000021821 - The MD5 Hash of a certificate shown in the KCA is different from the MD5 Hash shown for that same certificate by OpenSSL

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021821
Applies ToKeon Certificate Authority 6.5.1
OpenSSL
IssueThe MD5 Hash of a certificate shown in the KCA is different from the MD5 Hash shown for that same certificate by OpenSSL
ResolutionThis is a normal condition. The MD5 Value of the certificate stored in the OpenSSL is different because the same data in the certificate has been repackaged into a slightly different format for storage as an object, resulting in a different MD5 Hash value.

The MD5 value in the KCA is a unique value used for internal purposes only. The MD5 hash value can not be used to reliably coordinate identification of certificates between the KCA and external systems, and is a fast method for looking up the Certificate object within the KCA database.

About MD5 Hash Values:

An MD5 Hash is the small product resulting from applying the MD5 algorithm to a larger object. It results in a smaller object loosely analogous to a thumbnail of a picture. The major differences in a MD5 Hash and a thumbnail  is that while none of the original data is discernable from viewing the MD5 Hash object, any minor modification to the original object will result in a completely different MD5 value for that object.

The original signed MD5 value is compared to an MD5 of the received object to determine authenticity when transferring electronic documents and for other cryptographic purposes. In this way, a message can be sent unencrypted via email with an encrypted MD5 Hash (digital signature), and can be determined to have arrived untampered with. Upon receipt of the email, the receiving side generates an MD5 of the document, and compares that with the signed MD5 sent along with the document. If they match, then the document has not been modified in transit.
Legacy Article IDa25260

Attachments

    Outcomes