[foaf-protocols] cert:fingerprint ?
melvincarvalho at gmail.com
Tue Nov 22 18:24:03 CET 2011
On 22 November 2011 18:12, Mo McRoberts <mo.mcroberts at bbc.co.uk> wrote:
> On 25 Oct 2011, at 19:53, Kingsley Idehen wrote:
>> On 10/25/11 12:38 PM, Henry Story wrote:
>>> On 25 Oct 2011, at 18:33, Kingsley Idehen wrote:
>>>> Since we have cert:key, what about cert:fingerprint?
>>> How would you define it?
>> Good question since WOT  and these newer Key oriented ontologies aren't aligned. In addition, WOT is conflating public key and x.509 certificate. The fingerprint I am talking about is a hash (md4, md5, sha, sha256, sha512) of the entire x.509 Cert.
> WoT's definition of 'fingerprint' is horribly underspecced — it really needs to specify (even if just by reference!) how the fingerprint is computed: otherwise, how can you ever perform a reliable comparison?
> For reference, a fingerprint which is included in an X.509 cert (e.g., is often used as subjectKeyIdentifier or authorityKeyIdentifier, and presented in many user interfaces) is actually the fingerprint of the DER-encoded public key data and *not* the rest of the cert.
> PGP does things slightly differently, but not significantly so (from RFC4880 §12.2):
> “For a V3 key, the eight-octet Key ID consists of the low 64 bits of the public modulus of the RSA key.
> “The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5. Note that both V3 keys and MD5 are deprecated.
> “A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99, followed by the two-octet packet length, followed by the entire Public-Key packet starting with the version field. The Key ID is the low-order 64 bits of the fingerprint.”
> Note that in neither case does the fingerprint contain any User ID packets (which are combined with the public key packet(s) to constitute a full “PGP Certificate” — the closest equivalent of an X.509 Certificate).
Great info thanks!
What's cool about fingerprint is the simplicity.
<#me> :fingerprint "AB..."
That's all you need to do.
As kingsley has shown you can embed it in worldpress blog, facebook,
google plus, twitter etc.
> Mo McRoberts - Technical Lead - The Space,
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
More information about the foaf-protocols