KeyTool生成keystore文件
keytool -genkey -alias A1.keystore -keyalg RSA -validity 40000 -keystore A1.keystore
keystore導出證書
keytool -exportcert -v -alias A1.keystore -keystore A1.keystore -file A1.cer
Windows查看證書
A1.cer是一個二進制文件,直接在Windows上查看證書的內容. 這裏證書使用的簽名算法是sha256RSA
證書原始二進制數據
30 82 03 55 30 82 02 3D A0 03 02 01 02 02 04 0B
A4 1E D7 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B
05 00 30 5A 31 0D 30 0B 06 03 55 04 06 13 04 61
62 63 64 31 0D 30 0B 06 03 55 04 08 13 04 61 62
63 64 31 0D 30 0B 06 03 55 04 07 13 04 61 62 63
64 31 0D 30 0B 06 03 55 04 0A 13 04 61 62 63 64
31 0D 30 0B 06 03 55 04 0B 13 04 61 62 63 64 31
0D 30 0B 06 03 55 04 03 13 04 61 62 63 64 30 20
17 0D 31 36 31 32 32 38 30 36 34 30 30 34 5A 18
0F 32 31 32 36 30 37 30 35 30 36 34 30 30 34 5A
30 5A 31 0D 30 0B 06 03 55 04 06 13 04 61 62 63
64 31 0D 30 0B 06 03 55 04 08 13 04 61 62 63 64
31 0D 30 0B 06 03 55 04 07 13 04 61 62 63 64 31
0D 30 0B 06 03 55 04 0A 13 04 61 62 63 64 31 0D
30 0B 06 03 55 04 0B 13 04 61 62 63 64 31 0D 30
0B 06 03 55 04 03 13 04 61 62 63 64 30 82 01 22
30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03
82 01 0F 00 30 82 01 0A 02 82 01 01 00 D9 5A 70
39 00 F2 C9 5E C0 1F A8 54 83 55 CC EF EC 60 B4
82 0D BF 0F DB F9 C9 F2 B0 3C 88 9C 30 DB 79 4B
CD 9F 02 32 AF EF 54 CA 89 AD B1 76 31 96 AF D8
85 7A 6D 31 6B 6C DE 12 F3 DB 8A 0A 45 6C 84 1E
5F 20 0E D4 4B 80 E8 C6 85 A5 08 9D 98 20 21 A1
A8 94 2B 7F 0D F1 A0 F5 54 5F 4F A1 F5 39 08 31
7C 7C 56 D3 BD E0 93 6A CC 19 EE 89 87 BD 12 49
4F F2 C3 F7 40 FF 5C 2E 78 4C 5E FC C0 4D 16 C6
C6 B9 8A 3B BE 5A 4C 2E 79 45 DB F9 9A 5B 11 DB
61 A3 E1 AF 3C A6 E4 13 26 98 84 D4 D4 B5 E5 57
FF D6 02 11 82 A1 9E 63 24 4D DE FE 62 5D F0 7D
DC B3 FF 7C 27 89 EE BB 5B 0A 7B 93 42 24 0D 20
05 BA A2 81 89 99 EE B8 B0 F8 0E A8 A2 4A 70 3B
BA 05 F2 C3 14 56 DB 88 CA EC E0 89 82 6B 80 9F
5C D6 A2 F5 B6 55 2A C3 45 3C 63 2B C7 9A 7A B5
D3 96 31 1F 2E A0 C3 8B 1D 04 A7 86 E5 02 03 01
00 01 A3 21 30 1F 30 1D 06 03 55 1D 0E 04 16 04
14 EB 3C A6 22 38 BD F1 CB 77 FC 2C 9C C2 D1 BD
77 BD 61 3B F0 30 0D 06 09 2A 86 48 86 F7 0D 01
01 0B 05 00 03 82 01 01 00 D8 A8 9C 52 9E 37 1B
90 6B 03 C3 A6 AE 1A 0A 29 34 0B 90 3B DF CA CA
E6 FC 4A 5D 17 BF 69 10 FA 1E C8 13 7B F7 9E F0
EA 2A 24 32 29 29 EC 41 5A 21 A7 AD 65 3D 49 F5
AC CE 8D C0 6F D0 EE 18 AB 16 82 00 5A A2 61 25
89 6C C7 06 93 2F EE 2E CC A8 13 A3 1B 02 E3 D3
51 38 A9 52 BB 27 55 3B DE 46 5A C4 A4 0F FA 42
D3 1A CE 8A B9 D4 D7 96 BE 63 08 88 E2 B0 B5 13
E5 62 5C 9E 84 17 81 54 77 06 47 99 E2 79 7F DC
50 77 B8 FF E2 D6 48 95 9C D8 28 76 00 57 32 58
D9 FC 80 10 55 D2 CF 40 EF 85 C0 B9 21 A8 D6 9D
05 13 FB 70 92 C6 16 45 AF AA 3D BD D0 DD BE 1D
A0 8B 97 58 0D 3A E0 86 7E 70 24 57 ED 97 97 10
99 57 8B 0E 76 0A E9 AE BC B2 E0 92 91 86 A9 27
5A 96 64 DF 26 6B 2A 28 1D 35 61 E6 B6 B9 01 58
A9 97 2B 1E 49 73 64 8C D0 D2 66 6D 9E 60 92 4E
C3 9E 6D 79 74 AF 47 26 51
解析證書
裏面包含的信息
- 輸入的個人基本信息
- RSA公鑰
- 用RSA私鑰對上述信息做的簽名
T = 30 L = 0355
T = 30 L = 023D
T = A0 L = 0003
T = 02 L = 0001 V = 02
T = 02 L = 0004 V = 0BA41ED7
T = 30 L = 000D
T = 06 L = 0009 V = 2A864886F70D01010B
T = 05 L = 0000 V = []
T = 30 L = 005A
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550406
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550408
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550407
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 55040A
