I have a little program in java and in delphi 5, both of them were design to handle certificate.
In delphi i'm using an indy 9 component: TIdX509, in this object there is a method to get the Fingerprint as String, i didn't find anywhere how does TIdX509 calculates. I could just find that it shouldn't have 16 bytes, example:
72:7F:8D:DF:8D:5F:61:A3:9E:DF:38:CA:C5:5B:18:0A 16 groups of 2.
So i tested in Java to see what fingerprint would be calculated, i did my function based on this answer How to calculate X.509 certificate's SHA-1 fingerprint?
public static String generateFingerPrint(X509Certificate cert)
throws CertificateEncodingException, NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("SHA-1");
byte[] hash = digest.digest(cert.getEncoded());
final char delimiter = ':';
// Calculate the number of characters in our fingerprint
// ('# of bytes' * 2) chars + ('# of bytes' - 1) chars for delimiters
final int len = hash.length * 2 + hash.length - 1;
// Typically SHA-1 algorithm produces 20 bytes, i.e. len should be 59
StringBuilder fingerprint = new StringBuilder(len);
for (int i = 0; i < hash.length; i++) {
// Step 1: unsigned byte
hash[i] &= 0xff;
// Steps 2 & 3: byte to hex in two chars
// Lower cased 'x' at '%02x' enforces lower cased char for hex
// value!
fingerprint.append(String.format("%02x", hash[i]));
// Step 4: put delimiter
if (i < hash.length - 1) {
fingerprint.append(delimiter);
}
}
return fingerprint.toString();
}
The result I get from this is something like: 56:ee:54:2b:cb:d3:8a:e2:1d:13:e1:f3:9c:f6:8f:3b:69:18:95:0a - 20 groups of 2
I also found this website: Calculate Fingerprint and it also generate the fingerprint with 20 groups of 2 and not 16.
So, my question is: Why does the indy component TIdX509 generates the fingerprint with just 16 groups of 2 when it should be 20?
