I create SSL certs with your cryptography pack and was looking at creating a fingerprint hash so I could pin it using Indy at the client end. How do you extract, for example, the 256 fingerprint from a created cert using your cryptography pack? TIA.
To compute 256 fingerprint, you need to use TSHA2Hash component with 256 as hashSizeBits. This component is located in the HashObj unit. You can find some examples of use in the manual and the demo.
Best regards,
Marion
Thanks for getting back to me.
I have been using a SHA2Hash component and hashing the whole certificate (to include the begin and end sections) loaded into a stringlist, as well as changing the output format and varying the Unicode but none of the results matches an internet site that does the same (https://www.samltool.com/fingerprint.php)
As an example:
-----BEGIN CERTIFICATE-----
MIIDsjCCApqgAwIBAgIMRBS0ABgyfgDjFQ4AMA0GCSqGSIb3DQEBCwUAMFMxCzAJ
BgNVBAYMAlVLMRIwEAYDVQQKDAlSZWRLaXRlSVQxEDAOBgNVBAsMB0NvbnNvcnQx
HjAcBgNVBAMMFVJlZEtpdGVJVCBDZXJ0aWZpY2F0ZTAeFw0yMDExMDYxNTE2MjZa
Fw0yMTExMDYxNTE2MjZaMFMxCzAJBgNVBAYMAlVLMRIwEAYDVQQKDAlSZWRLaXRl
SVQxEDAOBgNVBAsMB0NvbnNvcnQxHjAcBgNVBAMMFVJlZEtpdGVJVCBDZXJ0aWZp
Y2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANfWdSxMMxALJpkk
QjBHzgry/22uwWKsq/IC77nCuAZ0Qx1emf4bJLFFBLsTPIM28QKVx4SiDH8zgwWI
kcj0xX2HgXCOPNf27njMIxQWRjA89EU6v1V1XdX/XZcG1XySo9SR1qp/w48UNKe1
8/jZ4N+ckMUhFSHz2Hq6UzYA501SIlqi3O8Y3MyCZOFzi3BybbZIsM4Q4gSU4phN
7vQZL2yhucB/Zf3QGxoKMnZwqOCQckjZJzS3eNAXDp/OltFgQOTLuOqt/6JGpWVv
9bPqGTEpPvnLgn/PZB/PT66MH0E2/eTN+qprB2cDIVW/nZTMWV+/13Jeo3Q3Lj31
7lp0ZUcCAwEAAaOBhTCBgjApBgNVHQ4EIgQgoufiMHKDA69ia9OR052LUBIQFTak
U4nPOjOIWorVG80wKwYDVR0jBCQwIoAgoufiMHKDA69ia9OR052LUBIQFTakU4nP
OjOIWorVG80wDAYDVR0TBAUwAwEBADAaBgNVHREEEzARgg9yZWRraXRlaXQuY28u
dWswDQYJKoZIhvcNAQELBQADggEBAKWvQKcF07liS+0JNL6jNciTvhUsmleYp7Fc
9+W9EOZZwW7vq/0o1OjlUmTtkXGPgMbHAqcG0aY3SwFqyZUFDh3E/lVMvCZc0dkZ
Ba6EYKJBR5S/g8dPJpCtimuLZjy2a+NXzPFdAo0cLVe9A5ke0pXtcNYqcCHNFDIU
R8Vyh/FOBLYJs5UVLXvgWSoFnvaXuJrNfVwv/x9c4Wnm/vzihLNHDhyLV4izP1nK
KXkTLQM7naGzO0X1/grhXNSJjH14kSBtOXXFnQL3Itf/UuEWvhqSzbbpEoR4DTlV
cnHx8RC3jbFJ51jSY85tSjD2afhkqLdY4zY5CqMrnYsSej79Zzs=
-----END CERTIFICATE-----
On the above website the 256 comes back as:
6f90ebdb99a11f0efca1f28d8fea3f8819e9a99cbedb96834493f5f4826e69cb
Delphi comes back with:
hexa =4BCE77239C9933A160F865EB8EA83357FA6F4BEB92ECC56C31830BDE7110CFE3
I basically can't get the SHA2Hash component to match the example internet site fingerprint. As far as I know the fingerprint hash is of the whole cert so includes BEGIN/END. Might be I'm hashing the wrong text though I've tried just the CrtStr but didn't work either?
To compute the fingerprint, you need to convert the certificate (only the base64 string, so without the BEGIN/END tags) from base64 to raw format. You can use TConvert.FormatToString with AType := base64 to do that. Then you can hash the string with TSHA2Hash component.
Best regards,
Marion
This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.