是否有更好的(更可靠或更标准的)方法来提取签名的x.509证书的签名:
SIGNED_CERTIFICATE=/path/to/signed/x509-cert.pem
openssl x509 -in ${SIGNED_CERTIFICATE} -text -noout | tac | sed '/.*Signature Algorithm:/q' | tac
我正在寻找用于bash脚本的签名的hexdump。目前,这适用于我测试的所有(但很少)签名的证书,但依赖于签名是openssl x509中输出的最后一件事。我也知道如何手动使用openssl asn1parse来提取它,但它需要你查看输出并且更难自动化。
由于
答案 0 :(得分:2)
你是否喜欢这样的事情:
openssl x509 -in /usr/local/share/ca-certificates/TestCA.crt -text -noout -certopt ca_default -certopt no_validity -certopt no_serial -certopt no_subject -certopt no_extensions -certopt no_signame
Signature Algorithm: sha1WithRSAEncryption
6d:94:92:e0:e4:a4:f4:65:aa:e3:cc:1b:9f:2a:01:b0:20:cf:
67:5a:58:cf:aa:d9:99:08:07:91:9a:0b:b6:2b:52:9d:f0:e5:
0d:50:cb:66:8c:a6:93:21:36:11:c7:30:98:45:65:43:e1:54:
a5:22:0bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1e:05:
0e:e3:10:01:73:06:5b:98:f5:e8:6d:73:a5:65:8d:3d:48:b0:
21:4a:30:9f:7c:7d:99:d0:e7:c1:cc:22:fa:c4:fc:9c:48:3f:
ff:83:72:98:d0:33:3b:05:69:84:fd:7b:bc:b8:e6:44:96:cf:
58:27:4c:c3:d1:9d:c1:f1:02:f8:3c:11:92:fe:fa:c1:ff:48:
cf:a8:e9:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx:9b:b0:4f:c2:ca:
28:5b:13:c2:1d:c9:79:7a:71:4c:9c:4a:f5:26:60:6d:75:3f:
00:31:57:8f:00:99:ca:93:52:5d:fc:dd:71:76:1b:22:61:4b:
5f:29:f6:77:fd:f0:e5:20:dc:fd:e1:d5:d2:05:a3:3f:96:2c:
d9:cc:d9:87:9c:7b:16:c8:4f:2c:2e:b6:dd:bd:e5:9b:d7:97:
c5:b0:31:19:69:a7:f8:f9:3e:b2:0b:3d:b0:13:68:a1:1d:ee:
e3:86:60:77
给openssl x509提供正确的论据听起来是一种更好的方式来实现你所追求的目标。所有选项都在x509 manpage