X.509 使用指纹验证密钥链
X.509 using fingerprint to validate key chain
我有一个项目,我必须在其中验证给定证书的链,以便它的所有权限都在我的持久性中。
有人告诉我,如果我检索给定证书的指纹,我可以用它来识别其 CA。这是真的吗?如果是,我该怎么做(很可能在 JAVA 中)?
我们已经想出了如何使用内置的 javas 来检索指纹,但是还没有人告诉我如何使用单个证书的指纹来识别 CA 或链。也许有不同的方式来实现我的目标?
I was told that if I retrieve the thumbprint of a given certificate, I could use it to identify its CA's. Is this true and if yes how (most likely in JAVA) can I do this?
不,这是假的。证书指纹是对整个证书计算的散列。指纹不包含有关 CA
的信息
We already figured out how to use javas build in to retrieve a thumbprint, but no one could tell me how to identify CA or the chain with the thumbprint of a single certificate yet. Maybe there's a different way to obtain my goal ?
您可以检查证书是否使用颁发证书的私钥签名,使用与颁发者关联的 public 密钥验证数字签名
在 java 中,使用您的受信任证书列表检查此项
Certificate certificate = ... //Last certificate from bottom to top of the provided chain
Certificate issuerCertificate =... //one of the certificates of the trusted list
certificate.verify(issuerCertificate.getPublicKey());
我有一个项目,我必须在其中验证给定证书的链,以便它的所有权限都在我的持久性中。
有人告诉我,如果我检索给定证书的指纹,我可以用它来识别其 CA。这是真的吗?如果是,我该怎么做(很可能在 JAVA 中)?
我们已经想出了如何使用内置的 javas 来检索指纹,但是还没有人告诉我如何使用单个证书的指纹来识别 CA 或链。也许有不同的方式来实现我的目标?
I was told that if I retrieve the thumbprint of a given certificate, I could use it to identify its CA's. Is this true and if yes how (most likely in JAVA) can I do this?
不,这是假的。证书指纹是对整个证书计算的散列。指纹不包含有关 CA
的信息We already figured out how to use javas build in to retrieve a thumbprint, but no one could tell me how to identify CA or the chain with the thumbprint of a single certificate yet. Maybe there's a different way to obtain my goal ?
您可以检查证书是否使用颁发证书的私钥签名,使用与颁发者关联的 public 密钥验证数字签名
在 java 中,使用您的受信任证书列表检查此项
Certificate certificate = ... //Last certificate from bottom to top of the provided chain
Certificate issuerCertificate =... //one of the certificates of the trusted list
certificate.verify(issuerCertificate.getPublicKey());