X509_CertThumb calculates the thumbprint (message digest hash) of an X.509 certificate.
Public Declare Function X509_CertThumb Lib "diCrPKI.dll"
(ByVal strCertFile As String, ByVal strHexHash As String,
ByVal nHexHashLen As Long, ByVal nOptions As Long) As Long
nRet = X509_CertThumb(strCertFile,
strHexHash, nHexHashLen, nOptions)
String with the filename of the X.509 certificate
(or base64 representation).String to receive the message digest.Long specifying the maximum length of the digest string.Long Option flags. Select one of:
long _stdcall X509_CertThumb(const char *szCertFile, char *szHash, long nHashLen, long flags);
Long: the number of digits set in the output string or a negative error code.
The maximum length of the digest string is PKI_MAX_HASH_CHARS characters, depending on the algorithm.
C/C++ users should allocate one extra for the terminating NUL character.
The default hash algorithm is SHA-1 and the result should
match the SHA-1 thumbprint shown in the Windows Certificate Viewer.
These examples compute the SHA-1 message digest hash ("thumbprint") of Alice's certificate from S/MIME examples.
Dim nRet As Long Dim strCertName As String Dim strHexHash As String strHexHash = String(PKI_SHA1_CHARS, " ") strCertName = "C:\Test\AliceRSASignByCarl.cer" nRet = X509_CertThumb(strCertName, strHexHash, Len(strHexHash), 0) Debug.Print "X509_CertThumb returns " & nRet & " for " & strCertName Debug.Print strHexHash
In C:
long lRet;
char *certname = "C:\\test\\AliceRSASignByCarl.cer";
char hexdigest[PKI_SHA1_CHARS+1]; /* NB one extra */
lRet = X509_CertThumb(certname, hexdigest, sizeof(hexdigest)-1, 0);
printf("X509_CertThumb returns %ld for %s\n", lRet, certname);
printf("%s\n", hexdigest);
Both of these should result in
X509_CertThumb returns 40 for C:\Test\AliceRSASignByCarl.cer b30c48855055c2e64ce3196492d4b83831a6b3cb
X509_CertIsValidNow X509_VerifyCert