如何将OpenSSL数字签名转换为ASN1?
如何将OpenSSL数字签名转换为ASN1?
提问于 2016-10-26 02:47:26
使用openssl库,我创建了一个文件的数字签名。
我可以看到,如果我使用openssl命令:
openssl rsautl -verify -inkey pubkey.pem -pubin -asn1parse -in sigfile我得到了一个很好的输出,比如:
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - c9 8c 24 b6 77 ef f4 48-60 af ea 6f 49 3b ba ec ..$.w..H`..oI;..
0010 - 5b b1 c4 cb b2 09 c6 fc-2b bb 47 f6 6f f2 ad 31 [.......+.G.o..1如何以编程方式将签名文件转换为可以解析的ASN1?
回答 2
Stack Overflow用户
发布于 2016-10-26 03:59:53
RSA -verify命令输出恢复后的OpenSSL签名数据
-verify验证输入数据并输出恢复的数据。
这意味着返回的是PKCS#1消息。RFC2313之后的数字签名由摘要算法标识符和具有PKCS#7格式的RFC2315格式的RSA私钥的内容的加密摘要组成,如RFC2315的9.1节所述。
signedData ::= SEQUENCE {
version Version,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates
[0] IMPLICIT ExtendedCertificatesAndCertificates
OPTIONAL,
crls
[1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos }所以(如果我没理解错的话),的输出是一个ASN.1序列的摘要算法+解密的摘要(您内容的原始摘要)
要解码它,您可以使用Bouncycastle
public class ASN1Decoder {
private static String opensslOutputB64= "MDEwDQYJYIZIAWUDBAIBBQAEIGGbJmsmf9lg/jeaXjm0XsUZ4ZS7xv0Da/NvPoNiRzRO";
public final static void main(String argv[]) throws IOException{
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(Base64.getDecoder().decode(opensslOutputB64)));
ASN1Primitive obj = bIn.readObject();
System.out.println(ASN1Dump.dumpAsString(obj));
}
}有关更多示例,请查看Parsing ASN.1 binary data with Java
Stack Overflow用户
发布于 2016-10-27 01:08:00
在@pedrofb的帮助下,我设法想出了以下解决方案:
// Get key from cert
CertificateFactory fact = CertificateFactory.getInstance("X.509", new org.bouncycastle.jce.provider.BouncyCastleProvider());
X509Certificate cer = (X509Certificate) fact.generateCertificate(new FileInputStream("/home/administrator/Downloads/cert_1.txt"));
PublicKey key = cer.getPublicKey();
// or read key in from pem file
PublicKey publicKey = ManifestUtils.publicKeyFromPemFile(new FileReader("/home/administrator/Downloads/publickey.txt"));
// Decrypt the signature
Cipher asymmetricCipher
= Cipher.getInstance("RSA/ECB/PKCS1Padding", new org.bouncycastle.jce.provider.BouncyCastleProvider());
asymmetricCipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] plainText = asymmetricCipher.doFinal(
IOUtils.toByteArray(new FileInputStream("/home/administrator/Downloads/signature.sign")));
// print as hex
System.out.println(Hex.encodeHexString(plainText));
// Print the ans1 nicely - ish
ASN1InputStream input = new ASN1InputStream(plainText);
ASN1Primitive p;
while ((p = input.readObject()) != null) {
System.out.println(ASN1Dump.dumpAsString(p));
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/40247454
复制相关文章
相似问题
腾讯云开发者
