Questions About DigiCert .onion Certificate SubjectPublicKey Hash

Skip to first unread message


Feb 18, 2021, 12:05:31 PM2/18/21

As required by CABForum guidelines, CAs must include the hash of an ASN.1 SubjectPublicKey of the .onion service. For example, shows the SHA256 of the public key of archivev3qli37bju4rlh27glh24lljyezwxf4pokmrdbpefjlcrp5id.onion is 08afa9604f4cd74a1a867f3ffcf61faacdb19785a9d4c378f72a54503f73dd65

Since this a v3 address, it is not difficult to extract the public key from .onion domain. Below is the hexdump of hs_ed25519_public_key

3d 3d 20 65 64 32 35 35 31 39 76 31 2d 70 75 62
6c 69 63 3a 20 74 79 70 65 30 20 3d 3d 00 00 00
04 44 74 54 95 dc 16 8d fc 29 a7 22 b3 eb e6 59
f5 c5 ad 38 26 6d 72 f1 ee 53 22 30 bc 85 4a c5

So the public key (32 bytes long) is just the last two lines of the hexdump, and we can generate the public_key.pem from it, which is

-----END PUBLIC KEY-----

We can also convert it to DER ($ openssl pkey -pubin -outform DER -out public_key.der), and here comes the problem: I tried to hash the DER file, and I got 141dcca6fea50f1c9f12c7150ca157a8e6e7bf7e79a6eb6f592a6235ab57ce23, which is different from what I see in DigiCert's certificate. Any ideas why this happened?

Also, since the support of v2 .onion address will be removed from the Tor code base on July 15th, 2021 and v3 .onion address contains the full public key, I think it is meaningless to have extension after that.


Ryan Sleevi

Feb 18, 2021, 1:17:53 PM2/18/21
to SXIA, mozilla-dev-security-policy
This is already tracked as
and is waiting the completion of SC41v2 in the CA/Browser Forum Server
Certificate Working Group before working on (along with a cluster of
related .onion fixes)
> _______________________________________________
> dev-security-policy mailing list
Reply all
Reply to author
0 new messages