Question

因此哈希材料是TBS证书字段。这个字段值应该是asn.1解码值还是asn.1编码值？和id是＆＃39; 1.2.840.113549.1.1.5＆＃39;或者＆＃39; sha1RSA＆＃39; ??

      TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    extensions      [3]  EXPLICIT Extensions OPTIONAL
                         -- If present, version MUST be v3
    }

Answer 1

正如RFC5280 section 4.1

所述

签名时，使用ASN.1编码规则（DER）[X.690]对要签名的数据进行编码。 ASN.1 DER编码是每个元素的标记，长度，值编码系统。

所以它应该是asn.1编码值。

对于签名算法，RFC5280在section 4.1.1.2中指定了支持的算法。有3个其他RFC的参考。

即。 RFC5280包含自签名证书的示例，其中使用的签名算法为sha1-with-rsa-signature (1.2.840.113549.1.1.5)。

Answer 2

这是我自己的证明 `

`

这是我的解密签名：

0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414752d3360bc92e11322e1fa540b4a88e8c8b1f6f6 纯哈希：752d3360bc92e11322e1fa540b4a88e8c8b1f6f6 == TBS证书哈希应该是这样的

我计算BASE64解码得到DER证书。那么FILTER TBS证书和（字节码）sha1哈希。然后转换hex = 752d3360bc92e11322e1fa540b4a88e8c8b1f6f6。谢谢@PEPO

什么应该是证书哈希材料？验证x.509证书

2 个答案: