0

I need to verify that two pfx files are indeed different certificates, and not the same data pasted two times. My constraints are:

  • I don't have access to the certificate password, therefore I cannot use tools like "certutil -dump path" etc.
  • As explained, I cannot rely on the file metadata (creation date, etc.) because I want to verify that the content is actually different.

I understand that the pfx file itself, sitting in the OS' filesystem, will have some metadata (file creation date, etc.) and actual data. I wonder if all the content of the pfx is ciphertext, since it is password protected, or if it contains also some structure like sections, where there is some ciphertext but also some accessible data like certificate ID etc. Obviously I opened both files with a plaintext editor and the content is very different, due to encryption, but I am not sure if I would be able to find common blocks if both certificates where, indeed, the same one.

Silverman
  • 103
  • 2

1 Answers1

1

Unfortunately that is hard to do reliably. Depends on how it was stored, See https://security.stackexchange.com/questions/177874/extract-information-about-certificate-from-a-pfx-file-without-the-password?rq=1

If you are unlucky all data is encrypted. In that case you can compare file contents, but binary data can be completely different, even when they contain the same certificate.

Post with information on how to read PFX files

NiKiZe
  • 1,246
  • 8
  • 20
  • Ah yes, the link you provided suggests there is the possibility for containers containing ciphertext, or complete ciphertext from start to finish. Do you have any idea of which file viewer could be used to interpret those sections, if existing? – Silverman Sep 02 '21 at 11:04
  • @Silverman Link added to answer – NiKiZe Sep 02 '21 at 14:18