Solved What does the MESSAGE DIGEST mean in OpenSSL?


Active Member

Reaction score: 3
Messages: 170

Hello everyone,

What does the MESSAGE DIGEST mean in openssl? Is there any difference between -sha256 and none?
openssl req -new -nodes -out req.csr -keyout cert.key -sha256 -newkey rsa:2048



Beastie's Twin

Reaction score: 1,807
Messages: 6,318

Message digest is used to guarantee the authenticity of a sent message. The sender calculates a message digest from the sent message using the agreed algorithm (such as SHA256) and sends the digest along with the message (there are more details of how it's actually done but this is the rough idea). The recipient calculates the same digest from the message they received using the same agreed algorithm and compares the two digests, if they match the message is considered authentic.

The verification is an integral part of many secure protocols such as SSL/TLS when used with HTTP/IMAP/POP/etc. and for example the TLS protocol used by OpenVPN.

In case of certificates like you're creating there (via a CSR) the selected algorithm sets the "Certificate Signature Algorithm" used in created certificate.