What is the difference between serial number and thumbprint?

  • I have problems to understand what is the difference between the serial number of a certificate and its SHA1 hash.

    The MSDN says:

    Serial number A number that uniquely identifies the certificate and is issued by the certification authority.

    So can I identify a certificate by its serial number, right?

    Wikipedia says for the hash:

    Thumbprint: The hash itself, used as an abbreviated form of the public key certificate.

    So the hash identifies the (e.g. RSA) key.

    I currently do some research on Android app certificates and I found some interesting certificates:

    [Issuer][Serial][SHA1 Hash][Valid From]
    [C=US, L=Mountain View, S=California, O=Android, OU=Android, CN=Android, [email protected]][00936EACBE07F201DF][BB84DE3EC423DDDE90C08AB3C5A828692089493C][Sun, 29 Feb 2008 01:33:46 GMT]
    [C=US, L=Mountain View, S=California, O=Android, OU=Android, CN=Android, [email protected]][00936EACBE07F201DF][6B44B6CC0B66A28AE444DA37E3DFC1E70A462EFA][Sun, 29 Feb 2008 01:33:46 GMT]
    [C=US, L=Mountain View, S=California, O=Android, OU=Android, CN=Android, [email protected]][00936EACBE07F201DF][0B4BE1DB3AB39C9C3E861AEC1348110062D3BC1B][Sun, 29 
    

    And there are a lot more which share the same serial, but have different hashes.

    So there can be a certificate with different key? Who is actually creating the serial number when creating a certificate for an Android app? For the hash it is clear, but can I create a new certificate with the same serial number as another cert?

    Can I be sure that a certificate with the same serial number was created by the same person?

  • In a certificate, the serial number is chosen by the CA which issued the certificate. It is just written in the certificate. The CA can choose the serial number in any way as it sees fit, not necessarily randomly (and it has to fit in 20 bytes). A CA is supposed to choose unique serial numbers, that is, unique for the CA. You cannot count on a serial number being unique worldwide; in the dream world of X.509, it is the pair issuerDN+serial which is unique worldwide (each CA having its own unique distinguished name, and taking care not to reuse serial numbers).

    The thumbprint is a hash value computed over the complete certificate, which includes all its fields, including the signature. That one is unique worldwide, for a given certificate, up to the inherent collision resistance of the used hash function. Microsoft software tends to use SHA-1, for which some theoretical weaknesses are known, but no actual collision has been produced (yet). A collision attack on SHA-1 has now been demonstrated by researchers from CWI and Google.

    (The thumbprints you show appear to consist of 40 hexadecimal characters, i.e. 160 bits, which again points at SHA-1 as the plausibly used hash function.)

    Do you know is max length of thumbprint determined by any standard? Is 40 chars enough to allocate in database column?

    @MichaelFreidgeim The maximum length depends on the hashing algorithm. Each hash has a different length output. Look at the Output Size in the table here. Bear in mind that if you text-encode your hash output, you'll have to accommodate the encoding overhead in your database field.

    When you say the thumbprint includes the complete certificate, does that include the serial number too? Or just the public key portion?

    Complete means complete. The whole certificate, from the first to the last bit. This includes _everything_: public key, name, serial, extensions, signature...

    So when pinning a certificate it's better to store in the client and validate against the thumbprint hash or the full public key of the certificate? Or does it not matter?

    @cottsak Two certificates (with different thumbprints) can have the same public key. For example: the same key signed by two different (intermediate) CAs.

    @DavidBalažic Which provides more security?

    Well, now there is SHA-1 collisions: shattered.io (tip from StackOverflow's @foo)

    As it currently stands... I cannot find this information anywhere. Does the SERIAL and THUMBPRINT have a FIXED SIZE ? And if yes, what is it ? Thanks

    @Norbert Boros As mentioned above, the serial number must be 20 bytes or less while the thumbprint size depends on the hash algorithm used (see the table in tylerl's comment)

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM