x509证书的一些总结
1.获取/修改 X509 object的各个元素
https://www.cnblogs.com/yunlong-study/p/14537390.html
这篇博文中,X509证书结构,Openssl 库进行解析,拿取各项值。也有示例代码。
https://www.cnblogs.com/yunlong-study/p/14537023.html
这篇,数字签名,数字证书,如何交互的,讲得非常清楚。
3.pyOpenSSL库讲解
https://pyopenssl.org/en/0.15.1/api/crypto.html
4.x509结构更详细的请看这个,每个字节代表什么
https://wenku.baidu.com/view/988c262aed630b1c59eeb56b.html
5.验证签名
import rsa rsa.verify(message,sig,public_key) #message: bytes, signature: bytes, pub_key: key.PublicKey """Verifies that the signature matches the message. The hash method is detected automatically from the signature. :param message: the signed message. Can be an 8-bit string or a file-like object. If ``message`` has a ``read()`` method, it is assumed to be a file-like object. :param signature: the signature block, as created with :py:func:`rsa.sign`. :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message. :raise VerificationError: when the signature doesn't match the message. :returns: the name of the used hash. """
6.获取公钥
from rsa import PublicKey #获取公钥 public_key类型为<class 'rsa.key.PublicKey'> publickey = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, cert.get_pubkey()).decode('utf-8') print(publickey) public_key = PublicKey.load_pkcs1_openssl_pem(publickey) # print(type(public_key)) # print(public_key.e,public_key.n)
7.从证书中直接获取签名
# openssl x509 -inform DER -in test.cer -out certificate.crt #rb,证书是二进制的,r,要用上面的命令行来转一下 with open("c:/证书名称", "rb") as fp: crt_data = fp.read() print(crt_data) #转换成str,str可以取索引 crt_cert_hex = crt_data.hex() print(crt_cert_hex) #获取证书的签名 #匹配固定字段,取到的值再转成bytes if '03820101005c6a14b1bac86acfdeb0e0e3fabc' in crt_cert_hex: print("true") index = crt_cert_hex.find('03820101005c6a14b1bac86acfdeb0e0e3fabc') #print(index) sig_str_hex = crt_cert_hex[index+10:] print(type(sig_str_hex)) sig = bytes.fromhex(sig_str_hex) print("签名为:",sig)
8.bytes转成int,转成base64
#bytes转成int result = 0 for b in sig: result = result * 256 + int(b) #也可以用int.from_bytes() # aa = int.from_bytes(sig,byteorder='big',signed=False) #bytes转成base64 import base64 ss = base64.b64encode(sig) print('ss',ss)
9.获取证书整体,asn.1打开
#计算证书的digest print(crt_cert_hex[index-31],'test') aa = crt_cert_hex[8:index-30] print(len(aa)) message = bytes.fromhex(aa)
