我有一个base64编码的merkle叶字符串,如此处所述https://www.ietf.org/rfc/rfc6962.txt - 我试图从leaf_input解压缩/检索证书,但不能从中获取我需要的数据。使用标准的base64解码器http://string-functions.com/base64decode.aspx我可以看到在字符串中包含了二进制编码的ssl证书。
-----------------------------------------------------------------------
group X1 X2 X3 X4 X5 X6 X7 X8 X9 X10
------- ------ ----- ----- ----- ------ ----- ----- ------ ------ -----
0 -0.55 -0.13 -0.71 -1.3 -0.096 0.49 0.73 -0.53 0.17 -0.44
2 -1.5 1.4 -2.1 0.96 -0.2 -0.36 0.33 0.2 0.67 -0.27
1 -2.3 -0.98 -1.5 1.1 0.87 -0.54 1.2 -0.24 0.31 -0.76
1 0.24 0.086 -0.78 0.39 -0.17 -0.2 -1.5 -1.1 -1.3 -0.72
0 0.2 -1.2 0.27 2.1 0.73 1.8 -0.12 -0.45 0.07 -0.29
1 0.022 0.084 -0.41 0.32 -0.023 0.38 0.57 -0.16 0.0011 -0.76
2 0.99 0.7 -0.32 -0.25 -0.17 -0.68 -0.59 0.29 0.77 -0.12
3 -1.3 -1.6 -0.14 0.49 0.61 1.2 0.14 -0.087 -1.2 -0.95
0 -0.073 -0.86 2 -0.87 0.51 -1.3 -0.94 0.022 0.6 0.68
3 1.8 -0.81 -0.4 0.72 2.1 0.19 0.086 1.7 0.19 -0.49
-----------------------------------------------------------------------
我尝试使用此线程how to extract DER encoded certificate from base64 string中的步骤解压缩,而我可以看到一些二进制输出看起来不完整。
当我将二进制输出写入文件并使用.der扩展名保存并运行时,我收到错误消息
“此文件无效,可用作以下内容:安全证书”。
但是,另一个线程上的示例中的base64编码字符串确实有效,而我的部分只能部分工作。
这是我用来解压缩的脚本。
$raw = "AAAAAAFP7hcgYQABgMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5EABIswggSHoAMCAQICEGR1GjEsJZ5ucwLx2+0Xk8IwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMSgwJgYDVQQDEx9TeW1hbnRlYyBDbGFzcyAzIEVWIFNTTCBDQSAtIEczMB4XDTE1MDkyMTAwMDAwMFoXDTE2MTAyMjIzNTk1OVowggEnMRMwEQYLKwYBBAGCNzwCAQMTAk5aMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEOMAwGA1UEBRMFMzU5NzYxCzAJBgNVBAYTAk5aMQ0wCwYDVQQRDAQxMDEwMRQwEgYDVQQIDAtOZXcgWmVhbGFuZDERMA8GA1UEBwwIQXVja2xhbmQxNjA0BgNVBAkMLUdyb3VuZCBGbG9vciwgQW56IENlbnRyZSwgMjMtMjkgQWxiZXJ0IFN0cmVldDElMCMGA1UECgwcQU5aIEJhbmsgTmV3IFplYWxhbmQgTGltaXRlZDEZMBcGA1UECwwQV2ViIFRlY2hub2xvZ2llczEiMCAGA1UEAwwZY2RuLlByZS1wcm9kLXNkcGFuei5jby5uejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpBFlnMiTfysDDFYFLuyGyqeOWHVKkMuVt0RlXG0OdHKUnISLJmtnFMWs+1ZtL4mhvvVafACHYwb8EFJrOhCCDTmKtNfOMEDke+hlfZS6YVr4qma+rl78DOATaA6dP1sDO3oRjhoO6LCT7ddvPfgNIIUBRzRzZwdBxPRkLS2FMbuCBgboShESEVJp0Q5SgpKBQcG4o5e0Mixe+L9fcLHx+5s23J46oj8GMT1S3SJAEZrJgiNoyJZkuj12hROkNKFqof4wgknG+8EG96qux7BgIg4UN4v54yO7jXunt3TI+VBFFQohkxStntqG/aHoeEI1U7iysE8Nm6X1UK2aZwShMCAwEAAaOCAXMwggFvMCQGA1UdEQQdMBuCGWNkbi5wcmUtcHJvZC1zZHBhbnouY28ubnowCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGYGA1UdIARfMF0wWwYLYIZIAYb4RQEHFwYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUAVmr5906C1mmZGPWzyAHV9WR52owKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Iuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNydAAA";
在响应中,我确实看到二进制编码数据,但我不相信它完整,因为当我运行文件时,我得到上述错误。
我不确定这两行是否正确但不确定我如何确定。
<?php
function mtl_to_x509($base64str) {
$raw = base64_decode($base64str);
// Parse the decoded string
$cert_length = unpack('N', chr(0).substr($raw, 12, 3))[1];
$cert_as_asn1 = substr($raw, 0, $cert_length);
print_r($cert_as_asn1);
$file = 'C:/test.der';
file_put_contents($file, $cert_as_asn1);
}
