Cryptocurrency
如何從 PEM 或 DER 證書中獲取 issuerNameHash 和 issuerKeyHash?
我需要從pem和der文件中獲取這些值。這些結果是否有 Python 和 C 程式碼或 openssl 命令?
PEM 格式的範例證書:
-----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMRQwEgYDVQQDDAtSb290 IENBIFJTQTEMMAoGA1UECgwDT0NBMQswCQYDVQQGEwJOTDEUMBIGCgmSJomT8ixk ARkWBE9DVFQwIBcNMjAwMjEyMTgxMDI3WhgPMjA2MDAyMDIxODEwMjdaMEcxFDAS BgNVBAMMC1Jvb3QgQ0EgUlNBMQwwCgYDVQQKDANPQ0ExCzAJBgNVBAYTAk5MMRQw EgYKCZImiZPyLGQBGRYET0NUVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJ0gKwiY8Yj5T+SwZCQB3evp2y65BoVdBlnL91FzpuZ1LP9i0C4dQVcjN59W d3lDskb9njjm41ds57zAUEesMwomFy+DfXd2zDSoBpmFCJuoW3bD+8xN1ISfrEI0 vQPTMRtyfaue1CYo55+4Fkv0zLEbjSOx3Sl+9ciwQ4i/x6hDjclu5JXx9Bom/oR2 +xlHZEfpGogyDvQB3al+GsOCOk9Y7kA8EaVDPLeeI+CJdOS4syoZdyEiA6cO+kAH 0tE+Rl5Pqf3wabuO1ebTLenswa7xLrUGQ9rURmXTJQ2+23c3YsXOGgMZ5M7H2R2i sOt2S62t28aVs62+PwQrqh/X4vkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNSqKyVEMyNJoqivS0wO565HVoOiMA0G CSqGSIb3DQEBCwUAA4IBAQAtxUSnf+pb+dgLPAtLgoMLsc+CgvoeEpHF1aLWNgcc VSC2L0frxtpERl3xjxE9ttc+3mE6KA2UQFhf4Md4vCPf60GZw44rFl1Rj9PwrLA9 c2AtLjcDkthhmZylgEjorzyox3wVW5pbOWRP38lDz9gpqJCzTYmmm+9skNS09/gq M5lYhAqBjKjLiyKylwKWdw9EOkUxnSlg4aicn83+1cdD0iNM+z6lIP5cxvQu2/f6 8KJ9JkTofQzdyPH4l/JvuSwmXnfWR3O8JTJjAq8Z5XoqduJXhEB73Xvamdah1PB0 BJHAh45odouHCmtG6TqRUgoFVNZDLdNurVXXzn5cnL+t -----END CERTIFICATE-----範例輸出:
"certificateHashData": { "hashAlgorithm": "SHA256", "issuerNameHash": "f405cb5ba4efe79d4863495e186413c551f7d98dd021030573e169146a763056", "issuerKeyHash": "3e1518dc6e867ea55d699922be7be6898fb5abf459709c086e17ac4760682da9", "serialNumber": "1" ]}
擴展 Maarten 顯示的內容,
openssl asn1parse可以顯示詳細資訊,還可以提取證書的編碼部分(或其他 ASN.1 結構):>openssl asn1parse -i <cry87661.crt 0:d=0 hl=4 l= 845 cons: SEQUENCE 4:d=1 hl=4 l= 565 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 1 prim: INTEGER :01 16:d=2 hl=2 l= 13 cons: SEQUENCE 18:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 29:d=3 hl=2 l= 0 prim: NULL 31:d=2 hl=2 l= 71 cons: SEQUENCE 33:d=3 hl=2 l= 20 cons: SET 35:d=4 hl=2 l= 18 cons: SEQUENCE 37:d=5 hl=2 l= 3 prim: OBJECT :commonName 42:d=5 hl=2 l= 11 prim: UTF8STRING :Root CA RSA 55:d=3 hl=2 l= 12 cons: SET 57:d=4 hl=2 l= 10 cons: SEQUENCE 59:d=5 hl=2 l= 3 prim: OBJECT :organizationName 64:d=5 hl=2 l= 3 prim: UTF8STRING :OCA 69:d=3 hl=2 l= 11 cons: SET 71:d=4 hl=2 l= 9 cons: SEQUENCE 73:d=5 hl=2 l= 3 prim: OBJECT :countryName 78:d=5 hl=2 l= 2 prim: PRINTABLESTRING :NL 82:d=3 hl=2 l= 20 cons: SET 84:d=4 hl=2 l= 18 cons: SEQUENCE 86:d=5 hl=2 l= 10 prim: OBJECT :domainComponent 98:d=5 hl=2 l= 4 prim: IA5STRING :OCTT 104:d=2 hl=2 l= 32 cons: SEQUENCE 106:d=3 hl=2 l= 13 prim: UTCTIME :200212181027Z 121:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20600202181027Z 138:d=2 hl=2 l= 71 cons: SEQUENCE 140:d=3 hl=2 l= 20 cons: SET 142:d=4 hl=2 l= 18 cons: SEQUENCE 144:d=5 hl=2 l= 3 prim: OBJECT :commonName 149:d=5 hl=2 l= 11 prim: UTF8STRING :Root CA RSA 162:d=3 hl=2 l= 12 cons: SET 164:d=4 hl=2 l= 10 cons: SEQUENCE 166:d=5 hl=2 l= 3 prim: OBJECT :organizationName 171:d=5 hl=2 l= 3 prim: UTF8STRING :OCA 176:d=3 hl=2 l= 11 cons: SET 178:d=4 hl=2 l= 9 cons: SEQUENCE 180:d=5 hl=2 l= 3 prim: OBJECT :countryName 185:d=5 hl=2 l= 2 prim: PRINTABLESTRING :NL 189:d=3 hl=2 l= 20 cons: SET 191:d=4 hl=2 l= 18 cons: SEQUENCE 193:d=5 hl=2 l= 10 prim: OBJECT :domainComponent 205:d=5 hl=2 l= 4 prim: IA5STRING :OCTT 211:d=2 hl=4 l= 290 cons: SEQUENCE 215:d=3 hl=2 l= 13 cons: SEQUENCE 217:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 228:d=4 hl=2 l= 0 prim: NULL 230:d=3 hl=4 l= 271 prim: BIT STRING 505:d=2 hl=2 l= 66 cons: cont [ 3 ] 507:d=3 hl=2 l= 64 cons: SEQUENCE 509:d=4 hl=2 l= 15 cons: SEQUENCE 511:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 516:d=5 hl=2 l= 1 prim: BOOLEAN :255 519:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF 526:d=4 hl=2 l= 14 cons: SEQUENCE 528:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 533:d=5 hl=2 l= 1 prim: BOOLEAN :255 536:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:03020106 542:d=4 hl=2 l= 29 cons: SEQUENCE 544:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 549:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414D4AA2B2544332349A2A8AF4B4C0EE7AE475683A2 573:d=1 hl=2 l= 13 cons: SEQUENCE 575:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 586:d=2 hl=2 l= 0 prim: NULL 588:d=1 hl=4 l= 257 prim: BIT STRING以 31 開頭的 SEQUENCE 是 Issuer 名稱(以 138 開頭的是 Subject 名稱,與此證書中的 Issuer 相同,因為此證書是根 CA 的自簽名證書),138 處的 BIT STRING 是subjectPublicKeyInfo 子結構中的 subjectPublicKey 欄位,僅對於自簽名證書與頒發者密鑰相同,因此:
>openssl asn1parse -i <cry87661.crt -strparse 31 -out cry87661.name [snipped] >openssl asn1parse -i <cry87661.crt -strparse 230 -out cry87661.keyx [snipped] >dir cry87661* 21/01/20 19:11 1,224 cry87661.crt 21/01/20 19:27 270 cry87661.keyx 21/01/20 19:13 73 cry87661.name但這些與您的價值觀不符:
>openssl sha256 <cry87661.name (stdin)= e60bd843bf2279339127ca19ab6967081dd6f95e745dc8b8632fa56031debe5b >openssl sha256 <cry87661.keyx (stdin)= 89ea6977e786fcbaeb4f04e4ccdbfaa6a6088e8ba8f7404033ac1b3a62bc36a1
您可以使用
openssl x509 -text -in cert_file.pem或openssl x509 -text -inform DER -in cert_file.der檢索證書作為“文本”。線上您可以使用lapo.it/asn1js以稍微不同的格式獲取相同的資訊。
但是,您提到的欄位不是證書的一部分(檢查 lapo.it 連結或 OpenSSL 命令行輸出)。它們似乎是對作為此證書父級的 CA 證書的名稱和主題公鑰的二進制編碼的散列。