You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

All SAML Metadata documents published by ACOnet for the eduID.at service are signed with a 2048-bit sized private key that corresponds to the public key contained in the self-issued X.509 certificate reproduced below in Base64-encoded DER format:

-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIJAJS+3dUtfj7NMA0GCSqGSIb3DQEBBQUAMIG4MQswCQYD
VQQGEwJBVDEjMCEGA1UEChMaQUNPbmV0IC8gVW5pdmVyc2l0YWV0IFdpZW4xOTA3
BgNVBAsTMFplbnRyYWxlciBJbmZvcm1hdGlrZGllbnN0IGRlciBVbml2ZXJzaXRh
ZXQgV2llbjEkMCIGA1UEAxMbQUNPbmV0IE1ldGFkYXRhIFNpZ25pbmcgS2V5MSMw
IQYJKoZIhvcNAQkBFhRhYWkuemlkQHVuaXZpZS5hYy5hdDAeFw0wODA1MjkxMjI3
MjBaFw0xODA1MjcxMjI3MjBaMIG4MQswCQYDVQQGEwJBVDEjMCEGA1UEChMaQUNP
bmV0IC8gVW5pdmVyc2l0YWV0IFdpZW4xOTA3BgNVBAsTMFplbnRyYWxlciBJbmZv
cm1hdGlrZGllbnN0IGRlciBVbml2ZXJzaXRhZXQgV2llbjEkMCIGA1UEAxMbQUNP
bmV0IE1ldGFkYXRhIFNpZ25pbmcgS2V5MSMwIQYJKoZIhvcNAQkBFhRhYWkuemlk
QHVuaXZpZS5hYy5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEg
y0tuWObKZqwfH8pEqs1202hLLEf3A9dn6BSA6C8DeT1BMF1lj7JfM18qBcNp1paz
kSuO2fMI1NUJTuAXGUbfIsedhiV7PUOcYAbOMxP16eoYFAWtIn9j8TlqANlE6lIA
Y/C+o6FZM+awXomOydgpH70cPkEs5DJvmBLJgHMKcoIWrynw72Ejsbm7mAWnKpMB
mtCfAJA7oht5H6cnawhOUfCk7fD+uV4nufoPGAlNJqpdbwsw9DuPMuXSuUhw+D4Z
KRtgQGshojVEe2w0pFRJW97sm8I29AUCPqtIbuDaqXmY02NKU57uaGYUFuPXuDPo
CiRKElHHiNwkmep0nx8CAwEAAaOCASEwggEdMB0GA1UdDgQWBBRMDvgWXOITq/Y4
pQcczif+Ly7y4zCB7QYDVR0jBIHlMIHigBRMDvgWXOITq/Y4pQcczif+Ly7y46GB
vqSBuzCBuDELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGkFDT25ldCAvIFVuaXZlcnNp
dGFldCBXaWVuMTkwNwYDVQQLEzBaZW50cmFsZXIgSW5mb3JtYXRpa2RpZW5zdCBk
ZXIgVW5pdmVyc2l0YWV0IFdpZW4xJDAiBgNVBAMTG0FDT25ldCBNZXRhZGF0YSBT
aWduaW5nIEtleTEjMCEGCSqGSIb3DQEJARYUYWFpLnppZEB1bml2aWUuYWMuYXSC
CQCUvt3VLX4+zTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQASWCbG
/jR4a8lxYvRoh+B7KDQa95R4UPnN1A+pIsGcEkYPa8thqpnHH6vCm6VioIc34wfw
KtruBYVfxrT8Bh7A2kuRCpnXzZtMnFsxRJP5GB28VJc7m7Ev4OjOOVglahPM7xFu
gVFxsxYimah1JQIMAJPHFYgwhEEPMmuwpCd0S9Lj6yVc0VVW0NBeaqTTBRRAQdKX
ekwKYe5tVVuZV/zyXDaXJbCVwEz620VQjJ7o0aU06eJ8Sr3Q4DpXz74b/baWOhA9
3tuzubdIm+mTaEDggMgAV3cZJg+djx2eSmyDQVwxaOZ3ESiR1Gcoz0vCsg8smrZJ
wM0aEN5quFWfiFFE
-----END CERTIFICATE-----

This certificate can also be securely downloaded via HTTPS from this location:

eduID.at SAML Metadata Signing Key

The SHA1 fingerprint of that certificate is:

EE:37:0A:C2:77:56:F8:8B:45:3A:9B:7D:F2:F0:CA:24:C2:14:33:72

You can always contact ACOnet to verify the fingerprint, e.g. via telephone. To calculate the fingerprint of the downloaded certificate use the following openssl command (on MS-Windows you could use these binaries, for example):

openssl x509 -noout -fingerprint -sha1 -in aconet-metadata-signing.crt

Fully optional: Web of Trust check

For added assurance about the authenticity of the certificate you may also download an OpenPGP-signed copy of that certificate, signed with the OpenPGP key of one of the Federation Operators .

$ curl -O https://eduid.at/keys/aconet-metadata-signing.crt.asc
$ gpg --verify aconet-metadata-signing.crt.asc
gpg: Signature made Tue Feb 10 15:19:38 2009 CET using DSA key ID 1ADCD2BE
gpg: Good signature from "Peter Schober <peter.schober@univie.ac.at>"
gpg:                 aka "Peter Schober <peter@metameta.org>"

You may decide to put additional trust in the certificate based on your trust in the Web of trust signatures on that OpenPGP key.

  • No labels