OpenSSL:PKCS7,验证失败,PEM中有效负载的校验和?
SMIME消息中存在验证错误,我尝试手动检查 PEM的ASN1与有效载荷摘要之间是否存在明显关系 我尝试以下方法: 制作SMIME的消息签名的PEMOpenSSL:PKCS7,验证失败,PEM中有效负载的校验和?,openssl,pkcs#7,smime,Openssl,Pkcs#7,Smime,SMIME消息中存在验证错误,我尝试手动检查 PEM的ASN1与有效载荷摘要之间是否存在明显关系 我尝试以下方法: 制作SMIME的消息签名的PEM openssl cms -sign -in x.txt -md sha1 -signer cer.cer -inkey key.key -outform PEM > mypem 对有效负载进行SHA校验和: sha1sum x.txt 解析PEM: openssl asn1parse -in mypem 因此,我会在asn1parse的
openssl cms -sign -in x.txt -md sha1 -signer cer.cer -inkey key.key -outform PEM > mypem
对有效负载进行SHA校验和:
sha1sum x.txt
解析PEM:
openssl asn1parse -in mypem
因此,我会在asn1parse的输出中找到sha1sum的SHA校验和吗?如果在最后一个openssl命令中添加-notify pem,您将看到更多信息:
openssl asn1parse -inform pem -in mypem
查看八位字节字符串输出的末尾。在我的例子中,我有2K RSA密钥,该对象是512字节
此hexdump是PKCS7签名的加密部分
将此字符串转换为二进制,我喜欢xxd,并再次使用openssl对其进行解码,前提是您还拥有RSA密钥:
$ echo "07CD61E81878C803ACA4B41713845320D46577ED9B4F70FA04F18C31B27F08622B4D919C30147B99EF2135A402C5DC11639F0412648DA84183284A2E9F51EC05C3F354ECDC7A7F9BB540785ACC192BFAE2643C796FBD3CD8CD9ADB8591ABF042F9FC6F520250D50B0DC52E2207A1D7116878AC75EFE87031CC728822D01A0FCB75E528239CA9FD94EC4C6161696A33A35D5CA7E182FF486E8DF7CBA7944840F130612415ED3FCD42C4F92E2BF193CCC265A4B5D153362A51A3CA00F8EF0D7E4D3F7516299C74271E4AF6307AFA5FF2897297F7076E3D7A21A0BCA4B22A699D9D6F5C3AD044DC91145B34B3564EE9825DC9E9DE19A453296A8C1E520D292A7861" |
xxd -r -ps -c512 | openssl rsautl -encrypt -inkey key.key -raw -hexdump
Enter pass phrase for key.key:
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00d0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 21 30 .............0!0
00e0 - 09 06 05 2b 0e 03 02 1a-05 00 04 14 d2 b9 cb a5 ...+............
00f0 - 53 a5 e2 da d9 da 75 c5-bc ad a5 1b f6 2a eb 13 S.....u......*..
您将识别PCKS1 v1.5填充
提取最后的字节,使用openssl asn1解析器对其进行解码,最终得到所需的哈希:
$ echo 3021300906052b0e03021a05000414d2b9cba553a5e2dad9da75a5bcada51bf62aeb13 | xxd -r -ps | openssl asn1parse -inform der
0:d=0 hl=2 l= 33 cons: SEQUENCE
2:d=1 hl=2 l= 9 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :sha1
11:d=2 hl=2 l= 0 prim: NULL
13:d=1 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:D2B9CBA553A5E2DAD9DA75A5BCADA51BF62AEB13