zoukankan      html  css  js  c++  java

  • 数字证书格式编码

    ASN.1描述与实例

    1.TBSCertificate 的 ASN.1描述与实例

    TBSCertificate格式用ASN.1描述如下:
    TBSCertificate :=SEQUENCE {
    version
    [0] EXPLICIT Version DEFAULT v1,
    serialNumber
    CertificateSerialNumber,
    signature
    Algorithmldentifier,
    issuer
    Name,
    validity
    Validity,
    subject
    Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID[1] IMPLICIT Uniqueldentifier OPTIONAL,
    -- If present, version MUST be v2 or v3

    subjectUniqueID [2] IMPLICIT Uniqueldentifier OPTIONAL,
    -- If present, version MUST be v2 or v3
    extensions[3]EXPLICIT Extensions OPTIONAL
    -- If present, version MUST be v3
    }
    Extensions ::=SEQUENCE SIZE (1..MAX) OF ExtensionTBSCertificate 中各项内容具体值如表13-3所示。

    TBSCertificate
    version 02

    serialNumber

    		 04 96

    signature

    		  

    sha 1 WithRSAEncryption ( 1.2.840.113549.1.1.5)
     

    issuer

    		  

    “CN=Virtual CA,C=CN”
     

    validity

    		  

    notBefore=20200222000000、notAfter=20220222000000
     

    subject

    		  

    “CN=chenshaoqing,OU=Person,C=CN”
     

    subjectPublicKeyInfo

    		  
     

    issuerUniquelD
    subjectUniquelD

    		  空
     

    extensions

    		  

    包含6个扩展项(Extension ): basicContraints、subjectKeyldentifier、keyUsage、extKeyUsage,netscapeCertType、authorityKeyIdentifier

    2. Extension的ASN.1描述与实例Extension格式用ASN.1描述如下:
    Extension :=SEQUENCE {
    extnID
    OBJECT IDENTIFIER,
    critical
    BOOLEAN DEFAULT FALSE,
    extnValue
    OCTET STRING }
    Extension各扩展项值如表13-4所示。

    3. Certificate 的ASN.1描述与实例Certificate格式用ASN.1描述如下:
    Certificate ::=SEQUENCE {
    tbsCertificate
    TBSCertificate,
    signatureAlgorithm
    AlgorithmIdentifier,
    signature Value
    BIT STRING }
    Certificate中各项内容的具体值如表13-5所示。

    DER编码过程
    1.对Extension进行DER编码
    各扩展项具体内容用ASN.1描述如下:
    BasicConstraints ::=SEQUENCE{
    cA
    BOOLEAN DEFAULT FALSE,
    pathLenConstraint
    INTEGER (O..MAX)OPTIONAL}
    SubjectKeyIdentifier ::= Keyldentifier
    (KeyIdentifier ::= OCTET STRING)KeyUsage ::= BIT STRING
    ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX)OF KeyPurposeld

    (KeyPurposeld ::= OBJECT IDENTIFIER)NetscapeCertType ::= BIT STRING
    AuthorityKeyldentifier ::=SEQUENCE{
    keyIdentifier
    [O] KeyIdentifier
    OPTIONAL,
    authorityCertIssuer
    [1]GeneralNames
    OPTIONAL,
    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }(KeyIdentifier ::= OCTET STRING)
    Extension为 SEQUENCE结构类型,不同扩展项DER编码值包含在OCTET STRING类型extnValue中,编码规则采用结构类型定长模式。各扩展项DER编码值用括号分隔。其中,对于BIT STRING类型,编码后第1个字节表示填充位数或未使用位数。

    2.对TBSCertificate进行DER编码
    TBSCertificate内容编码规则采用结构类型定长模式,具体编码过程如表13-7所示。

    1、序列号=1174(0x0496)

    echo -n -e "xA0x03x02x01x02x02x02x04x96x30x0Dx06x09x2Ax86x48x86xF7x0Dx01x01x05x05x00" > 20181217.der

    2、证书签发者 DN="CN=Virtual CA

    echo -n -e "x30x22x31x0Bx30x09x06x03x55x04x06x13x02x43x4Ex31x13x30x11x06x03x55x04x03x13x0Ax56x69x72x74x75x61x6Cx20x43x41" >> 20181217.der

    3、证书有效期=20200222000000-20220222000000

    echo -n -e "x17x0Dx32x30x32x30x30x32x32x32x30x30x30x30x5Ax17x0Dx32x30x32x32x30x32x32x32x30x30x30x30x5A" >> 20181217.der

    4、证书持有者DN=CN=你的名字拼音, OU=Person

    echo -n -e "x30x37x31x0bx30x09x06x03x55x04x06x13x02x43x4ex31x11x30x0fx06x03x55x04x0ax13x08x32x30x31x38x31x32x31x37x31x15x30x13x06x03x55x04x03x13x0cx63x68x65x6Ex73x68x61x6Fx71x69x6ex67x20" >> 20181217.der
  • 相关阅读:
    qt做触摸屏演示程序
    sis9280触摸ic 基于rk3288 的安卓4.4的 多点触摸
    自己动手做logo
    把代码做成库文件,防止修改或者查看。
    闲事无聊恳这个
    Python特殊序列d能匹配哪些数字?
    Python正则表达式re.search(r'*{3,8}','*****')和re.search('*{3,8}','*****')的匹配结果为什么相同?
    Python正则表达式re.match(r"(..)+", "a1b2c3")匹配结果为什么是”c3”?
    Python匹配对象的groups、groupdict和group之间的关系
    Python正则表达式处理中的匹配对象是什么?
  • 原文地址:https://www.cnblogs.com/cindy123456/p/14904934.html
Copyright © 2011-2022 走看看