From 54dd4617332ef08ea24b25b4c3c7a5da0c466bd9 Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Wed, 3 May 2017 11:01:33 -0700 Subject: [PATCH] Add option to print the SHA256 hash of a certificate. This hash isn't the SKI --- it's a SHA256 hash of the raw certificate contents. --- cmd/certdump/certdump.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/cmd/certdump/certdump.go b/cmd/certdump/certdump.go index 103fe6b..f9d8651 100644 --- a/cmd/certdump/certdump.go +++ b/cmd/certdump/certdump.go @@ -6,6 +6,7 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rsa" + "crypto/sha256" "crypto/tls" "crypto/x509" "crypto/x509/pkix" @@ -116,7 +117,10 @@ func showBasicConstraints(cert *x509.Certificate) { const oneTrueDateFormat = "2006-01-02T15:04:05-0700" -var dateFormat string +var ( + dateFormat string + showHash bool // if true, print a SHA256 hash of the certificate's Raw field +) func wrapPrint(text string, indent int) { tabs := "" @@ -129,6 +133,9 @@ func wrapPrint(text string, indent int) { func displayCert(cert *x509.Certificate) { fmt.Println("CERTIFICATE") + if showHash { + fmt.Println(wrap(fmt.Sprintf("SHA256: %x", sha256.Sum256(cert.Raw)), 0)) + } fmt.Println(wrap("Subject: "+displayName(cert.Subject), 0)) fmt.Println(wrap("Issuer: "+displayName(cert.Issuer), 0)) fmt.Printf("\tSignature algorithm: %s / %s\n", sigAlgoPK(cert.SignatureAlgorithm), @@ -273,6 +280,7 @@ func displayAllCertsWeb(uri string, leafOnly bool) { func main() { var leafOnly bool + flag.BoolVar(&showHash, "d", false, "show hashes of raw DER contents") flag.StringVar(&dateFormat, "s", oneTrueDateFormat, "date `format` in Go time format") flag.BoolVar(&leafOnly, "l", false, "only show the leaf certificate") flag.Parse()