x509證書的一些總結

1.獲取/修改 X509 object的各個元素

https://www.cnblogs.com/yunlong-study/p/14537390.html

這篇博文中，X509證書結構，Openssl 庫進行解析，拿取各項值。也有示例代碼。

 

2.數字簽名，數字證書，交互過程及X.509數字證書的結構

https://www.cnblogs.com/yunlong-study/p/14537023.html

這篇，數字簽名，數字證書，如何交互的，講得非常清楚。

 

3.pyOpenSSL庫講解

https://pyopenssl.org/en/0.15.1/api/crypto.html

 

4.x509結構更詳細的請看這個，每個字節代表什么

https://wenku.baidu.com/view/988c262aed630b1c59eeb56b.html

 

5.驗證簽名

import rsa
rsa.verify(message,sig,public_key)
#message: bytes, signature: bytes, pub_key: key.PublicKey
    """Verifies that the signature matches the message.

    The hash method is detected automatically from the signature.

    :param message: the signed message. Can be an 8-bit string or a file-like
        object. If ``message`` has a ``read()`` method, it is assumed to be a
        file-like object.
    :param signature: the signature block, as created with :py:func:`rsa.sign`.
    :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
    :raise VerificationError: when the signature doesn't match the message.
    :returns: the name of the used hash.

    """

 

6.獲取公鑰

from rsa import PublicKey
#獲取公鑰 public_key類型為<class 'rsa.key.PublicKey'>
publickey = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, cert.get_pubkey()).decode('utf-8')
print(publickey)
public_key = PublicKey.load_pkcs1_openssl_pem(publickey)
# print(type(public_key))
# print(public_key.e,public_key.n)

 

7.從證書中直接獲取簽名

# openssl x509 -inform DER -in test.cer -out certificate.crt  
#rb，證書是二進制的，r，要用上面的命令行來轉一下
with open("c:/證書名稱", "rb") as fp:
    crt_data = fp.read()

print(crt_data)

#轉換成str，str可以取索引
crt_cert_hex = crt_data.hex()
print(crt_cert_hex)

#獲取證書的簽名
#匹配固定字段，取到的值再轉成bytes
if '03820101005c6a14b1bac86acfdeb0e0e3fabc' in crt_cert_hex:
    print("true")
    index = crt_cert_hex.find('03820101005c6a14b1bac86acfdeb0e0e3fabc')
    #print(index)
    sig_str_hex = crt_cert_hex[index+10:]
    print(type(sig_str_hex))
    sig = bytes.fromhex(sig_str_hex)
    print("簽名為：",sig)

 

8.bytes轉成int，轉成base64

#bytes轉成int
result = 0
for b in sig:
    result = result * 256 + int(b)
#也可以用int.from_bytes()
# aa = int.from_bytes(sig,byteorder='big',signed=False)

#bytes轉成base64
import base64
ss = base64.b64encode(sig)
print('ss',ss)

 

9.獲取證書整體，asn.1打開

#計算證書的digest
print(crt_cert_hex[index-31],'test')
aa = crt_cert_hex[8:index-30]
print(len(aa))
message = bytes.fromhex(aa)