Cryptographic keys

The following public key data corresponds to private keys I control. The following is subject to my key signing policy.

• PGP key
  • Binary
  • Signature from CAcert key
  • Signature from Thawte key
  • ASCII
• CAcert.org client certificate
  • Binary (DER)
  • Signature from PGP key
  • Signature from Thawte key
  • ASCII (PEM)
• Thawte Freemail client certificate
  • Binary (DER)
  • Signature from PGP key
  • Signature from CAcert key
  • ASCII (PEM)

Verifying an X.509 (S/MIME) signature

Download the binary form of the key you wish to verify, plus the signature you wish to verify it against. Then, run openssl to run this verification command:

Verifying a PGP signature

Download the binary form of the key you wish to verify, plus the signature you wish to verify it against. Then, run gpg to run this verification command:

Is this X.509 certificate the same one I imported?

If you're not sure that the key you've imported into your browser or mail client is the same as the one you verified, compare the SHA-1 and MD5 fingerprints of the certificate against the SHA-1 and MD5 digest of the DER-formatted certificate.

Why are only the binary versions signed?

Base64-formatted messages, like ASCII-armored PGP and PEM-formatted S/MIME messages, are a very flexible, non-canonical form of the data which provides some potential for collision-based attacks on the signature. The canonical forms used here, as described in my key signing policy, are somewhat less susceptible to such an attack.

The DER forms of the certificates can also demonstrate a correlation between a signature and a certificate imported into your mail client or browser; simply check the SHA-1 or MD5 fingerprint of the certificate against the SHA-1 or MD5 digest of the DER certificate.

Copyright © 2006-2009 Peter S. May. Powered by halbert.