Introduction
I got an interesting question about X.509 certificate thumbprints today from a colleague. Specifically, he wanted to know if you could renew a certificate and keep the thumbprint. The answer is no, unfortunately. So I thought I would explain why you can’t.
Certificate storage
The X.509 standard was first issued in 1988 and is described in several RFCs. It specifies, among other things, public key certificates, what we commonly refer to as X.509 certificates. X.509 certificates, in turn, currently come in three versions, v1, v2 and v3.
X.509 certificates, as well as many other things in the X.509 standard, are described using Abstract Syntax Notation One (ASN.1). ASN.1 is a standard used to exchange information between systems independently of the systems’ encoding techniques. ASN.1 have several encoding rules:
- Basic Encoding Rules (BER)
- Canonical Encoding Rules (CER)
- Distinguished Encoding Rules (DER)
- XML Encoding Rules (XER)
- Canonical XML Encoding Rules (CXER)
- Extended XML Encoding Rules (E-XER)
- Packed Encoding Rules (PER, unaligned: UPER, canonical: CPER)
- Generic String Encoding Rules (GSER)
The original rules laid out for the ASN.1 standard were Basic Encoding Rules (BER), and CER and DER are more strict variants of BER. Digital certificates are usually stored in the file system as raw binary data, so DER (binary) is the most common. Certificates stored as raw binary usually have a .cer extension, but .der is also in use.
Here is a screenshot of a DER encoded certificate opened in a HEX editor:
Here is the same cert encoded as Base64 also opened in a HEX editor:
Finally here is the same certificate in ASN.1 human readable form (this isn’t the whole cert):
So what does all this mean?
More information
To write this post I created a self signed certificate with my name as the subject. The command I used was this:
makecert.exe -pe -n “CN=Morgan Simonsen” -ss My -r morgan_simonsen.der
You can download all the various versions of the certificate from this post from the following link if you want to look in more detail and compare with what I have written.
There are four files in the archive:
| File | Format |
| morgan_simonsen.der | Binary DER format |
| morgan_simonsen.crt | PEM (Base64) format |
| morgan_simonsen.asn | Raw ASN.1 ASCII data |
| morgan_simonsen.txt | Certutil –dump –asn of the DER cert |
The signature
To produce the certificate signature the signing authority takes the tbsCertificate field in ANS.1 DER encoded form (binary data) and applies the hashing algorithm to it. Inside the tbsCertificate field are some important fields.
Specifically the subject name (CN), the hashing algorithm the signing authority used to sign the certificate and the subject’s public key. By signing all these fields the signing authority certifies that the subject in question does in fact own the public key in the certificate.
It is a requirement that the signature field within the tbsCertificate field match the signatureAlgorithm field in the certificate. The important distinction here is that it is only the signature field inside the tbsCertificate field that is included in the signature, not the signatureAlgorithm field.
The windows cryptographic api
When a certain implementation uses the certificate it calculates and resolves a lot of information not included in the certificate itself. These are things like hash values of various fields and OIDs used to describe e.g. signing algorithms. Certificate Revocation checking is also usually performed and chaining and validation.
Опасно ли передавать третьим лицам свой sha1 certificate fingerprint?
Сертификат – это цифровой документ, который подтверждает ваше владение некоторым закрытым ключом. Его можно передавать другим людям хоть целиком, хоть по частям.
Отпечаток (fingerprint, thumbprint) сертификата – это хеш-функция от сертификата. Имея сертификат, любой может вычислить его хеш-функцию. А поскольку сертификат секретным не является, то и хеш-функция не секретна.
Вот свой закрытый ключ никому передавать нельзя.
Правда, тут есть некоторая терминологическая путаница из-за того что во многих хранилищах, включая файловые контейнеры и системное хранилище сертификатов windows, закрытые ключи хранятся вместе с сертификатами, из-за чего возникает ощущение что вы шифруете своим сертификатом, а не закрытым ключом.
Поэтому передавая сертификат кому-либо, всегда проверяйте что к этому сертификату не “прицеплен” закрытый ключ. Но к отпечатку сертификата закрытый ключ прицеплен быть не может, потому отпечатки можно передавать без каких бы то ни было проверок.
The rfc 5280 x.509 certificate definition
In RFC 5280 the basic syntax of a certificate (using ASN.1) defines three required fields:
| Field | Definition from RFC 5280 |
| tbsCertificate | The sequence TBSCertificate contains information associated with the subject of the certificate and the CA that issued it. Every TBSCertificate contains the names of the subject and issuer, a public key associated with the subject, a validity period, a version number, and a serial number; some MAY contain optional unique identifier fields. |
| signatureAlgorithm | The signatureAlgorithm field contains the identifier for the cryptographic algorithm used by the CA to sign this certificate. |
| signatureValue | The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCertificate is used as the input to the signature function. This signature value is encoded as a BIT STRING and included in the signature field. |
The tbsCertificate field is by far the largest containing also any extensions the certificate may have like key usage, alternate names etc. RFC 5280 lists all the possible extensions. signatureAlgorithm contains only one piece of data; the hashing algorithm used by the signing authority to sign this particular certificate. signatureValue contains the signature itself, calculated with the hashing algorithm from signatureAlgorithm.
Conclusion
So now we have the answer to why you cannot request a new certificate, or renew an existing one, with the same thumbprint. Changing anything in the certificate data will produce a completely different hash result and thus a completely different thumbprint.
The thumbprints purpose is actually to make it easy to locate a particular certificate in the certificate store of a system. Let’s say you have a webserver that needs a certificate. Instead of specifying a certificate by subject name, validity or anything else you just supply the thumbprint to the webserver.