💾 Archived View for rawtext.club › ~sloum › geminilist › 001564.gmi captured on 2020-11-07 at 02:18:45. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Thu Jun 11 20:50:18 BST 2020
- - - - - - - - - - - - - - - - - - -
On Thu, Jun 11, 2020 at 03:33:37PM -0400, Michael Lazar wrote:
I am storing them in the database as base64-encoded strings. But it would not
be hard to convert between the two text formats as long as the fingerprint
bytes are the same. What we're discussing here (to my knowledge) is two
different text representations of the same SHA256 digest of the public x509
certificate DER [0][1]. That's the standard way to do certificate
fingerprinting from what I can tell.
Ah, right, if everybody is already using SHA256 then, yes, we can stickto that and the different serialisations are convertible. And I don'tsee any reason not too. From what I can tell there (somewhatsurprisingly) really isn't a standard notion of certificatefingerprinting, but SHA1 and SHA256 seem to be the most commonly used byweb browsers.
I will express a moderate preference for the "hexadecimal with colonsbetween bytes" notation. It takes up more space than base64, but as apubnix admin I have people mailing me ssh public keys all the time.Sometimes they attach them, and I'm happy, but other times they justpaste 'em right into the email and either their mail client splits thekey over several lines and I have to join them back together, or theyare sent as one long line and then mutt wraps them on my end and inserts+s or =s or somesuch where it wraps, which blend right in with theactual key content. It's a fiddly thing. The hexadecimal colon formatis way easier to work with via eyeball.
Cheers,Solderpunk