Verify two pfx certificates are not the same without the password

Silverman

12/31/22, 3:08 PM

I need to verify that two pfx files are indeed different certificates, and not the same data pasted two times. My constraints are:

I don't have access to the certificate password, therefore I cannot use tools like "certutil -dump path" etc.
As explained, I cannot rely on the file metadata (creation date, etc.) because I want to verify that the content is actually different.

I understand that the pfx file itself, sitting in the OS' filesystem, will have some metadata (file creation date, etc.) and actual data. I wonder if all the content of the pfx is ciphertext, since it is password protected, or if it contains also some structure like sections, where there is some ciphertext but also some accessible data like certificate ID etc. Obviously I opened both files with a plaintext editor and the content is very different, due to encryption, but I am not sure if I would be able to find common blocks if both certificates where, indeed, the same one.

108

1 + 0

ssl

certificate

Score:1

Server

NiKiZe

12/31/22, 3:35 PM

Unfortunately that is hard to do reliably. Depends on how it was stored, See https://security.stackexchange.com/questions/177874/extract-information-about-certificate-from-a-pfx-file-without-the-password?rq=1

If you are unlucky all data is encrypted. In that case you can compare file contents, but binary data can be completely different, even when they contain the same certificate.

Post with information on how to read PFX files

0 + 2

Silverman

1/2/23, 11:04 AM

Ah yes, the link you provided suggests there is the possibility for containers containing ciphertext, or complete ciphertext from start to finish. Do you have any idea of which file viewer could be used to interpret those sections, if existing?

NiKiZe

1/2/23, 2:18 PM

@Silverman Link added to answer

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Verify two pfx certificates are not the same without the password

TH: ตรวจสอบว่าใบรับรอง pfx สองใบไม่เหมือนกันหากไม่มีรหัสผ่าน

RO: Verificați că două certificate pfx nu sunt la fel fără parola

RU: Убедитесь, что два сертификата PFX не совпадают без пароля

VI: Xác minh hai chứng chỉ pfx không giống nhau nếu không có mật khẩu

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.