p7tool - dogtagpki/pki GitHub Wiki

Displaying PKCS #7 Content

To display the content of a PKCS #7 file:

$ p7tool -d ~/.dogtag/nssdb -i sslserver.p7b -a
Pretty Print of PKCS#7 content:
PKCS #7 Content Info:
    PKCS #7 Signed Data:
        Version: 1 (0x1)
        Digest Algorithm List:
        Content Information:
            PKCS #7 Data:
                <no content>
        Certificate List:
            Certificate (1):
                Data:
                    Version: 3 (0x2)
                    Serial Number: 1 (0x1)
                    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
                    Issuer: "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPL
                        E"
                    Validity:
                        Not Before: Fri Nov 05 20:10:31 2021
                        Not After : Tue Nov 05 21:10:31 2041
                    Subject: "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMP
                        LE"
                    Subject Public Key Info:
                        Public Key Algorithm: PKCS #1 RSA Encryption
                        RSA Public Key:
                            Modulus:
                                f4:13:e4:bd:1f:45:ce:6f:44:f5:c3:c5:86:86:75:
                                84:71:fc:dd:56:b3:a3:ae:e5:cc:44:5f:a1:b7:0f:
                                70:1c:67:83:00:45:11:77:34:5d:31:e0:1c:2b:26:
                                bf:a7:09:2b:19:9e:dc:33:2b:e7:99:5d:02:e4:ed:
                                45:72:6e:47:e0:44:ce:ef:bf:90:02:74:dd:08:81:
                                5f:15:d7:ea:d4:c5:32:56:7e:da:0c:82:78:41:2f:
                                43:1f:21:7a:18:35:74:d8:36:d4:42:af:81:c3:82:
                                80:32:35:e3:2e:ce:9d:17:be:c6:33:a1:26:59:36:
                                87:b3:76:78:a9:98:4b:97:ca:84:5b:83:e8:89:6f:
                                f4:27:83:4a:08:00:c4:2f:35:ca:20:d9:de:6d:e0:
                                9c:4e:c1:23:c7:ba:a6:da:30:30:7d:70:01:e8:15:
                                b9:14:09:82:46:a9:f5:b7:e1:0a:94:4c:1b:9c:76:
                                e1:77:ac:20:c9:06:f3:98:47:71:58:ab:90:0d:90:
                                e4:64:0f:9d:bc:4f:9d:f0:0c:1e:3a:4b:8e:7c:87:
                                1e:70:c2:85:59:06:e5:c0:56:d9:39:b8:c8:98:76:
                                42:f1:18:e1:59:d0:d0:d5:1e:67:c2:6d:a8:34:7c:
                                8a:bf:89:a5:3a:0f:81:91:ff:14:2b:21:ee:2f:ca:
                                c9
                            Exponent: 65537 (0x10001)
                    Signed Extensions:
                        Name: Certificate Authority Key Identifier
                        Key ID:
                            5a:bb:b5:c8:bd:e3:5a:b4:04:7e:9a:d3:0a:2b:88:67:
                            27:68:07:6c

                        Name: Certificate Basic Constraints
                        Critical: True
                        Data: Is a CA with no maximum path length.

                        Name: Certificate Key Usage
                        Critical: True
                        Usages: Digital Signature
                                Non-Repudiation
                                Certificate Signing
                                CRL Signing

                        Name: Certificate Subject Key ID
                        Data:
                            5a:bb:b5:c8:bd:e3:5a:b4:04:7e:9a:d3:0a:2b:88:67:
                            27:68:07:6c

                        Name: Authority Information Access
                        Method: PKIX Online Certificate Status Protocol
                        Location:
                            URI: "http://fedora:8080/ca/ocsp"

                Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
                Signature:
                    a6:34:bf:7b:e7:65:ab:6a:3a:d0:aa:91:1e:e1:f1:44:
                    b9:c1:7b:4c:da:a5:42:80:ce:07:7e:30:ec:b6:34:57:
                    06:34:de:1a:0a:b6:bd:83:15:ee:d9:44:a2:2b:d1:7c:
                    06:4f:23:a3:4a:10:cd:27:52:e8:d9:07:9a:da:f7:b6:
                    08:6d:c5:72:bd:05:20:cc:b0:a8:5e:24:b9:79:b0:fa:
                    40:06:c5:a3:94:31:45:c5:6f:83:ab:6c:65:fe:5c:ec:
                    60:2f:62:c2:40:14:ea:7b:57:4e:b4:9c:70:c8:cc:2f:
                    82:82:15:cf:44:91:a3:bc:c2:76:64:5e:5c:52:9c:25:
                    60:fb:88:45:b5:f0:3a:7f:ef:1b:b5:28:7c:4b:e9:d3:
                    29:d1:d9:4c:a2:26:d5:c4:74:f1:fe:6a:3c:0a:4b:80:
                    3f:95:45:0b:51:5f:fe:3e:bb:e6:42:97:a7:f0:ec:d6:
                    6f:6a:8c:f5:36:56:6a:e7:a1:31:4c:71:7f:a5:83:52:
                    1e:35:00:27:cb:62:70:71:e7:c3:eb:74:7c:6f:6e:05:
                    e1:81:37:3d:d0:af:7e:57:1d:49:4c:b5:d1:aa:54:f3:
                    36:f0:d4:5f:d4:6a:d2:36:7d:ce:5f:cf:4c:79:b4:b8:
                    c8:11:54:2a:68:9b:a1:c7:38:38:64:32:42:5e:ce:cb
                Fingerprint (MD5):
                    BD:77:3E:E9:7A:C4:C5:64:4C:67:FF:CC:92:84:FC:03

