Information Security
certificates trust
Updated Sat, 16 Jul 2022 00:43:29 GMT

Trust and signing: full public key or thumbprint?


Imagine a B2B service where two parties need to set up a two-way trust relationship: Alice will only accept requests from Bob, and Bob wants to know his requests are only going to Alice.

When setting up this relationship, Alice and Bob need to exchange their public keys. But when it comes to verification, is it enough to verify that the certificate thumbprint matches? Or, should Alice and Bob exchange the full public key?

A public key is quite long, and a thumbprint is short, so the thumbprint is more convenient. But since it is shorter, does that mean it has a higher chance of collision? How much safety is lost by only using the thumbprint to identify the caller rather than the full public key?

This page, for example, suggests that the thumbprint is fine for verifying. Can anyone confirm?

And if the thumbprint is enough, why do services like Github expect you to upload your full public key instead of just a thumbprint when establishing trust?




Solution

A hash of the public key is enough, provided it's long enough(I'd recommend 160 bits), and the hash function is resistant against second pre-images.

I guess github wants full public keys because their SSH library expects that. There are also some situations where it's useful to have the full key available. For example you can offline encrypt a message to a certain public key, but not to a hash.

The decision hash vs. public key isn't a decision based on security, but on which one is more convenient for a particular use.





Comments (2)

  • +0 – Thanks for the answer. Do you know of any links/resources to confirm that? — May 26, 2012 at 22:22  
  • +0 – @paulstovell - I agree with codeinchaos. One thing to consider is that you're comparing two different implementations of asym crypto. SSH relies more on p2p trust (similar to PGP/GPG) while PKI relies on a CA hierarchy (or hierarchy of trust - refer to link referenced above). In the PKI model, since trust is hierarchical in, a thumbprint of cert is usually sufficient to assuming OCSP/CDP works (i.e. you can have a valid cert but it might be revoked). SSH is a bit different in that there isn't a hierarchy so a public key provides sufficient assurance. — May 27, 2012 at 05:03  


External Links

External links referenced by this document: