具有中间证书的Golang PKCS12标志

时间:2019-01-14 12:05:46

标签: go cryptography x509

我有.p12扩展名,其中包含证书和密钥。然后,使用以下命令提取PEM中的证书和密钥:

openssl pkcs12 -in <filename>.p12 -clcerts -nokeys -out passcertificate.pem -passin pass:<password>

openssl pkcs12 -in Certificates.p12 -nocerts -out passkey.pem -passin pass:<password> -passout pass:<password_out>

毕竟,我使用私钥和中间证书对文件签名以获得签名。

openssl smime -binary -sign -certfile <intermediate>.pem -signer passcertificate.pem -inkey passkey.pem -in manifest.json -out signature -outform DER -passin pass:<password_out>

使用标准库在Go中重现这些步骤是否?

// read file content to be signed
content, err := ioutil.ReadFile(".../path_to_file/manifest.json")
if err != nil {
    //
}
// read .p12 file
buf, err := ioutil.ReadFile(".../path_to_file/Certificate.p12")
if err != nil {
    //
}
// extract key and cert
pk, cert, err := pkcs12.Decode(buf, password)
if err != nil {
    return err
}
privateKey := pk.(*rsa.PrivateKey)
// create hash
h := crypto.SHA256.New()
_, err = h.Write(content)
if err != nil {
    //
}
hashed := h.Sum(nil)
// how to pass intermediate cert??
sign, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, 
hashed)
if err != nil {
    return err
}
sig := base64.RawURLEncoding.EncodeToString(sign)

0 个答案:

没有答案