Confirm, administrator
5,526
edits
Changes
continued drafting text
* Compare a hash of the public key from the private key
** First check the consistency of a private key
*** openssl rsa -in [privatekey] -check
** Then compare the public key
*** openssl publicKey -in privateKey.key -pubout -outform pem | sha256sum*** openssl x509 -in certificate].crt -pubkey |openssl publicKey -pubin -pubout -outform pem | sha256sum
* Sign a message with the private key and then verify it with the public key.
** openssl x509 -in [certificate] .crt -noout -pubkey > pubkeypublicKey.pem** dd if=/dev/urandom of=rnd random bs=32 count=1** openssl rsautl -sign -pkcs -inkey [privatekey] privateKey -in rnd random -out sigsigned** openssl rsautl -verify -pkcs -pubin -inkey pubkeypublicKey.pem -in sig signed -out check** cmp rnd random check** rm rnd random check sig pubkeysigned publicKey.pem
*** If cmp produces no output then the signature matches.
* Use a well known an existing script/tool
** [https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Hanno Böck's script]: https://github.com/hannob/tlshelpers/blob/master/matchcertkey
***[https://www.sslshopper.com/certificate-key-matcher.html Certificate Key Matcher]
== OCSP ==