            Certificate (2):
                Data:
                    Version: 3 (0x2)
                    Serial Number: 3 (0x3)
                    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
                    Issuer: "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPL
                        E"
                    Validity:
                        Not Before: Fri Nov 05 20:10:33 2021
                        Not After : Thu Oct 26 20:10:33 2023
                    Subject: "CN=fedora,OU=pki-tomcat,O=EXAMPLE"
                    Subject Public Key Info:
                        Public Key Algorithm: PKCS #1 RSA Encryption
                        RSA Public Key:
                            Modulus:
                                ca:53:ea:85:19:7d:2a:9e:53:59:7f:45:5e:21:a0:
                                0d:91:ab:2f:05:7a:e0:26:2f:ba:f5:5f:90:46:67:
                                92:ea:2f:60:95:80:d4:de:84:da:74:ea:86:e2:e8:
                                db:6d:88:30:9b:4d:3f:30:74:ec:51:08:d7:31:3c:
                                b5:77:26:fe:18:73:d0:2f:9b:93:13:bb:61:b3:22:
                                6c:0c:7c:4b:03:76:0f:e7:66:89:bb:21:ac:32:89:
                                27:59:3d:2b:74:99:18:db:27:d6:18:9e:7b:7c:6f:
                                4c:70:90:27:c0:e4:9e:6e:bd:e3:64:aa:56:48:11:
                                62:ea:79:47:8c:b2:6b:e0:1e:84:19:25:5f:4e:0b:
                                56:f2:8d:54:92:34:a3:c5:64:b4:e7:40:c7:21:58:
                                bb:8d:91:e4:82:33:d5:69:43:c3:f3:ba:cb:45:77:
                                3e:7e:29:2d:79:ed:36:6f:03:3f:e4:5a:24:37:28:
                                3f:e3:8d:1d:f6:ce:35:90:61:2e:67:23:d1:88:d7:
                                f1:09:d3:d8:e9:a0:27:da:b8:89:e5:68:04:73:24:
                                f2:e9:2e:21:ac:d2:e7:21:bc:94:fd:44:10:7e:b1:
                                6a:2b:07:96:3c:3b:31:0a:cd:76:a6:12:d8:f3:44:
                                15:8e:05:79:e1:37:33:88:b1:bd:0a:b7:59:99:ff:
                                05
                            Exponent: 65537 (0x10001)
                    Signed Extensions:
                        Name: Certificate Authority Key Identifier
                        Key ID:
                            5a:bb:b5:c8:bd:e3:5a:b4:04:7e:9a:d3:0a:2b:88:67:
                            27:68:07:6c

                        Name: Authority Information Access
                        Method: PKIX Online Certificate Status Protocol
                        Location:
                            URI: "http://fedora:8080/ca/ocsp"

                        Name: Certificate Key Usage
                        Critical: True
                        Usages: Digital Signature
                                Key Encipherment
                                Data Encipherment

                        Name: Extended Key Usage
                            TLS Web Server Authentication Certificate

                Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
                Signature:
                    d1:e7:59:68:ad:0f:de:aa:eb:d4:eb:ba:c9:0d:f5:72:
                    2d:e8:4b:6e:dc:d1:e9:4d:35:5c:0e:50:26:6d:1c:47:
                    91:c7:c4:98:c2:16:a0:ce:50:fb:eb:1e:f4:ac:1d:1e:
                    4c:af:0a:bf:b9:61:8e:25:4b:b8:10:72:b7:46:e9:96:
                    d4:8e:7a:88:ea:14:d1:10:30:1d:c2:51:08:72:60:0c:
                    30:b9:8b:08:b1:43:0a:6c:ed:71:c3:44:f9:07:da:8f:
                    91:46:4d:24:48:54:5e:1f:fa:25:58:e4:48:6b:a7:4f:
                    74:c9:62:3d:5e:f7:c3:48:7e:6c:08:c4:1d:96:eb:ca:
                    40:63:b0:78:6b:50:c3:5f:4d:e4:0d:82:1b:a3:b4:f3:
                    49:c0:6b:db:b3:08:8b:86:fd:06:30:cc:10:78:e5:b7:
                    4c:b4:80:5c:d3:42:09:15:41:16:23:74:29:37:60:97:
                    31:6b:34:c1:c5:b5:ac:93:49:fe:f1:38:cc:59:a5:04:
                    b2:22:44:37:aa:3a:24:ac:f6:aa:bd:ce:2a:51:32:e2:
                    b6:eb:75:c0:38:4b:0f:93:fb:43:00:81:03:69:91:a1:
                    98:2d:3b:37:f2:a2:ce:a7:f7:5f:08:fe:48:0d:c6:e0:
                    94:62:13:dd:4d:54:c2:a5:cd:d7:3a:94:c1:ea:93:7c
                Fingerprint (MD5):
                    E1:8D:25:4A:7F:41:63:68:33:88:D5:6B:DC:B4:28:94

        Signed Revocation Lists:
        Signer Information List:
⚠️ **GitHub.com Fallback** ⚠️