参与字符串的签名。通常的签名通过。现在必须添加签名的参数。
添加行没有问题:
void add_signed_printable_string(PKCS7_SIGNER_INFO *si, char *oid, char *str)
{
ASN1_PRINTABLESTRING *os;
signed_string_nid = OBJ_create(oid, str, str);
os=ASN1_PRINTABLESTRING_new();
M_ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
PKCS7_add_signed_attribute(si,signed_string_nid, V_ASN1_PRINTABLESTRING,(char *)os);
}
除了内容类型之外,其他所有内容也很清楚:
PKCS7_add_attrib_content_type(si, OBJ_nid2obj(OID_SIGNED_CONTENT_TYPE));
但是现在您需要添加对象X509_NAME和OCSP响应。
通常如何正确添加此类对象?
我尝试通过手动记录所有参数来添加X509_NAME,但这需要很长时间。
您应该得到这样的内容(与1.3.6.1.4.1.6801.2.8和1.3.6.1.5.5.7.48.1.1相同):
[0] (7 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.13 signingDescription (PKCS #9)
SET (1 elem)
PrintableString ESEDO
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.1 data (PKCS #7)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2018-11-13 12:08:20 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) 166182C25D404360359A8961F9A861F4A11567C9BC0D01BF81EC647E1CA59331
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.77
SET (1 elem)
UTF8String Как дебажить ошибки.docx
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.6801.2.8
SET (1 elem)
SEQUENCE (10 elem)
SET (1 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.4 surname (X.520 DN component)
UTF8String ТЕСТ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN123128350133
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String ТОВАРИЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ "777"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN123840007123
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.42 givenName (X.520 DN component)
UTF8String ТЕСТ
SET (1 elem)
SEQUENCE (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1 ocspBasic (OCSP)
SET (1 elem)
OCTET STRING (1 elem)
SEQUENCE (2 elem)
ENUMERATED
[0] (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1 ocspBasic (OCSP)
OCTET STRING (1 elem)
SEQUENCE (4 elem)
SEQUENCE (4 elem)
[1] (1 elem)
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String OCSP RESPONDER
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN761231300313
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String АКЦИОНЕРНОЕ ОБЩЕСТВО "НАЦИОНАЛЬНЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN000740000728
GeneralizedTime 2018-11-13 12:08:12 UTC
SEQUENCE (1 elem)
SEQUENCE (3 elem)
SEQUENCE (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.3.1
NULL
OCTET STRING (32 byte) CB71EA9140B5F7D0A761D820E5FBE12C8FFB771B954165D8FC7387758D424F9A
OCTET STRING (32 byte) 640A1103E2579C4AFDBC3306E07AC6AA1473FA0E2E7DD005F3E6254195D828AA
INTEGER (159 bit) 616944972507369995033056199378545336054600461801
[0]
GeneralizedTime 2018-11-13 12:08:12 UTC
[1] (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.2 ocspNonce (OCSP)
OCTET STRING (1 elem)
OCTET STRING ¤}Z
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.9
OCTET STRING (1 elem)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
BIT STRING (512 bit) 1011010110100000001011110110010101000001111111110100110110001111100011…
[0] (1 elem)
SEQUENCE (1 elem)
SEQUENCE (3 elem)
SEQUENCE (8 elem)
[0] (1 elem)
INTEGER 2
INTEGER (158 bit) 272744986983533272580483628423012745646484689418
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
SEQUENCE (2 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String ҰЛТТЫҚ КУӘЛАНДЫРУШЫ ОРТАЛЫҚ (GOST)
SEQUENCE (2 elem)
UTCTime 2018-08-11 18:00:55 UTC
UTCTime 2019-08-11 18:00:55 UTC
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String OCSP RESPONDER
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN761231300313
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String АКЦИОНЕРНОЕ ОБЩЕСТВО "НАЦИОНАЛЬНЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN000740000728
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.1
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.1.1
OBJECT IDENTIFIER 1.2.398.3.10.1.3.1.1.0
BIT STRING (1 elem)
OCTET STRING (64 byte) D20F80BBB987C85D946C54C3AB994F7887BDA2FE5C9C392A30AB615B407765CD8D3D78…
[3] (1 elem)
SEQUENCE (7 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.37 extKeyUsage (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.9 ocspSigning (PKIX key purpose)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.35 authorityKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
[0] (4 byte) 5B6A73E9
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
OCTET STRING (20 byte) 042ECC160C088D0915A0F66BDD9F8205D9F56A0E
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.31 cRLDistributionPoints (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
[0] (1 elem)
[0] (2 elem)
[6] http://crl.pki.gov.kz/nca_gost.crl
[6] http://crl1.pki.gov.kz/nca_gost.crl
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.46 freshestCRL (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
[0] (1 elem)
[0] (2 elem)
[6] http://crl.pki.gov.kz/nca_d_gost.crl
[6] http://crl1.pki.gov.kz/nca_d_gost.crl
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 authorityInfoAccess (PKIX private extension)
OCTET STRING (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 caIssuers (PKIX subject/authority info access descriptor)
[6] http://pki.gov.kz/cert/nca_gost.cer
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 ocsp (PKIX)
[6] http://ocsp.pki.gov.kz
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.5 ocspNoCheck (OCSP)
OCTET STRING (0 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
BIT STRING (512 bit) 1001000111110101000101110111000111010000111111101010101010010100110110…