This content has been marked as final. Show 2 replies
beginner2 wrote:It can't be displayed directly with any keytool command. You can use -exportcert to get out the actual certificate and use other tools to view the public key. Or you can write a short program that uses the KeyStore class. The MD5 and SHA1 fingerprints are unrelated to the signature. The signature is not just a hash of anything. It is a combination of a hash algorithm and a public key algorithm like RSA or DSA. The signature is computed over most of the fields in the certificate. The thing that is signed is called a TBSCertificate, where the TBS part mean "to be signed" of course. [ RFC 5280 |http://www.rfc-editor.org/rfc/rfc5280.txt] has the gory details.
So some questions:
1. Where is the public key? I can't see it?
2. Why is the certificate signed with both MD5 and SHA1?
3. The signature(s) is a hash of something? What?
What is the difference between a fingerprint and a signature?