Signature

當簽名證書具有授權密鑰 ID 但簽名證書沒有時如何驗證證書?

  • December 10, 2017

假設我有以下簽名證書:

-----BEGIN CERTIFICATE-----
MIIB4zCCAUygAwIBAgIUSyCTib61O8k8TM5JA5n3zDYDFs8wDQYJKoZIhvcNAQEF
BQAwHDEaMBgGA1UECgwRcGhwc2VjbGliIGRlbW8gQ0EwIBcNMTcxMjEwMTYxMDIw
WhgPOTk5OTEyMzEyMzU5NTlaMBwxGjAYBgNVBAoMEXBocHNlY2xpYiBkZW1vIENB
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCn5XdGJUd9PY9zpksbJ2kD57PL
nQ3ISK+qbeSe2H+Uj0AEDnm611tvXlr9a7zBPNwZ2ali9bczirQkxtu/sftSHCGv
LL6sz1vdYP0Un792o5h+PkbQLnDe1lf/W8Q87GY9cRxUQVVfA7QUfgsl4iWgi7tv
qz3dRmxzBpjpgWvp/QIDAQABoyAwHjALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
AwEB/zANBgkqhkiG9w0BAQUFAAOBgQBQJpF/uakVjNIOz4Ve+duZYeeghpVxVNVK
t4OFi8DQzAsdFBpDDg/ZdAoXYOI/VHwNR+jKS2bPLmvNR2dP+OuZVdSTYu4/dZtI
Tp9ju17bym9oyWjX8CApa32+4N4WtcYLaVHOgyGA9f1VRHBtLTc8xcuHnJg6v3m9
TYVkR8c3IQ==
-----END CERTIFICATE-----

這是openssl x509 -in mycert.pem -text -noout該證書的輸出:

Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           4b:20:93:89:be:b5:3b:c9:3c:4c:ce:49:03:99:f7:cc:36:03:16:cf
   Signature Algorithm: sha1WithRSAEncryption
       Issuer: O=phpseclib demo CA
       Validity
           Not Before: Dec 10 16:10:20 2017 GMT
           Not After : Dec 31 23:59:59 9999 GMT
       Subject: O=phpseclib demo CA
       Subject Public Key Info:
....
       X509v3 extensions:
           X509v3 Key Usage:
               Certificate Sign, CRL Sign
           X509v3 Basic Constraints: critical
               CA:TRUE
   Signature Algorithm: sha1WithRSAEncryption
....

以及以下簽名證書:

-----BEGIN CERTIFICATE-----
MIIB5TCCAU6gAwIBAgIUVCrbYZRButS1ka5fyUe2iOzFAmwwDQYJKoZIhvcNAQEF
BQAwHDEaMBgGA1UECgwRcGhwc2VjbGliIGRlbW8gQ0EwIBcNMTcxMjEwMTYxMDIw
WhgPOTk5OTEyMzEyMzU5NTlaMB4xHDAaBgNVBAoME3BocHNlY2xpYiBkZW1vIGNl
cnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANkmWIAsKkL1Bv3PiFA65IRQ
EOSc65rui70M5tvrDpka1jl6QgvGY/jI/6D6h8sZBxyYyncgWaCA4dVv9dmdZm8Z
JPXACUfHTJuk7ApPq2oYjyheyQkSLp8kYP47cidbNfWk3RkTRqwleh3ByG4e1Qxh
sfdf5owA1yuW5JSygppvAgMBAAGjIDAeMA4GA1UdIwQHMAWAA3p6ejAMBgNVHQ4E
BQQDenp6MA0GCSqGSIb3DQEBBQUAA4GBACMLNye3bEzTnHJAroAiV8Rw9rL6QG+x
wrFDBq173MXTAnKar/TujUxfmOzNZCxjPHh6oKRosOWZuI5v8/0wG9I6irYwLXOw
kXMvXT91/m5Vk7rLCqQ+zsFncxg12leHRgglWh1wsJOhPI/B0mYgCA04RNHsm+iC
/XjRBlAt1kMb
-----END CERTIFICATE-----

openssl x509 -in mycert.pem -text -noout這是此證書的輸出:

Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           54:2a:db:61:94:41:ba:d4:b5:91:ae:5f:c9:47:b6:88:ec:c5:02:6c
   Signature Algorithm: sha1WithRSAEncryption
       Issuer: O=phpseclib demo CA
       Validity
           Not Before: Dec 10 16:10:20 2017 GMT
           Not After : Dec 31 23:59:59 9999 GMT
       Subject: O=phpseclib demo cert
       Subject Public Key Info:
...
       X509v3 extensions:
           X509v3 Authority Key Identifier:
               keyid:7A:7A:7A

           X509v3 Subject Key Identifier:
               7A:7A:7A
   Signature Algorithm: sha1WithRSAEncryption
....

為簡潔起見,我已經從兩者中刪除了“主題公鑰資訊”和“簽名算法”部分。

無論如何,請注意簽名證書中“X509v3 Subject Key Identifier”和“X509v3 Authority Key Identifier”擴展是如何存在的。在簽名證書中都不存在。

在我看來,由於簽名證書沒有“X509v3 主題密鑰標識符”,而簽名證書確實有證書不應該驗證的“X509v3 授權密鑰標識符”。然而在 OpenSSL 中它確實:

openssl verify -verbose -CAfile signer.pem signed.pem

那麼誰是正確的呢?我的解釋是正確的還是 OpenSSL 的?是否有任何 RFC 討論在這種情況下應該採取的行為?

主題密鑰標識符不用於驗證,它僅用於幫助建構路徑。

有關詳細資訊,請參閱RFC 5280 第 4.2.1.2 節。

**編輯:**在證書路徑建構中使用密鑰標識符在RFC 4158 第 3.5.12 節中有詳細說明

引用自:https://crypto.stackexchange.com/questions/53856