OpenSolaris

Printable Version Enter a New Search
Bug ID 6887337
Synopsis pktool gencert should use SHA1 instead of MD5
State 10-Fix Delivered (Fix available in build)
Category:Subcategory solaris-crypto:key_mgmt_tools
Keywords
Responsible Engineer Wyllys Ingersoll
Reported Against
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_126
Fixed In snv_126
Release Fixed solaris_nevada(snv_126)
Related Bugs
Submit Date 1-October-2009
Last Update Date 21-October-2009
Description 
this:

$ pktool gencert keystore=file outcert=server3.crt outkey=priv3.pem format=pem  subject="CN=test" keytype=rsa keylen=1024 serial=01

generates a certificate with md5WithRSAEncryption as a signature algorightm. We should rather use sha1WithRSAEncryption.

$ openssl x509 -in server3.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=test
        Validity
            Not Before: Oct  1 14:44:00 2009 GMT
            Not After : Oct  1 14:44:00 2010 GMT
        Subject: CN=test
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:9f:a0:20:fe:d6:bc:85:e9:96:ba:6b:bf:ae:35:
                    c6:48:a8:93:39:93:7e:09:54:fd:8a:69:35:61:db:
                    10:ef:d7:e2:3c:a6:ba:32:d1:9e:dd:73:df:ae:ec:
                    02:60:ec:69:23:90:14:73:7c:b3:df:54:65:61:a8:
                    98:bf:5f:bd:77:07:64:21:04:60:c6:76:9f:34:44:
                    e8:0b:15:c1:b0:31:5e:0c:22:f9:62:42:96:47:06:
                    eb:0b:0e:a9:93:17:21:57:b0:10:37:c9:1b:5a:8a:
                    83:9e:a0:8c:80:7e:dd:bb:31:58:fc:40:be:96:fa:
                    44:a2:fa:e3:3a:b6:30:88:47
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
        6f:12:84:c7:06:1b:95:31:32:f9:90:db:80:fe:32:a5:cc:c8:
        dc:b7:95:97:63:5e:67:d2:41:01:74:5b:e8:a3:c2:ea:f3:48:
        56:64:2a:e8:2b:09:b7:3b:5e:6a:21:97:6d:cb:8b:ab:14:4d:
        25:60:87:a6:fb:58:a0:f0:e8:d8:cc:37:44:37:b1:1a:fb:a1:
        d1:cc:f8:e4:f4:c0:b8:f3:10:de:72:10:89:38:c3:75:4f:ed:
        d0:2e:6e:a0:2e:38:96:79:f2:1f:61:be:7e:63:8d:fa:b7:a6:
        be:c7:6a:dc:04:19:0c:02:f9:8a:31:14:1d:3e:a1:95:52:95:
        3e:4c
-----BEGIN CERTIFICATE-----
MIIBkTCB+6ADAgECAgEBMA0GCSqGSIb3DQEBBAUAMA8xDTALBgNVBAMTBHRlc3Qw
HhcNMDkxMDAxMTQ0NDAwWhcNMTAxMDAxMTQ0NDAwWjAPMQ0wCwYDVQQDEwR0ZXN0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfoCD+1ryF6Za6a7+uNcZIqJM5
k34JVP2KaTVh2xDv1+I8proy0Z7dc9+u7AJg7GkjkBRzfLPfVGVhqJi/X713B2Qh
BGDGdp80ROgLFcGwMV4MIvliQpZHBusLDqmTFyFXsBA3yRtaioOeoIyAft27MVj8
QL6W+kSi+uM6tjCIRwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG8ShMcGG5UxMvmQ
24D+MqXMyNy3lZdjXmfSQQF0W+ijwurzSFZkKugrCbc7Xmohl23Li6sUTSVgh6b7
WKDw6NjMN0Q3sRr7odHM+OT0wLjzEN5yEIk4w3VP7dAubqAuOJZ58h9hvn5jjfq3
pr7HatwEGQwC+YoxFB0+oZVSlT5M
-----END CERTIFICATE-----
Work Around 
N/A
Comments 
N/A