I need to match a public key (a key inside a certificate, .crt file) with his (temptative) pair which lives inside a JKS file. I'm looking for any method at the docs but nothing similar. Basically I need to test whether both are associated one to another. Do you know how do I do?
Every X509 v3 digital certificate will have a certificate extension called SubjectKeyIdentifier (SKI). This is a hash (usually MD5 of SHA1) of the raw public key in the certificate. Compare this hash to the hash found in the SKI extension of the certificate in the JKS file. If the hashes match, they are the same public key.
Note that even if the hashes of the public-keys match, they are not likely the same certificate - just the same key. Depending on how the certificate was created and who issued it, the digital certificates could have completely different Subject DNs, key-usages, etc. If you need to determine if the certificates are identical, then you need to match up the Issuer DNs, the Subject DNs, the AuthorityKeyIdentifier (AKI) values, the SKI values and certificate serial numbers before you can determine that they are the same certificates.
Hugo Alberto Bedolla
Joined: Nov 09, 2010
Thanks a lot for your feedback. It helped me a lot. Good day