使用根私鑰在 X.509 證書中重建簽名

我創建了一個根 CA，比如說 A。

我為 B 創建了證書籤名請求 (CSR)，並獲得了 A 簽名的證書。我想知道簽名的確切內容。

這是我的根 CA 密鑰：

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1YlHGeuAr2VUYjKzJYhdKcSiJwAwJRofOvmrYt5QgAhjEMZO
Omqu5gP9U9TqNvzQO3KPOYZCbbE3hRAGX8xRqNH/qhlFFSeHlv4W5w1vv2LHeq+q
09ugXydm9+XgUEX22lUD8YkveT5ZMEq5ZJ30Lz9Ii55NjYf04n36KRGKOAKYZdCs
1+EHEBOyHLiF09zl7MRgBjsk3eVI/mcooeGC0JZqAA2S3iccP3M9pfzH/dSbBDL+
wBUQvOzaN8hQL84rscoYyMlplYJKlFewuMXQLlQIfVzGhPai+fR8aN1l5ukn3ckC
Nd/7QXCO+ePKYqV/f3iv2Kv7pH68HrCy63zBOwIDAQABAoIBADMrv38loWPmu28A
yU9wOyscNON1txPdC6jdVcXOkqnr2JmXe/2hvSHfyOBDAJGGyfvE+y+EzfxtYGmh
qnVgiB0VndfMUHK+U07KuwBJhwLtD/KFkEFOu0KyNYmoa7Ww3nP5tYU3I8pBN6xL
69uBwpdj6eWTXPBSqUtxdvZKfr3m6SB0ZU0ssRbTQXTGpwTiI21ga3aFckm9ro3l
g7oYqQDltJgOgBA+Psy6QdY5ryXaZY4PmvcBLNzUtEZWTgezFFml5lDiQHouE3rP
x+AfApgh5l/G8l2A0gfInLxxHRBU86mLcGnLztbpMXlNaHAPcT2PBJG6NpkoGHBu
jgRVwGECgYEA9UmN976npQm1d8p41gqxDKLu2E0DJ7MF0IPjIa1zjVrdbp33HoxE
MllnZNrgdG8G38NG48Z6Rs1ZKkeqde7hcR++2J7TSuzR6e0UEH7STAPWUaakpuns
ztQnZicvn7JKTkT9ltKGnWfaspf6D/HwJzwtArxGFDnBct6jUDB1UusCgYEA3ty6
legDT0mBH2iYVRS0lsYYeqbEmbsqcsOS2bomFo6iclUDXU7EmA3VwKDNYHWHZ350
R5iQs3DlapxvvZCI50mNJnYkEKqBcAKkCEpmfRbXQtlvqkyx6UNoonC5gJx8v9V6
2LpwdEBgRlPyA2CngC7RYzEvTuMCgTvlT8ZclvECgYEAv9k/BAYH44q7d61SY79L
CWIqw91AWX2pT5TIQuACYA4w4UMGNMtqz6Kjvvt+0TLBwqRevurPWq9kTTBuf/1O
MQeuYomfI5wk9v0qU1iOLUxXBdf8Ml0GjiLbigeeNR7jBWLqoVuaVGUVZdh+ipgl
yNpFLj2J5mniB3FhdOfh6+8CgYArOXZ68rgJncEMfXXmMpDgGWXQDB5fjryp66LE
1eTjRSDeufxgEZHxx+UoakfLKKBtg0o8RKv0EbZ9WgAWLT1QVqSozAssrFVUiz6T
WRLNuitgDNoqlpt/GZLmxqRD/JX5gwdDl82NzpqdqVRsMUfrhakY6wY477ChriNI
uLlmkQKBgCbVPWJPZeLvs8LCXHHKOUAu+g7AU/7zPsBNcPT7wd47dDQ7Ei1wheUG
lANtZ2lmScSyymlfnKz5yaQXKxWP10UNJblQGO609Wg4sDbVVFah7cfQDHfG0LNb
ZCVRWt8LTlDadLc04FBFofF4Qc78dwMQOFMFpZJc9xp1OZ4BGOEQ
-----END RSA PRIVATE KEY-----

這是B的CSR

-----BEGIN CERTIFICATE REQUEST-----
MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCYWExCzAJBgNVBAgMAmFhMQswCQYDVQQH
DAJhYTELMAkGA1UECgwCYWExCzAJBgNVBAsMAmFhMRIwEAYDVQQDDAlhdHRlc3Rf
Y2ExETAPBgkqhkiG9w0BCQEWAmFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqVQVwOFDpMsIRceGSf43G+i7NF2NI8kiC4Vgk6yEeqJAdYBVL+Psq3Vi
/SCBQMclXb9B/yV1M/HQvepZDsp7zxl5x0rCCvBY5zd65Dzb5JLz3TtrFkJvxaDl
qF32gfIw/vwHmtbHZYXiqVJZwOco0I3KTOZpDCeIHy6M+3cm6hjN659i+IHkihUV
F2cZ1pu7To5NbkeqxtTxpIsaJXu/9yxgM4w9iilEmi7A6TDtLPKhDNkQzOo1Pa9F
FEsb5R0f/zpCz7vPQVeYFk72HcEHA8OtMy7EvNcapIbrPlVoRsjk66StJ1sKoBN7
xk2UlG/1U3CBR/KmZc7/4dhYtWbg6wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
AHyEo+Xl3oxvsE4ft9QkrBjE+JwBqCi5eSk2Fxer0bfcilyCy3bkWN+qSU2JAOOn
pSoytgNnGEz/ZR37ZLAU7I3abecpahshkPq+YXngex0q0PuMWaO5+p+T4gwZLpNB
rj5+dXk4hoeWJDmpNjv2me7CCBvBZIdsx84utpLyuf9kuLULUbfkLMgn2klEu803
+B2uMr92zbOudNTscg0IK6DwuU/gupN15s7k4Dw3EfHuw/Wk/5pDkHSz/ruKMf13
FZUSoV4r3AtQhpmKOPxjS4ciBGAFwReLOjCprDbpDrqEN6QwMy5Bb/Ganee6SUca
kdydtt1K5PCndZhCsyxuwEo=
-----END CERTIFICATE REQUEST-----