$raw = "AAAAAAFP7hcgYQABgMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5EABIswggSHoAMCAQICEGR1GjEsJZ5ucwLx2+0Xk8IwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMSgwJgYDVQQDEx9TeW1hbnRlYyBDbGFzcyAzIEVWIFNTTCBDQSAtIEczMB4XDTE1MDkyMTAwMDAwMFoXDTE2MTAyMjIzNTk1OVowggEnMRMwEQYLKwYBBAGCNzwCAQMTAk5aMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEOMAwGA1UEBRMFMzU5NzYxCzAJBgNVBAYTAk5aMQ0wCwYDVQQRDAQxMDEwMRQwEgYDVQQIDAtOZXcgWmVhbGFuZDERMA8GA1UEBwwIQXVja2xhbmQxNjA0BgNVBAkMLUdyb3VuZCBGbG9vciwgQW56IENlbnRyZSwgMjMtMjkgQWxiZXJ0IFN0cmVldDElMCMGA1UECgwcQU5aIEJhbmsgTmV3IFplYWxhbmQgTGltaXRlZDEZMBcGA1UECwwQV2ViIFRlY2hub2xvZ2llczEiMCAGA1UEAwwZY2RuLlByZS1wcm9kLXNkcGFuei5jby5uejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpBFlnMiTfysDDFYFLuyGyqeOWHVKkMuVt0RlXG0OdHKUnISLJmtnFMWs+1ZtL4mhvvVafACHYwb8EFJrOhCCDTmKtNfOMEDke+hlfZS6YVr4qma+rl78DOATaA6dP1sDO3oRjhoO6LCT7ddvPfgNIIUBRzRzZwdBxPRkLS2FMbuCBgboShESEVJp0Q5SgpKBQcG4o5e0Mixe+L9fcLHx+5s23J46oj8GMT1S3SJAEZrJgiNoyJZkuj12hROkNKFqof4wgknG+8EG96qux7BgIg4UN4v54yO7jXunt3TI+VBFFQohkxStntqG/aHoeEI1U7iysE8Nm6X1UK2aZwShMCAwEAAaOCAXMwggFvMCQGA1UdEQQdMBuCGWNkbi5wcmUtcHJvZC1zZHBhbnouY28ubnowCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGYGA1UdIARfMF0wWwYLYIZIAYb4RQEHFwYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUAVmr5906C1mmZGPWzyAHV9WR52owKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Iuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNydAAA";
print mtl_to_x509($raw);
?>
任何想法?
答案 0 :(得分:2)
我有一个base64编码的merkle叶子串......
看起来你真的有一个签名的证书时间戳。这个内没有证书,只有TBSCertificate:
3.2. Structure of the Signed Certificate Timestamp
enum { certificate_timestamp(0), tree_hash(1), (255) }
SignatureType;
enum { v1(0), (255) }
Version;
struct {
opaque key_id[32];
} LogID;
opaque TBSCertificate<1..2^24-1>;
struct {
opaque issuer_key_hash[32];
TBSCertificate tbs_certificate;
} PreCert;
opaque CtExtensions<0..2^16-1>;
要获得真实证书,您还需要您没有的发行人签名:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
此TBSCertificate从偏移47(1163个八位字节)开始。提取的数据可以通过管道传输到openssl asn1parse -inform der,您可以在其中查看此结构:
0:d=0 hl=4 l=1159 cons: SEQUENCE
4:d=1 hl=2 l= 3 cons: cont [ 0 ]
6:d=2 hl=2 l= 1 prim: INTEGER :02
9:d=1 hl=2 l= 16 prim: INTEGER :64751A312C259E6E7302F1DBED1793C2
27:d=1 hl=2 l= 13 cons: SEQUENCE
29:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
40:d=2 hl=2 l= 0 prim: NULL
42:d=1 hl=2 l= 119 cons: SEQUENCE
44:d=2 hl=2 l= 11 cons: SET
46:d=3 hl=2 l= 9 cons: SEQUENCE
48:d=4 hl=2 l= 3 prim: OBJECT :countryName
53:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
57:d=2 hl=2 l= 29 cons: SET
59:d=3 hl=2 l= 27 cons: SEQUENCE
61:d=4 hl=2 l= 3 prim: OBJECT :organizationName
66:d=4 hl=2 l= 20 prim: PRINTABLESTRING :Symantec Corporation
88:d=2 hl=2 l= 31 cons: SET
90:d=3 hl=2 l= 29 cons: SEQUENCE
92:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
97:d=4 hl=2 l= 22 prim: PRINTABLESTRING :Symantec Trust Network
121:d=2 hl=2 l= 40 cons: SET
123:d=3 hl=2 l= 38 cons: SEQUENCE
125:d=4 hl=2 l= 3 prim: OBJECT :commonName
130:d=4 hl=2 l= 31 prim: PRINTABLESTRING :Symantec Class 3 EV SSL CA - G3
163:d=1 hl=2 l= 30 cons: SEQUENCE
165:d=2 hl=2 l= 13 prim: UTCTIME :150921000000Z
180:d=2 hl=2 l= 13 prim: UTCTIME :161022235959Z
195:d=1 hl=4 l= 295 cons: SEQUENCE
199:d=2 hl=2 l= 19 cons: SET
201:d=3 hl=2 l= 17 cons: SEQUENCE
203:d=4 hl=2 l= 11 prim: OBJECT :jurisdictionCountryName
216:d=4 hl=2 l= 2 prim: PRINTABLESTRING :NZ
220:d=2 hl=2 l= 29 cons: SET
222:d=3 hl=2 l= 27 cons: SEQUENCE
224:d=4 hl=2 l= 3 prim: OBJECT :businessCategory
229:d=4 hl=2 l= 20 prim: PRINTABLESTRING :Private Organization
251:d=2 hl=2 l= 14 cons: SET
253:d=3 hl=2 l= 12 cons: SEQUENCE
255:d=4 hl=2 l= 3 prim: OBJECT :serialNumber
260:d=4 hl=2 l= 5 prim: PRINTABLESTRING :35976
