jsrsasign - how to extract an x.509 certificate's fingerprint?

Question

Is it possible to use jsrsasign to extract the fingerprint of an x.509 certficate, similar to what can be achieved using this openssl command:

openssl x509 -sha1 -in cert.pem -noout -fingerprint - Ref: openssl x.509 doc

I'm reading my X509 like so:

var c = new X509(); c.readCertPEM(cert); \\ how to get the fingerprint?

Ref: jsrsasign x.509 apidoc

Answer 1

You just need to extract the string from between the "-----BEGIN CERTIFICATE-----" header and "-----END CERTIFICATE----- " footer, base64 decode it and compute SHA1 hash of decoded data.

Answer 2

Thank you for using jsrsasign. You can write like this:

hex = KEYUTIL.getHexFromPEM(certPEMstring);

fingerprint = KJUR.crypto.Util.hashHex(hex, 'sha256');

You can also find a fingerprint example here: http://kjur.github.io/jsrsasign/tool_certview.html

Answer 3

In the version of jsrsasign 10.7.0, You can achieve this by

import { KJUR, pemtohex } from "jsrsasign";


const hex = pemtohex("-----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE----- ");
const fingerprint = KJUR.crypto.Util.hashHex(hex, "sha1")