Certificates
使用根私鑰在 X.509 證書中重建簽名
我創建了一個根 CA,比如說 A。
我為 B 創建了證書籤名請求 (CSR),並獲得了 A 簽名的證書。我想知道簽名的確切內容。
這是我的根 CA 密鑰:
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA1YlHGeuAr2VUYjKzJYhdKcSiJwAwJRofOvmrYt5QgAhjEMZO Omqu5gP9U9TqNvzQO3KPOYZCbbE3hRAGX8xRqNH/qhlFFSeHlv4W5w1vv2LHeq+q 09ugXydm9+XgUEX22lUD8YkveT5ZMEq5ZJ30Lz9Ii55NjYf04n36KRGKOAKYZdCs 1+EHEBOyHLiF09zl7MRgBjsk3eVI/mcooeGC0JZqAA2S3iccP3M9pfzH/dSbBDL+ wBUQvOzaN8hQL84rscoYyMlplYJKlFewuMXQLlQIfVzGhPai+fR8aN1l5ukn3ckC Nd/7QXCO+ePKYqV/f3iv2Kv7pH68HrCy63zBOwIDAQABAoIBADMrv38loWPmu28A yU9wOyscNON1txPdC6jdVcXOkqnr2JmXe/2hvSHfyOBDAJGGyfvE+y+EzfxtYGmh qnVgiB0VndfMUHK+U07KuwBJhwLtD/KFkEFOu0KyNYmoa7Ww3nP5tYU3I8pBN6xL 69uBwpdj6eWTXPBSqUtxdvZKfr3m6SB0ZU0ssRbTQXTGpwTiI21ga3aFckm9ro3l g7oYqQDltJgOgBA+Psy6QdY5ryXaZY4PmvcBLNzUtEZWTgezFFml5lDiQHouE3rP x+AfApgh5l/G8l2A0gfInLxxHRBU86mLcGnLztbpMXlNaHAPcT2PBJG6NpkoGHBu jgRVwGECgYEA9UmN976npQm1d8p41gqxDKLu2E0DJ7MF0IPjIa1zjVrdbp33HoxE MllnZNrgdG8G38NG48Z6Rs1ZKkeqde7hcR++2J7TSuzR6e0UEH7STAPWUaakpuns ztQnZicvn7JKTkT9ltKGnWfaspf6D/HwJzwtArxGFDnBct6jUDB1UusCgYEA3ty6 legDT0mBH2iYVRS0lsYYeqbEmbsqcsOS2bomFo6iclUDXU7EmA3VwKDNYHWHZ350 R5iQs3DlapxvvZCI50mNJnYkEKqBcAKkCEpmfRbXQtlvqkyx6UNoonC5gJx8v9V6 2LpwdEBgRlPyA2CngC7RYzEvTuMCgTvlT8ZclvECgYEAv9k/BAYH44q7d61SY79L CWIqw91AWX2pT5TIQuACYA4w4UMGNMtqz6Kjvvt+0TLBwqRevurPWq9kTTBuf/1O MQeuYomfI5wk9v0qU1iOLUxXBdf8Ml0GjiLbigeeNR7jBWLqoVuaVGUVZdh+ipgl yNpFLj2J5mniB3FhdOfh6+8CgYArOXZ68rgJncEMfXXmMpDgGWXQDB5fjryp66LE 1eTjRSDeufxgEZHxx+UoakfLKKBtg0o8RKv0EbZ9WgAWLT1QVqSozAssrFVUiz6T WRLNuitgDNoqlpt/GZLmxqRD/JX5gwdDl82NzpqdqVRsMUfrhakY6wY477ChriNI uLlmkQKBgCbVPWJPZeLvs8LCXHHKOUAu+g7AU/7zPsBNcPT7wd47dDQ7Ei1wheUG lANtZ2lmScSyymlfnKz5yaQXKxWP10UNJblQGO609Wg4sDbVVFah7cfQDHfG0LNb ZCVRWt8LTlDadLc04FBFofF4Qc78dwMQOFMFpZJc9xp1OZ4BGOEQ -----END RSA PRIVATE KEY-----
這是B的CSR
-----BEGIN CERTIFICATE REQUEST----- MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCYWExCzAJBgNVBAgMAmFhMQswCQYDVQQH DAJhYTELMAkGA1UECgwCYWExCzAJBgNVBAsMAmFhMRIwEAYDVQQDDAlhdHRlc3Rf Y2ExETAPBgkqhkiG9w0BCQEWAmFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAqVQVwOFDpMsIRceGSf43G+i7NF2NI8kiC4Vgk6yEeqJAdYBVL+Psq3Vi /SCBQMclXb9B/yV1M/HQvepZDsp7zxl5x0rCCvBY5zd65Dzb5JLz3TtrFkJvxaDl qF32gfIw/vwHmtbHZYXiqVJZwOco0I3KTOZpDCeIHy6M+3cm6hjN659i+IHkihUV F2cZ1pu7To5NbkeqxtTxpIsaJXu/9yxgM4w9iilEmi7A6TDtLPKhDNkQzOo1Pa9F FEsb5R0f/zpCz7vPQVeYFk72HcEHA8OtMy7EvNcapIbrPlVoRsjk66StJ1sKoBN7 xk2UlG/1U3CBR/KmZc7/4dhYtWbg6wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB AHyEo+Xl3oxvsE4ft9QkrBjE+JwBqCi5eSk2Fxer0bfcilyCy3bkWN+qSU2JAOOn pSoytgNnGEz/ZR37ZLAU7I3abecpahshkPq+YXngex0q0PuMWaO5+p+T4gwZLpNB rj5+dXk4hoeWJDmpNjv2me7CCBvBZIdsx84utpLyuf9kuLULUbfkLMgn2klEu803 +B2uMr92zbOudNTscg0IK6DwuU/gupN15s7k4Dw3EfHuw/Wk/5pDkHSz/ruKMf13 FZUSoV4r3AtQhpmKOPxjS4ciBGAFwReLOjCprDbpDrqEN6QwMy5Bb/Ganee6SUca kdydtt1K5PCndZhCsyxuwEo= -----END CERTIFICATE REQUEST-----