267:d=2 hl=2 l= 11 cons: SET
269:d=3 hl=2 l= 9 cons: SEQUENCE
271:d=4 hl=2 l= 3 prim: OBJECT :countryName
276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :NZ
280:d=2 hl=2 l= 13 cons: SET
282:d=3 hl=2 l= 11 cons: SEQUENCE
284:d=4 hl=2 l= 3 prim: OBJECT :postalCode
289:d=4 hl=2 l= 4 prim: UTF8STRING :1010
295:d=2 hl=2 l= 20 cons: SET
297:d=3 hl=2 l= 18 cons: SEQUENCE
299:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
304:d=4 hl=2 l= 11 prim: UTF8STRING :New Zealand
317:d=2 hl=2 l= 17 cons: SET
319:d=3 hl=2 l= 15 cons: SEQUENCE
321:d=4 hl=2 l= 3 prim: OBJECT :localityName
326:d=4 hl=2 l= 8 prim: UTF8STRING :Auckland
336:d=2 hl=2 l= 54 cons: SET
338:d=3 hl=2 l= 52 cons: SEQUENCE
340:d=4 hl=2 l= 3 prim: OBJECT :streetAddress
345:d=4 hl=2 l= 45 prim: UTF8STRING :Ground Floor, Anz Centre, 23-29 Albert Street
392:d=2 hl=2 l= 37 cons: SET
394:d=3 hl=2 l= 35 cons: SEQUENCE
396:d=4 hl=2 l= 3 prim: OBJECT :organizationName
401:d=4 hl=2 l= 28 prim: UTF8STRING :ANZ Bank New Zealand Limited
431:d=2 hl=2 l= 25 cons: SET
433:d=3 hl=2 l= 23 cons: SEQUENCE
435:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
440:d=4 hl=2 l= 16 prim: UTF8STRING :Web Technologies
458:d=2 hl=2 l= 34 cons: SET
460:d=3 hl=2 l= 32 cons: SEQUENCE
462:d=4 hl=2 l= 3 prim: OBJECT :commonName
467:d=4 hl=2 l= 25 prim: UTF8STRING :cdn.Pre-prod-sdpanz.co.nz
494:d=1 hl=4 l= 290 cons: SEQUENCE
498:d=2 hl=2 l= 13 cons: SEQUENCE
500:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
511:d=3 hl=2 l= 0 prim: NULL
513:d=2 hl=4 l= 271 prim: BIT STRING
788:d=1 hl=4 l= 371 cons: cont [ 3 ]
792:d=2 hl=4 l= 367 cons: SEQUENCE
796:d=3 hl=2 l= 36 cons: SEQUENCE
798:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
803:d=4 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301B821963646E2E7072652D70726F642D736470616E7A2E636F2E6E7A
834:d=3 hl=2 l= 9 cons: SEQUENCE
836:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
841:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
845:d=3 hl=2 l= 14 cons: SEQUENCE
847:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
852:d=4 hl=2 l= 1 prim: BOOLEAN :255
855:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
861:d=3 hl=2 l= 29 cons: SEQUENCE
863:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
868:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
892:d=3 hl=2 l= 102 cons: SEQUENCE
894:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
899:d=4 hl=2 l= 95 prim: OCTET STRING [HEX DUMP]:305D305B060B6086480186F84501071706304C302306082B06010505070201161768747470733A2F2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A2F2F642E73796D63622E636F6D2F727061
996:d=3 hl=2 l= 31 cons: SEQUENCE
998:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
1003:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:301680140159ABE7DD3A0B59A66463D6CF200757D591E76A
1029:d=3 hl=2 l= 43 cons: SEQUENCE
1031:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
1036:d=4 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:30223020A01EA01C861A687474703A2F2F73722E73796D63622E636F6D2F73722E63726C
1074:d=3 hl=2 l= 87 cons: SEQUENCE
1076:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access
1086:d=4 hl=2 l= 75 prim: OCTET STRING [HEX DUMP]:3049301F06082B060105050730018613687474703A2F2F73722E73796D63642E636F6D302606082B06010505073002861A687474703A2F2F73722E73796D63622E636F6D2F73722E637274