ASN.1描述与实例
1.TBSCertificate 的 ASN.1描述与实例
TBSCertificate格式用ASN.1描述如下:
TBSCertificate :=SEQUENCE {
version
[0] EXPLICIT Version DEFAULT v1,
serialNumber
CertificateSerialNumber,
signature
Algorithmldentifier,
issuer
Name,
validity
Validity,
subject
Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID[1] IMPLICIT Uniqueldentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT Uniqueldentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions[3]EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
Extensions ::=SEQUENCE SIZE (1..MAX) OF ExtensionTBSCertificate 中各项内容具体值如表13-3所示。
|
TBSCertificate |
值 |
| version | 02 |
|
serialNumber |
04 96 |
|
signature |
sha 1 WithRSAEncryption ( 1.2.840.113549.1.1.5) |
|
issuer |
“CN=Virtual CA,C=CN” |
|
validity |
notBefore=20200222000000、notAfter=20220222000000 |
|
subject |
“CN=chenshaoqing,OU=Person,C=CN” |
|
subjectPublicKeyInfo |
|
|
issuerUniquelD |
空 |
|
extensions |
包含6个扩展项(Extension ): basicContraints、subjectKeyldentifier、keyUsage、extKeyUsage,netscapeCertType、authorityKeyIdentifier |
2. Extension的ASN.1描述与实例Extension格式用ASN.1描述如下:
Extension :=SEQUENCE {
extnID
OBJECT IDENTIFIER,
critical
BOOLEAN DEFAULT FALSE,
extnValue
OCTET STRING }
Extension各扩展项值如表13-4所示。
3. Certificate 的ASN.1描述与实例Certificate格式用ASN.1描述如下:
Certificate ::=SEQUENCE {
tbsCertificate
TBSCertificate,
signatureAlgorithm
AlgorithmIdentifier,
signature Value
BIT STRING }
Certificate中各项内容的具体值如表13-5所示。
DER编码过程
1.对Extension进行DER编码
各扩展项具体内容用ASN.1描述如下:
BasicConstraints ::=SEQUENCE{
cA
BOOLEAN DEFAULT FALSE,
pathLenConstraint
INTEGER (O..MAX)OPTIONAL}
SubjectKeyIdentifier ::= Keyldentifier
(KeyIdentifier ::= OCTET STRING)KeyUsage ::= BIT STRING
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX)OF KeyPurposeld
(KeyPurposeld ::= OBJECT IDENTIFIER)NetscapeCertType ::= BIT STRING
AuthorityKeyldentifier ::=SEQUENCE{
keyIdentifier
[O] KeyIdentifier
OPTIONAL,
authorityCertIssuer
[1]GeneralNames
OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }(KeyIdentifier ::= OCTET STRING)
Extension为 SEQUENCE结构类型,不同扩展项DER编码值包含在OCTET STRING类型extnValue中,编码规则采用结构类型定长模式。各扩展项DER编码值用括号分隔。其中,对于BIT STRING类型,编码后第1个字节表示填充位数或未使用位数。
2.对TBSCertificate进行DER编码
TBSCertificate内容编码规则采用结构类型定长模式,具体编码过程如表13-7所示。
1、序列号=1174(0x0496)
echo -n -e "xA0x03x02x01x02x02x02x04x96x30x0Dx06x09x2Ax86x48x86xF7x0Dx01x01x05x05x00" > 20181217.der
2、证书签发者 DN="CN=Virtual CA
echo -n -e "x30x22x31x0Bx30x09x06x03x55x04x06x13x02x43x4Ex31x13x30x11x06x03x55x04x03x13x0Ax56x69x72x74x75x61x6Cx20x43x41" >> 20181217.der
3、证书有效期=20200222000000-20220222000000
echo -n -e "x17x0Dx32x30x32x30x30x32x32x32x30x30x30x30x5Ax17x0Dx32x30x32x32x30x32x32x32x30x30x30x30x5A" >> 20181217.der
4、证书持有者DN=CN=你的名字拼音, OU=Person
echo -n -e "x30x37x31x0bx30x09x06x03x55x04x06x13x02x43x4ex31x11x30x0fx06x03x55x04x0ax13x08x32x30x31x38x31x32x31x37x31x15x30x13x06x03x55x04x03x13x0cx63x68x65x6Ex73x68x61x6Fx71x69x6ex67x20" >> 20181217.der
