我有.p12扩展名,其中包含证书和密钥。然后,使用以下命令提取PEM中的证书和密钥:
openssl pkcs12 -in <filename>.p12 -clcerts -nokeys -out passcertificate.pem -passin pass:<password>
openssl pkcs12 -in Certificates.p12 -nocerts -out passkey.pem -passin pass:<password> -passout pass:<password_out>
毕竟,我使用私钥和中间证书对文件签名以获得签名。
openssl smime -binary -sign -certfile <intermediate>.pem -signer passcertificate.pem -inkey passkey.pem -in manifest.json -out signature -outform DER -passin pass:<password_out>
使用标准库在Go中重现这些步骤是否?
// read file content to be signed
content, err := ioutil.ReadFile(".../path_to_file/manifest.json")
if err != nil {
//
}
// read .p12 file
buf, err := ioutil.ReadFile(".../path_to_file/Certificate.p12")
if err != nil {
//
}
// extract key and cert
pk, cert, err := pkcs12.Decode(buf, password)
if err != nil {
return err
}
privateKey := pk.(*rsa.PrivateKey)
// create hash
h := crypto.SHA256.New()
_, err = h.Write(content)
if err != nil {
//
}
hashed := h.Sum(nil)
// how to pass intermediate cert??
sign, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256,
hashed)
if err != nil {
return err
}
sig := base64.RawURLEncoding.EncodeToString(sign)