我在SMIME消息中出现验证错误,我尝试手动检查。
PEM的ASN1与有效载荷的摘要之间是否存在明显的关系?
我尝试以下操作:
制作消息的PEM(SMIME的签名)
openssl cms -sign -in x.txt -md sha1 -signer cer.cer -inkey key.key -outform PEM > mypem
制作有效负载的SHA校验和:
sha1sum x.txt
解析PEM:
openssl asn1parse -in mypem
那么我会在asn1parse的输出中找到sha1sum的SHA校验和吗?
答案 0 :(得分:1)
如果您将-inform pem添加到上一个openssl命令,您会看到更多:
openssl asn1parse -inform pem -in mypem
查看OCTET STRING输出的结尾。在我的情况下,我有2K RSA密钥,该对象是512字节。
这个hexdump是PKCS#7签名的加密部分。
将此字符串转换为二进制(我喜欢xxd)并再次使用openssl进行解码(假设您还有RSA密钥):
$ echo "07CD61E81878C803ACA4B41713845320D46577ED9B4F70FA04F18C31B27F08622B4D919C30147B99EF2135A402C5DC11639F0412648DA84183284A2E9F51EC05C3F354ECDC7A7F9BB540785ACC192BFAE2643C796FBD3CD8CD9ADB8591ABF042F9FC6F520250D50B0DC52E2207A1D7116878AC75EFE87031CC728822D01A0FCB75E528239CA9FD94EC4C6161696A33A35D5CA7E182FF486E8DF7CBA7944840F130612415ED3FCD42C4F92E2BF193CCC265A4B5D153362A51A3CA00F8EF0D7E4D3F7516299C74271E4AF6307AFA5FF2897297F7076E3D7A21A0BCA4B22A699D9D6F5C3AD044DC91145B34B3564EE9825DC9E9DE19A453296A8C1E520D292A7861" |
xxd -r -ps -c512 | openssl rsautl -encrypt -inkey key.key -raw -hexdump
Enter pass phrase for key.key:
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00d0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 21 30 .............0!0
00e0 - 09 06 05 2b 0e 03 02 1a-05 00 04 14 d2 b9 cb a5 ...+............
00f0 - 53 a5 e2 da d9 da 75 c5-bc ad a5 1b f6 2a eb 13 S.....u......*..
你会认识到PCKS#1 v1.5填充。
最后提取字节,用openssl asn1解析器对它们进行解码,最后得到你想要的哈希值:
$ echo 3021300906052b0e03021a05000414d2b9cba553a5e2dad9da75a5bcada51bf62aeb13 | xxd -r -ps | openssl asn1parse -inform der
0:d=0 hl=2 l= 33 cons: SEQUENCE
2:d=1 hl=2 l= 9 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :sha1
11:d=2 hl=2 l= 0 prim: NULL
13:d=1 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:D2B9CBA553A5E2DAD9DA75A5BCADA51BF62AEB13