计算公钥引脚（.Net）

Question

我想知道如何计算X509证书的公钥引脚？

例如。我通过网络请求获得了证书

        var cert = (httpRequest as HttpWebRequest).ServicePoint.Certificate;
        X509Certificate2 cert2 = new X509Certificate2(cert);

我不知道在此之后该怎么做因为我需要主题公钥信息（哈希）但我无法在X509Certificate2类中找到它或确定如何构建它。我可以通过GetKeyInfo（）方法得到指数和模数，这似乎是SPKI的胆量。

我确信有一种简单的方法可以做到这一点，但任何帮助都会很棒！

由于

Answer 1

短版

帮助方法：

String publicKeyPinningHash = certificate.GetPublicKeyPinningHash();

String s = String.Format("Public-Key-Pins: pin-sha256=\"{0}\"; 
                             max-age=31536000", publicKeyHash);

Facebook.com的哪一个吐出：

  

Public-Key-Pins：pin-sha256 =＆＃34; hUIG87ch71EZQYhZBEkq2VKBLjhussUw7nR8wyuY7rY =＆＃34 ;;最大年龄= 31536000

Functional .NET Fiddle

https://dotnetfiddle.net/F9t6IQ

背景

正如您所发现的，.NET Framework无法操纵X509Certificate。

X.509证书使用ASN.1的DER风格进行编码。 .NET Framework无法操作AsnEcodedData。

这意味着我们需要滚动自己的代码来计算X.509证书的PublicKeyPinning哈希值：

static String GetPublicKeyPinningHash(X509Certificate2 x509Cert)
{
        //Public Domain: No attribution required
        //Get the SubjectPublicKeyInfo member of the certificate
        Byte[] subjectPublicKeyInfo = GetSubjectPublicKeyInfoRaw(x509Cert);

        //Take the SHA2-256 hash of the DER ASN.1 encoded value
        Byte[] digest;
        using (var sha2 = new SHA256Managed())
        {
            digest = sha2.ComputeHash(subjectPublicKeyInfo);
        }

        //Convert hash to base64
        String hash = Convert.ToBase64String(digest);

        return hash;
}

此代码构建于.NET也无法提供的较低功能上，以获取原始 SubjectPublickeyInfo 字节：

    static Byte[] GetSubjectPublicKeyInfoRaw(X509Certificate2 x509Cert)
    {
        //Public Domain: No attribution required
        Byte[] rawCert = x509Cert.GetRawCertData();

        /*
         Certificate is, by definition:

            Certificate  ::=  SEQUENCE  {
                tbsCertificate       TBSCertificate,
                signatureAlgorithm   AlgorithmIdentifier,
                signatureValue       BIT STRING  
            }

           TBSCertificate  ::=  SEQUENCE  {
                version         [0]  EXPLICIT Version DEFAULT v1,
                serialNumber         CertificateSerialNumber,
                signature            AlgorithmIdentifier,
                issuer               Name,
                validity             Validity,
                subject              Name,
                subjectPublicKeyInfo SubjectPublicKeyInfo,
                issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3
                subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3
                extensions      [3]  EXPLICIT Extensions       OPTIONAL  -- If present, version MUST be v3
            }

        So we walk to ASN.1 DER tree in order to drill down to the SubjectPublicKeyInfo item
        */
        Byte[] list = AsnNext(ref rawCert, true); //unwrap certificate sequence
        Byte[] tbsCertificate = AsnNext(ref list, false); //get next item; which is tbsCertificate
        list = AsnNext(ref tbsCertificate, true); //unwap tbsCertificate sequence

        Byte[] version = AsnNext(ref list, false); //tbsCertificate.Version
        Byte[] serialNumber = AsnNext(ref list, false); //tbsCertificate.SerialNumber
        Byte[] signature = AsnNext(ref list, false); //tbsCertificate.Signature
        Byte[] issuer = AsnNext(ref list, false); //tbsCertificate.Issuer
        Byte[] validity = AsnNext(ref list, false); //tbsCertificate.Validity
        Byte[] subject = AsnNext(ref list, false); //tbsCertificate.Subject        
        Byte[] subjectPublicKeyInfo = AsnNext(ref list, false); //tbsCertificate.SubjectPublicKeyInfo        

        return subjectPublicKeyInfo;
    }

这是基于较低级别的函数构建的，用于解析使用ASN.1的 DER 风格编码的ASN.1编码数据：

    static Byte[] AsnNext(ref Byte[] buffer, Boolean unwrap)
    {
        //Public Domain: No attribution required
        Byte[] result;

        if (buffer.Length < 2)
        {
            result = buffer;
            buffer = new Byte[0];
            return result;
        }

        int index = 0;
        Byte entityType = buffer[index];
        index += 1;

        int length = buffer[index];
        index += 1;

        int lengthBytes = 1;
        if (length >= 0x80)
        {
            lengthBytes = length & 0x0F; //low nibble is number of length bytes to follow
            length = 0;

            for (int i = 0; i < lengthBytes; i++)
            {
                length = (length << 8) + (int)buffer[2 + i];
                index += 1;
            }
            lengthBytes++;
        }

        int copyStart;
        int copyLength;
        if (unwrap)
        {
            copyStart = 1 + lengthBytes;
            copyLength = length;
        }
        else
        {
            copyStart = 0;
            copyLength = 1 + lengthBytes + length;
        }
        result = new Byte[copyLength];
        Array.Copy(buffer, copyStart, result, 0, copyLength);

        Byte[] remaining = new Byte[buffer.Length - (copyStart+copyLength)];
        if (remaining.Length > 0)
            Array.Copy(buffer, copyStart + copyLength, remaining, 0, remaining.Length);
        buffer = remaining;

        return result;
    }

Answer 2

公钥锁定意味着验证证书的公钥是否正确。公钥不是您必须计算的，它包含在证书内的明文中。我想你的意思是，你想要计算公钥的哈希值（钉住并不意味着哈希，它意味着与已知值进行比较）。如果您知道后端的URL或IP，则可以轻松提取公钥。

此页面的chrome示例（您需要OpenSSL工具）：

1. 点击网址左侧的绿色锁
2. 点击详情
3. 点击＆＃39;查看证书＆＃39;在安全
4. 转到＆＃39;详细信息＆＃39;选项卡和＆＃39;复制到文件＆＃39;并保存在某处

5. 使用命令

   openssl x509 -inform der -in yourcertificate.cer     -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary

它将返回公钥的sha256哈希