, after I put the certificate in the keystore, I wish to have a look at it.
I run:

keytool -list -v -keystore susanstore -storepass ab987c -alias signFiles

and I get back the following...

Alias name: signFiles
Creation date: 08-May-2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Susan Jones, OU=Purchasing, O=ABC, L=Cupertino, ST=CA, C=US
Issuer: CN=Susan Jones, OU=Purchasing, O=ABC, L=Cupertino, ST=CA, C=US
Serial number: 4be5c953
Valid from: Sat May 08 21:28:03 BST 2010 until: Fri Aug 06 21:28:03 BST 2010
Certificate fingerprints:
MD5: E7:34:33:3C:F8:7E:47:22:65:F6:F3:09:5E:A7:C9:92
SHA1: 8A:CA:CF:2E:C5:02:D8:EF:75:AD:C8:EE:A7:0D:3C:03:8A:17:08:B5
Signature algorithm name: SHA1withDSA
Version: 3

So some questions:
1. Where is the public key? I can't see it?
2. Why is the certificate signed with both MD5 and SHA1?
3. The signature(s) is a hash of something? What?

Thanks in advance...
  • 1. Re: Trying to figure out the public key?
    843811 Newbie
    Currently Being Moderated
    beginner2 wrote:
    So some questions:
    1. Where is the public key? I can't see it?
    2. Why is the certificate signed with both MD5 and SHA1?
    3. The signature(s) is a hash of something? What?
    It can't be displayed directly with any keytool command. You can use -exportcert to get out the actual certificate and use other tools to view the public key. Or you can write a short program that uses the KeyStore class. The MD5 and SHA1 fingerprints are unrelated to the signature. The signature is not just a hash of anything. It is a combination of a hash algorithm and a public key algorithm like RSA or DSA. The signature is computed over most of the fields in the certificate. The thing that is signed is called a TBSCertificate, where the TBS part mean "to be signed" of course. [ RFC 5280 |http://www.rfc-editor.org/rfc/rfc5280.txt] has the gory details.
  • 2. Re: Trying to figure out the public key?
    796386 Newbie
    Currently Being Moderated
    What is the difference between a fingerprint and a signature?
    Thanks