Versions Compared

Old Version 13

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 14

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: re-wrap key in new cert

...

No Format
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIJAJS+3dUtfj7NMA0GCSqGSIb3DQEBBQUAMIG4MQswCQYDMIID6jCCAtKgAwIBAgIJANITq5P0ezzOMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYD
VQQGEwJBVDEjMCEGA1UEChMaQUNPbmV0IC8gVW5pdmVyc2l0YWV0IFdpZW4xOTA3VQQGEwJBVDEPMA0GA1UECgwGQUNPbmV0MSMwIQYDVQQLDBpBQ09uZXQgSWRlbnRp
BgNVBAsTMFplbnRyYWxlciBJbmZvcm1hdGlrZGllbnN0IGRlciBVbml2ZXJzaXRhdHkgRmVkZXJhdGlvbjEmMCQGA1UEAwwdZWR1SUQuYXQgTWV0YWRhdGEgU2lnbmlu
ZXQgV2llbjEkMCIGA1UEAxMbQUNPbmV0IE1ldGFkYXRhIFNpZ25pbmcgS2V5MSMwZyBLZXkxHDAaBgkqhkiG9w0BCQEWDWVkdWlkQGFjby5uZXQwHhcNMTgwNDExMTIw
IQYJKoZIhvcNAQkBFhRhYWkuemlkQHVuaXZpZS5hYy5hdDAeFw0wODA1MjkxMjI3MDA2WhcNMzcxMjMxMTIwMDA2WjCBiTELMAkGA1UEBhMCQVQxDzANBgNVBAoMBkFD
MjBaFw0xODA1MjcxMjI3MjBaMIG4MQswCQYDVQQGEwJBVDEjMCEGA1UEChMaQUNPT25ldDEjMCEGA1UECwwaQUNPbmV0IElkZW50aXR5IEZlZGVyYXRpb24xJjAkBgNV
bmV0IC8gVW5pdmVyc2l0YWV0IFdpZW4xOTA3BgNVBAsTMFplbnRyYWxlciBJbmZvBAMMHWVkdUlELmF0IE1ldGFkYXRhIFNpZ25pbmcgS2V5MRwwGgYJKoZIhvcNAQkB
cm1hdGlrZGllbnN0IGRlciBVbml2ZXJzaXRhZXQgV2llbjEkMCIGA1UEAxMbQUNPFg1lZHVpZEBhY28ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
bmV0IE1ldGFkYXRhIFNpZ25pbmcgS2V5MSMwIQYJKoZIhvcNAQkBFhRhYWkuemlk
QHVuaXZpZS5hYy5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEg
y0tuWObKZqwfH8pEqs1202hLLEf3A9dn6BSA6C8DeT1BMF1lj7JfM18qBcNp1paz
kSuO2fMI1NUJTuAXGUbfIsedhiV7PUOcYAbOMxP16eoYFAWtIn9j8TlqANlE6lIA
Y/C+o6FZM+awXomOydgpH70cPkEs5DJvmBLJgHMKcoIWrynw72Ejsbm7mAWnKpMB
mtCfAJA7oht5H6cnawhOUfCk7fD+uV4nufoPGAlNJqpdbwsw9DuPMuXSuUhw+D4Z
KRtgQGshojVEe2w0pFRJW97sm8I29AUCPqtIbuDaqXmY02NKU57uaGYUFuPXuDPo
CiRKElHHiNwkmep0nx8CAwEAAaOCASEwggEdMB0GA1UdDgQWBBRMDvgWXOITq/Y4
pQcczif+Ly7y4zCB7QYDVR0jBIHlMIHigBRMDvgWXOITq/Y4pQcczif+Ly7y46GB
vqSBuzCBuDELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGkFDT25ldCAvIFVuaXZlcnNp
dGFldCBXaWVuMTkwNwYDVQQLEzBaZW50cmFsZXIgSW5mb3JtYXRpa2RpZW5zdCBk
ZXIgVW5pdmVyc2l0YWV0IFdpZW4xJDAiBgNVBAMTG0FDT25ldCBNZXRhZGF0YSBT
aWduaW5nIEtleTEjMCEGCSqGSIb3DQEJARYUYWFpLnppZEB1bml2aWUuYWMuYXSC
CQCUvt3VLX4+zTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQASWCbG
/jR4a8lxYvRoh+B7KDQa95R4UPnN1A+pIsGcEkYPa8thqpnHH6vCm6VioIc34wfw
KtruBYVfxrT8Bh7A2kuRCpnXzZtMnFsxRJP5GB28VJc7m7Ev4OjOOVglahPM7xFu
gVFxsxYimah1JQIMAJPHFYgwhEEPMmuwpCd0S9Lj6yVc0VVW0NBeaqTTBRRAQdKX
ekwKYe5tVVuZV/zyXDaXJbCVwEz620VQjJ7o0aU06eJ8Sr3Q4DpXz74b/baWOhA9
3tuzubdIm+mTaEDggMgAV3cZJg+djx2eSmyDQVwxaOZ3ESiR1Gcoz0vCsg8smrZJ
wM0aEN5quFWfiFFEwSDLS25Y5spmrB8fykSqzXbTaEssR/cD12foFIDoLwN5PUEwXWWPsl8zXyoFw2nW
lrORK47Z8wjU1QlO4BcZRt8ix52GJXs9Q5xgBs4zE/Xp6hgUBa0if2PxOWoA2UTq
UgBj8L6joVkz5rBeiY7J2CkfvRw+QSzkMm+YEsmAcwpyghavKfDvYSOxubuYBacq
kwGa0J8AkDuiG3kfpydrCE5R8KTt8P65Xie5+g8YCU0mql1vCzD0O48y5dK5SHD4
PhkpG2BAayGiNUR7bDSkVElb3uybwjb0BQI+q0hu4NqpeZjTY0pTnu5oZhQW49e4
M+gKJEoSUceI3CSZ6nSfHwIDAQABo1MwUTAdBgNVHQ4EFgQUTA74FlziE6v2OKUH
HM4n/i8u8uMwHwYDVR0jBBgwFoAUTA74FlziE6v2OKUHHM4n/i8u8uMwDwYDVR0T
AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAGaJ65BAAKb8B4gxSWF2tkkFZ
7ThEftd8pdp7wTdGOb6uR1fh5wnyHs/TZeM7vJHAmqaobekFpFX0LOnDXAQ9k4kI
O+qYYNJas0YcC9n1R/ZZWkPkJpOnbzArBZq5w6gafLLEiK+nc0GX0swyPbsCL+jh
kYMi38ea4xFpzlIvvharYhr+K9X2P2um6Js/YYuB9i4lzRss5JinVIQyc3OY7u62
zqkUDQ/3Ggu2j+GPF/Ij7+jwIuxXuOB3XpvC8zxSQ/unozRTNY3TR7kvcIxyMA9I
Mo0l1Bhktwu7txYDxCUWXmhqakzLIu9OAL+vpdek1QPp4rKST0NMwMK+kETNJQ==
-----END CERTIFICATE-----