這是B的證書。
-----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgICASAwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCSUwx CzAJBgNVBAgMAk5JMREwDwYDVQQHDAhMb2NhdGlvbjEMMAoGA1UECwwDUiZEMQ4w DAYDVQQKDAVURUxJVDEQMA4GA1UEAwwHY2FfY2VydDAeFw0xNzA3MTQwNDA2MzBa Fw0xODA3MTQwNDA2MzBaMGgxCzAJBgNVBAYTAmFhMQswCQYDVQQIDAJhYTELMAkG A1UEBwwCYWExCzAJBgNVBAoMAmFhMQswCQYDVQQLDAJhYTESMBAGA1UEAwwJYXR0 ZXN0X2NhMREwDwYJKoZIhvcNAQkBFgJhYTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKlUFcDhQ6TLCEXHhkn+NxvouzRdjSPJIguFYJOshHqiQHWAVS/j 7Kt1Yv0ggUDHJV2/Qf8ldTPx0L3qWQ7Ke88ZecdKwgrwWOc3euQ82+SS8907axZC b8Wg5ahd9oHyMP78B5rWx2WF4qlSWcDnKNCNykzmaQwniB8ujPt3JuoYzeufYviB 5IoVFRdnGdabu06OTW5HqsbU8aSLGiV7v/csYDOMPYopRJouwOkw7SzyoQzZEMzq NT2vRRRLG+UdH/86Qs+7z0FXmBZO9h3BBwPDrTMuxLzXGqSG6z5VaEbI5OukrSdb CqATe8ZNlJRv9VNwgUfypmXO/+HYWLVm4OsCAwEAAaN7MHkwCQYDVR0TBAIwADAs BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD VR0OBBYEFFUWxC1g2FZNctMSRNv6f4Qs6NNJMB8GA1UdIwQYMBaAFEgmfn6A6GJM /GoDeqk5zys7tLhfMA0GCSqGSIb3DQEBCwUAA4IBAQA7MziWkbYcxOSGbAKEOVXB thrI6CWpVfvv+fHqLZtYDElMc4Aa1sKfgju05ysIFMvKZrexqTyqptEdylIT6Vie kgfyNPQmztYHONWmc/Y7D4Gd1AfnYQ3h3fthl/dDDZoO6Fd6MvbhxMDTX3uTIhiM QuyN5knpORxnwNM5fIwKU7nNs5ZEmzMLtFpO558Wro+IMspX0iQmvSqKkLU94nOI SNH8p6rpU4ilWzCZT55lhd19aZkXP5WfjOzwFPiLoP2f2ktfAG7cAeOBqjHBPmtG 5yEan5bOOL87kr1rz2OYf9Xd8Pffe5Jj7jTqLq2hZGFGsAXm3A+4xrtFNL6AJ7kp -----END CERTIFICATE-----
這是上述證書的簽名部分:
Signature Algorithm: sha256WithRSAEncryption 3b:33:38:96:91:b6:1c:c4:e4:86:6c:02:84:39:55:c1:b6:1a: c8:e8:25:a9:55:fb:ef:f9:f1:ea:2d:9b:58:0c:49:4c:73:80: 1a:d6:c2:9f:82:3b:b4:e7:2b:08:14:cb:ca:66:b7:b1:a9:3c: aa:a6:d1:1d:ca:52:13:e9:58:9e:92:07:f2:34:f4:26:ce:d6: 07:38:d5:a6:73:f6:3b:0f:81:9d:d4:07:e7:61:0d:e1:dd:fb: 61:97:f7:43:0d:9a:0e:e8:57:7a:32:f6:e1:c4:c0:d3:5f:7b: 93:22:18:8c:42:ec:8d:e6:49:e9:39:1c:67:c0:d3:39:7c:8c: 0a:53:b9:cd:b3:96:44:9b:33:0b:b4:5a:4e:e7:9f:16:ae:8f: 88:32:ca:57:d2:24:26:bd:2a:8a:90:b5:3d:e2:73:88:48:d1: fc:a7:aa:e9:53:88:a5:5b:30:99:4f:9e:65:85:dd:7d:69:99: 17:3f:95:9f:8c:ec:f0:14:f8:8b:a0:fd:9f:da:4b:5f:00:6e: dc:01:e3:81:aa:31:c1:3e:6b:46:e7:21:1a:9f:96:ce:38:bf: 3b:92:bd:6b:cf:63:98:7f:d5:dd:f0:f7:df:7b:92:63:ee:34: ea:2e:ad:a1:64:61:46:b0:05:e6:dc:0f:b8:c6:bb:45:34:be: 80:27:b9:29
所以我想知道,因為我有根 CA 私鑰和 B 的 CSR,如何找出證書 B 中生成簽名的機制。有人可以解釋一下如何重新計算簽名嗎?
X.509 證書的簽名是通過RFC5280中定義的 ASN.1 類型TBSCertificate的 DER 編碼計算的。