如何在 openssl 中创建 sha256 指纹 [英] How can I create a sha256 fingerprint in openssl
问题描述
我想sha256指纹 使用openssl.我试过了,但你必须sha1.我该怎么办?
I want to sha256 the fingerprint Use the openssl. I tried, but you have to sha1. What will i do?
我使用的是 OpenSSL 1.0.1f.
I'm using OpenSSL 1.0.1f.
命令
openssl md5 * >rand.dat
openssl genrsa -rand rand.dat -aes256 2048 > server.key
openssl req -new -key server.key -sha256 -config openssl.cfg > server.csr
openssl x509 -fingerprint -sha256 -in server.csr -req -signkey server.key -extensions v3_req -extfile openssl.cfg -out server.cer
改成默认如下:
[ CA_default ]
default_md = sha256 # Change
[ req ]
req_extensions = v3_req # Uncomment
推荐答案
如何在openssl中创建sha256指纹
How can I create a sha256 fingerprint in openssl
-sha256
正确.
您如何与您的证书颁发机构签署 OpenSSL 证书签名请求?.
根据反馈,使用 -fingerprint
时,SHA1 似乎是硬编码的.以下来自 <openssl dir>/apps/x509.c
(所有 OpenSSL 应用程序,如 ca
、x509
、encrypt
、decrypt
等位于 apps/
中).从 x509.c
的第 935 行开始:
Based on the feedback, it appears SHA1 is hard coded when using -fingerprint
. Below is from <openssl dir>/apps/x509.c
(all OpenSSL apps, like ca
, x509
, encrypt
, decrypt
, etc are located in apps/
). From around line 935 of x509.c
:
else if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
const EVP_MD *fdig = digest;
if (!fdig)
fdig = EVP_sha1();
if (!X509_digest(x,fdig,md,&n))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
BIO_printf(STDout,"%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig)));
....
至于const EVP_MD *fdig =digest
,可以设置digest
.但我不知道应该使用什么开关.从第 475 行开始:
As far as const EVP_MD *fdig = digest
, digest
can be set. But I can't tell what switch is supposed to be used. From around line 475:
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
digest=md_alg;
}
对我来说,这看起来很糟糕.
That looks broke to me.
这篇关于如何在 openssl 中创建 sha256 指纹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!