欢迎访问 生活随笔!
TAG聚合

生活随笔

当前位置: 首页 >

x509证书的一些总结

发布时间:2023/12/13 40 生活家
生活随笔 收集整理的这篇文章主要介绍了 x509证书的一些总结 小编觉得挺不错的,现在分享给大家,帮大家做个参考.

1.获取/修改 X509object的各个元素

https://www.cnblogs.com/yunlong-study/p/14537390.html

这篇博文中,X509证书结构,Openssl 库进行解析,拿取各项值。也有示例代码。

2.数字签名,数字证书,交互过程及X.509数字证书的结构

https://www.cnblogs.com/yunlong-study/p/14537023.html

这篇,数字签名,数字证书,如何交互的,讲得非常清楚。

3.pyOpenSSL库讲解

https://pyopenssl.org/en/0.15.1/api/crypto.html

4.x509结构更详细的请看这个,每个字节代表什么

https://wenku.baidu.com/view/988c262aed630b1c59eeb56b.html

5.验证签名

import rsa
rsa.verify(message,sig,public_key)
#message: bytes, signature: bytes, pub_key: key.PublicKey
    """Verifies that the signature matches the message.

    The hash method is detected automatically from the signature.

    :param message: the signed message. Can be an 8-bit string or a file-like
        object. If ``message`` has a ``read()`` method, it is assumed to be a
        file-like object.
    :param signature: the signature block, as created with :py:func:`rsa.sign`.
    :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
    :raise VerificationError: when the signature doesn't match the message.
    :returns: the name of the used hash.

    """

6.获取公钥

from rsa import PublicKey
#获取公钥 public_key类型为<class 'rsa.key.PublicKey'>
publickey = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, cert.get_pubkey()).decode('utf-8')
print(publickey)
public_key = PublicKey.load_pkcs1_openssl_pem(publickey)
# print(type(public_key))
# print(public_key.e,public_key.n)

7.从证书中直接获取签名

# openssl x509 -inform DER -in test.cer -out certificate.crt  
#rb,证书是二进制的,r,要用上面的命令行来转一下
with open("c:/证书名称", "rb") as fp:
    crt_data = fp.read()

print(crt_data)

#转换成str,str可以取索引
crt_cert_hex = crt_data.hex()
print(crt_cert_hex)

#获取证书的签名
#匹配固定字段,取到的值再转成bytes
if '03820101005c6a14b1bac86acfdeb0e0e3fabc' in crt_cert_hex:
    print("true")
    index = crt_cert_hex.find('03820101005c6a14b1bac86acfdeb0e0e3fabc')
    #print(index)
    sig_str_hex = crt_cert_hex[index+10:]
    print(type(sig_str_hex))
    sig = bytes.fromhex(sig_str_hex)
    print("签名为:",sig)

8.bytes转成int,转成base64

#bytes转成int
result = 0
for b in sig:
    result = result * 256 + int(b)
#也可以用int.from_bytes()
# aa = int.from_bytes(sig,byteorder='big',signed=False)

#bytes转成base64
import base64
ss = base64.b64encode(sig)
print('ss',ss)

9.获取证书整体,asn.1打开

#计算证书的digest
print(crt_cert_hex[index-31],'test')
aa = crt_cert_hex[8:index-30]
print(len(aa))
message = bytes.fromhex(aa)

总结

以上是生活随笔为你收集整理的x509证书的一些总结的全部内容,希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错,欢迎将生活随笔推荐给好友。