PKI SHA1 Upgrade - Thumbprint Algorithm Explanation

Question

PKI SHA1 Upgrade - What is the difference between the Signature Algorithm and the Thumbprint Algorithm?

score 0 · Answer 1 · answered Jun 07 '16 at 15:56

0

The SignatureAlgorithm is the algorithm used to create the signature of the certificate. These days that is typically SHA256, but may be something else.

The Thumbprint does not actually exist in the certificate and is generated dynamically based on the certificate data. In Windows, it is generated using SHA1 and is 40 characters in length.

answered Jun 07 '16 at 15:56

Greg Askew

35,880
5
54
82

In addition, if you look at the certificate with `openssl x509 -noout -text in `, you'll notice that there is no thumbprint - only the signature. As Greg says, the thumbprint is only added on by some applications when displaying the certificate. If you need to confirm that you have the correct certificate you can ask the other party to confirm the thumbprint instead of confirming all the elements of the certificate match, such as Distinguished Names and public key. – garethTheRed Jun 07 '16 at 16:35

PKI SHA1 Upgrade - Thumbprint Algorithm Explanation

1 Answers1