This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to test whether match a certificate (public key) with its corresponding private key?

 
Hugo Alberto Bedolla
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everybody:

I need to match a public key (a key inside a certificate, .crt file) with his (temptative) pair which lives inside a JKS file. I'm looking for any method at the docs but nothing similar. Basically I need to test whether both are associated one to another. Do you know how do I do?

Thanks in advance.
 
Arshad Noor
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Every X509 v3 digital certificate will have a certificate extension called SubjectKeyIdentifier (SKI). This is a hash (usually MD5 of SHA1) of the raw public key in the certificate. Compare this hash to the hash found in the SKI extension of the certificate in the JKS file. If the hashes match, they are the same public key.

Note that even if the hashes of the public-keys match, they are not likely the same certificate - just the same key. Depending on how the certificate was created and who issued it, the digital certificates could have completely different Subject DNs, key-usages, etc. If you need to determine if the certificates are identical, then you need to match up the Issuer DNs, the Subject DNs, the AuthorityKeyIdentifier (AKI) values, the SKI values and certificate serial numbers before you can determine that they are the same certificates.

Arshad Noor
StrongAuth, Inc.
 
Hugo Alberto Bedolla
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ashaad:

Thanks a lot for your feedback. It helped me a lot. Good day
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic