11

In openssl.cnf default_md (use public key default MD) is set to default. How can I find out what the default is without generating a certificate? Is there a file I can check where it lists the default?

abalone
  • 211
  • 1
  • 2
  • 5

2 Answers2

10

md stands for message digest and from openssl version 1.1 the default digest is sha256.

-md alg

the message digest to use. Any digest supported by the OpenSSL dgst command can be used. This option also applies to CRLs.

https://www.openssl.org/docs/manmaster/man1/ca.html

The default digest was changed from MD5 to SHA256 in Openssl 1.1.

https://www.openssl.org/docs/manmaster/man1/dgst.html

Peter W
  • 103
  • 4
Diamond
  • 9,001
  • 3
  • 24
  • 38
  • 1
    I am using openssl 1.0.0m and generated a certificate: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 360 When I check the certificate I see: Signature Algorithm: sha1WithRSAEncryption Public Key Algorithm: rsaEncryption If the default is MD5 why is MD5 not listed when I look at the cert? – abalone Dec 22 '15 at 16:14
  • Just wanted to note, Openssl 1.0.2j has sha256 as the default as well https://www.openssl.org/news/changelog.html#x4 – Mr_Moneybags Dec 06 '16 at 06:59
  • This is misleading at best; the default hash used by the `dgst` command did change, but is completely separate from and has no effect on the default used by `req` and `ca` for certificates and similar. @Mr_Moneybags: not just j but all of 1.0.2 – dave_thompson_085 Jul 20 '20 at 07:14
  • Also, 'manmaster' has been reorganized (I think in prep for 3.0) and your links now go to the generic 'openssl' page; you may want to use man1.1.1 instead, which at least for a while is still organized the older way (but not the really old 0.9 and 1.0 way, which I still have in older VMs) – dave_thompson_085 Jul 20 '20 at 07:24
1

Since 1.0.0 (in 2010), the default hash used by req and ca -- or more exactly the default used by the internal functions those commands call, X509_sign X509_REQ_sign X509_CRL_sign -- is determined in ASN1_item_sign by calling EVP_PKEY_get_default_digest_nid which uses pkey->ameth->pkey_ctrl(pkey,ASN1_PKEY_CTRL_DEFAULT_MD_NID,...). Thus in principle the hash choice could depend on the key type or even the actual key, but for the three public-key-signature types currently supported (RSA, DSA, ECDSA) it is in fact hardcoded: in 1.0.0 and 1.0.1 it is SHA1, and in 1.0.2 1.1.0 and 1.1.1 it is SHA256.

Before that, in 0.9.8, the default for req was hardcoded as SHA1, but for ca there was no default: if you didn't specify a hash on the commandline, and you didn't have default_md set to a valid hash, it failed. The upstream config, which might or might not be used in any particular case, had it set to sha1.

dave_thompson_085
  • 3,262
  • 1
  • 16
  • 16