`openssl x509 -hash` 计算什么的哈希值?
What does `openssl x509 -hash` calculate the hash of?
在下面的命令中,openssl x509 -in example.crt -hash -noout输出8927dc31。
openssl req -out example.crt -keyout example.key -newkey rsa:2048 -nodes -x509 -subj '/C=US/CN=example.com' -days 3650
openssl x509 -in example.crt -hash -noout # 8927dc31
openssl-x509(1) 只是说它是主题名称的“散列”。
-subject_hash
Outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a
directory to be looked up by subject name.
-issuer_hash
Outputs the "hash" of the certificate issuer name.
-hash
Synonym for "-subject_hash" for backward compatibility reasons.
- 什么是“哈希”函数? (sha1?md5?)
- “主题名称”到底是什么? (
Subject: C = US, CN = example.com 在 openssl x509 -in example.crt -text 中?)
- 我可以用命令行重现相同的哈希值吗?
ASN.1 编码主题值(-issuer_hash 的发行者值)的 sha1 散列的前 4 个字节 (8 hex-letters)。
您可以使用以下命令重现哈希:
echo '
310b30 09060355
04060c02 75733114
30120603 5504030c
0b657861 6d706c65
2e636f6d
' | xxd -r -p | sha1sum
# => 31dc2789c1e1182fbfbb64ee0a0c9a6e11276f97 -
前 4 个字节是 31dc2789。如果运行openssl的CPU是little-endian(包括x86_64),
openssl 反转字节 [1] (31 dc 27 89 → 89 27 dc 31) 然后打印 8927dc31
ASN.1 编码的主题值 310b30... 由 wireshark example.crt 找到。
如果主题为空(-subj '/'),哈希为空数据的sha1。
openssl req -out example.crt -keyout example.key -newkey rsa:2048 -nodes -x509 -subj '/' -days 3650
openssl x509 -in example.crt -hash -noout # eea339da
sha1sum </dev/null
# => da39a3ee5e6b4b0d3255bfef95601890afd80709 -
# da 39 a3 ee ... -> flip bytes: ee a3 39 da: eea339da
[1]:这对我来说看起来很不自然。我认为 this 应该 ntohl()ed。
在下面的命令中,openssl x509 -in example.crt -hash -noout输出8927dc31。
openssl req -out example.crt -keyout example.key -newkey rsa:2048 -nodes -x509 -subj '/C=US/CN=example.com' -days 3650
openssl x509 -in example.crt -hash -noout # 8927dc31
openssl-x509(1) 只是说它是主题名称的“散列”。
-subject_hash
Outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a
directory to be looked up by subject name.
-issuer_hash
Outputs the "hash" of the certificate issuer name.
-hash
Synonym for "-subject_hash" for backward compatibility reasons.
- 什么是“哈希”函数? (sha1?md5?)
- “主题名称”到底是什么? (
Subject: C = US, CN = example.com在openssl x509 -in example.crt -text中?) - 我可以用命令行重现相同的哈希值吗?
ASN.1 编码主题值(-issuer_hash 的发行者值)的 sha1 散列的前 4 个字节 (8 hex-letters)。
您可以使用以下命令重现哈希:
echo '
310b30 09060355
04060c02 75733114
30120603 5504030c
0b657861 6d706c65
2e636f6d
' | xxd -r -p | sha1sum
# => 31dc2789c1e1182fbfbb64ee0a0c9a6e11276f97 -
前 4 个字节是 31dc2789。如果运行openssl的CPU是little-endian(包括x86_64),
openssl 反转字节 [1] (31 dc 27 89 → 89 27 dc 31) 然后打印 8927dc31
ASN.1 编码的主题值 310b30... 由 wireshark example.crt 找到。
如果主题为空(-subj '/'),哈希为空数据的sha1。
openssl req -out example.crt -keyout example.key -newkey rsa:2048 -nodes -x509 -subj '/' -days 3650
openssl x509 -in example.crt -hash -noout # eea339da
sha1sum </dev/null
# => da39a3ee5e6b4b0d3255bfef95601890afd80709 -
# da 39 a3 ee ... -> flip bytes: ee a3 39 da: eea339da
[1]:这对我来说看起来很不自然。我认为 this 应该 ntohl()ed。