...

The fingerprints of that certificate are:

No Format
SHA-1    EE6B:3711:0A58:C268:77AC:566D:F845:8BBC:457E:3A51:9B:7D5D:F245:F022:CA2A:248D:C285:14C1:3302:722F
SHA-256  350A:568B:3A47:36D5:DAB9:77F3:A78C:7661:779A:127A:E999:E6A6:BC62:CAED:F7A5:02A0:D843:4071:26B6:A845:AE17:A72E:DA62:BC2D:5DDB:B9BF:720A:EBE5:BE49:FA17:CB8C:4B2D

You can always contact ACOnet to verify the fingerprint, e.g. via telephone. To calculate the fingerprint of the downloaded certificate use the following openssl command (on MS-Windows you could use these binaries):

...

The commands below will download the Metadata Signing Key (aconet-metadata-signing.crt), a file containing an OpenPGP-signature of it (aconet-metadata-signing.crt.ascand then verify that the Metadata Signing Key has in fact been signed by that OpenPGP-key:

No Format
$ curl -O "https://eduid.at/keys/aconet-metadata-signing.crt{,.asc}"
$ curlgpg -O https://eduid.at/keys/-verify aconet-metadata-signing.crt.asc
$ gpg --verify aconet-metadata-signing.crt.asc
gpg: Signature made MonWed 2311 JunApr 20142018 1503:2335:3510 PM CEST using RSA key ID F868B59A
gpg: Good signature from "Peter Schober <peter@metameta.org>"
gpg:          using RSA key 336A59F993C634AD50D6DBE2AFF60721F868B59A
gpg: Good signature from aka "Peter Schober <peter.schober@univie.ac.at>" [full]
gpg:                 aka "Peter Schober <peter@aco.net>" [full]

How much additional trust you derive from that procedure depends solely on the trust you put into the Web of trust signatures on the OpenPGP key used to sign that file, i.e. whether you believe the people who have signed the eduID.at operator's key to be legit thereby testifying to the authenticity of the identity represented in that OpenPGP key.