這是B的證書。

-----BEGIN CERTIFICATE-----
MIIDvDCCAqSgAwIBAgICASAwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCSUwx
CzAJBgNVBAgMAk5JMREwDwYDVQQHDAhMb2NhdGlvbjEMMAoGA1UECwwDUiZEMQ4w
DAYDVQQKDAVURUxJVDEQMA4GA1UEAwwHY2FfY2VydDAeFw0xNzA3MTQwNDA2MzBa
Fw0xODA3MTQwNDA2MzBaMGgxCzAJBgNVBAYTAmFhMQswCQYDVQQIDAJhYTELMAkG
A1UEBwwCYWExCzAJBgNVBAoMAmFhMQswCQYDVQQLDAJhYTESMBAGA1UEAwwJYXR0
ZXN0X2NhMREwDwYJKoZIhvcNAQkBFgJhYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKlUFcDhQ6TLCEXHhkn+NxvouzRdjSPJIguFYJOshHqiQHWAVS/j
7Kt1Yv0ggUDHJV2/Qf8ldTPx0L3qWQ7Ke88ZecdKwgrwWOc3euQ82+SS8907axZC
b8Wg5ahd9oHyMP78B5rWx2WF4qlSWcDnKNCNykzmaQwniB8ujPt3JuoYzeufYviB
5IoVFRdnGdabu06OTW5HqsbU8aSLGiV7v/csYDOMPYopRJouwOkw7SzyoQzZEMzq
NT2vRRRLG+UdH/86Qs+7z0FXmBZO9h3BBwPDrTMuxLzXGqSG6z5VaEbI5OukrSdb
CqATe8ZNlJRv9VNwgUfypmXO/+HYWLVm4OsCAwEAAaN7MHkwCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFFUWxC1g2FZNctMSRNv6f4Qs6NNJMB8GA1UdIwQYMBaAFEgmfn6A6GJM
/GoDeqk5zys7tLhfMA0GCSqGSIb3DQEBCwUAA4IBAQA7MziWkbYcxOSGbAKEOVXB
thrI6CWpVfvv+fHqLZtYDElMc4Aa1sKfgju05ysIFMvKZrexqTyqptEdylIT6Vie
kgfyNPQmztYHONWmc/Y7D4Gd1AfnYQ3h3fthl/dDDZoO6Fd6MvbhxMDTX3uTIhiM
QuyN5knpORxnwNM5fIwKU7nNs5ZEmzMLtFpO558Wro+IMspX0iQmvSqKkLU94nOI
SNH8p6rpU4ilWzCZT55lhd19aZkXP5WfjOzwFPiLoP2f2ktfAG7cAeOBqjHBPmtG
5yEan5bOOL87kr1rz2OYf9Xd8Pffe5Jj7jTqLq2hZGFGsAXm3A+4xrtFNL6AJ7kp
-----END CERTIFICATE-----

這是上述證書的簽名部分：

Signature Algorithm: sha256WithRSAEncryption
    3b:33:38:96:91:b6:1c:c4:e4:86:6c:02:84:39:55:c1:b6:1a:
    c8:e8:25:a9:55:fb:ef:f9:f1:ea:2d:9b:58:0c:49:4c:73:80:
    1a:d6:c2:9f:82:3b:b4:e7:2b:08:14:cb:ca:66:b7:b1:a9:3c:
    aa:a6:d1:1d:ca:52:13:e9:58:9e:92:07:f2:34:f4:26:ce:d6:
    07:38:d5:a6:73:f6:3b:0f:81:9d:d4:07:e7:61:0d:e1:dd:fb:
    61:97:f7:43:0d:9a:0e:e8:57:7a:32:f6:e1:c4:c0:d3:5f:7b:
    93:22:18:8c:42:ec:8d:e6:49:e9:39:1c:67:c0:d3:39:7c:8c:
    0a:53:b9:cd:b3:96:44:9b:33:0b:b4:5a:4e:e7:9f:16:ae:8f:
    88:32:ca:57:d2:24:26:bd:2a:8a:90:b5:3d:e2:73:88:48:d1:
    fc:a7:aa:e9:53:88:a5:5b:30:99:4f:9e:65:85:dd:7d:69:99:
    17:3f:95:9f:8c:ec:f0:14:f8:8b:a0:fd:9f:da:4b:5f:00:6e:
    dc:01:e3:81:aa:31:c1:3e:6b:46:e7:21:1a:9f:96:ce:38:bf:
    3b:92:bd:6b:cf:63:98:7f:d5:dd:f0:f7:df:7b:92:63:ee:34:
    ea:2e:ad:a1:64:61:46:b0:05:e6:dc:0f:b8:c6:bb:45:34:be:
    80:27:b9:29

所以我想知道，因為我有根 CA 私鑰和 B 的 CSR，如何找出證書 B 中生成簽名的機制。有人可以解釋一下如何重新計算簽名嗎？

X.509 證書的簽名是通過RFC5280中定義的 ASN.1 類型TBSCertificate的 DER 編碼計算的。

引用自：https://crypto.stackexchange.com/questions/50132