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 55040B
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550403
T = 13 L = 0004 V = 61626364 [abcd]
T = 30 L = 0020
T = 17 L = 000D V = 3136313232383036343030345A [161228064004Z]
T = 18 L = 000F V = 32313236303730353036343030345A [21260705064004Z]
T = 30 L = 005A
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550406
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550408
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550407
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 55040A
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 55040B
T = 13 L = 0004 V = 61626364 [abcd]
T = 31 L = 000D
T = 30 L = 000B
T = 06 L = 0003 V = 550403
T = 13 L = 0004 V = 61626364 [abcd]
T = 30 L = 0122
T = 30 L = 000D
T = 06 L = 0009 V = 2A864886F70D010101
T = 05 L = 0000 V = []
T = 03 L = 010F V = 003082010A0282010100D95A703900F2C95EC01FA8548355CCEFEC60B4820DBF0FDBF9C9F2B03C889C30DB794BCD9F0232AFEF54CA89ADB1763196AFD8857A6D316B6CDE12F3DB8A0A456C841E5F200ED44B80E8C685A5089D982021A1A8942B7F0DF1A0F5545F4FA1F53908317C7C56D3BDE0936ACC19EE8987BD12494FF2C3F740FF5C2E784C5EFCC04D16C6C6B98A3BBE5A4C2E7945DBF99A5B11DB61A3E1AF3CA6E413269884D4D4B5E557FFD6021182A19E63244DDEFE625DF07DDCB3FF7C2789EEBB5B0A7B9342240D2005BAA2818999EEB8B0F80EA8A24A703BBA05F2C31456DB88CAECE089826B809F5CD6A2F5B6552AC3453C632BC79A7AB5D396311F2EA0C38B1D04A786E50203010001
T = A3 L = 0021
T = 30 L = 001F
T = 30 L = 001D
T = 06 L = 0003 V = 551D0E
T = 04 L = 0016 V = 0414EB3CA62238BDF1CB77FC2C9CC2D1BD77BD613BF0
T = 30 L = 000D
T = 06 L = 0009 V = 2A864886F70D01010B
T = 05 L = 0000 V = []
T = 03 L = 0101 V = 00D8A89C529E371B906B03C3A6AE1A0A29340B903BDFCACAE6FC4A5D17BF6910FA1EC8137BF79EF0EA2A24322929EC415A21A7AD653D49F5ACCE8DC06FD0EE18AB1682005AA26125896CC706932FEE2ECCA813A31B02E3D35138A952BB27553BDE465AC4A40FFA42D31ACE8AB9D4D796BE630888E2B0B513E5625C9E8417815477064799E2797FDC5077B8FFE2D648959CD8287600573258D9FC801055D2CF40EF85C0B921A8D69D0513FB7092C61645AFAA3DBDD0DDBE1DA08B97580D3AE0867E702457ED97971099578B0E760AE9AEBCB2E0929186A9275A9664DF266B2A281D3561E6B6B90158A9972B1E4973648CD0D2666D9E60924EC39E6D7974AF472651
解析公鑰
從中解析出模數N和指數E, 可以看到指數爲(65537)
T = 30 L = 010A
T = 02 L = 0101 V = 00D95A703900F2C95EC01FA8548355CCEFEC60B4820DBF0FDBF9C9F2B03C889C30DB794BCD9F0232AFEF54CA89ADB1763196AFD8857A6D316B6CDE12F3DB8A0A456C841E5F200ED44B80E8C685A5089D982021A1A8942B7F0DF1A0F5545F4FA1F53908317C7C56D3BDE0936ACC19EE8987BD12494FF2C3F740FF5C2E784C5EFCC04D16C6C6B98A3BBE5A4C2E7945DBF99A5B11DB61A3E1AF3CA6E413269884D4D4B5E557FFD6021182A19E63244DDEFE625DF07DDCB3FF7C2789EEBB5B0A7B9342240D2005BAA2818999EEB8B0F80EA8A24A703BBA05F2C31456DB88CAECE089826B809F5CD6A2F5B6552AC3453C632BC79A7AB5D396311F2EA0C38B1D04A786E5 (RSA公鑰模數)
T = 02 L = 0003 V = 010001 (RSA公鑰指數)
自簽名證書
該證書的簽名也包含在裏面,現摘取如下:
D8A89C529E371B906B03C3A6AE1A0A29340B903BDFCACAE6FC4A5D17BF6910FA1EC8137BF79EF0EA2A24322929EC415A21A7AD653D49F5ACCE8DC06FD0EE18AB1682005AA26125896CC706932FEE2ECCA813A31B02E3D35138A952BB27553BDE465AC4A40FFA42D31ACE8AB9D4D796BE630888E2B0B513E5625C9E8417815477064799E2797FDC5077B8FFE2D648959CD8287600573258D9FC801055D2CF40EF85C0B921A8D69D0513FB7092C61645AFAA3DBDD0DDBE1DA08B97580D3AE0867E702457ED97971099578B0E760AE9AEBCB2E0929186A9275A9664DF266B2A281D3561E6B6B90158A9972B1E4973648CD0D2666D9E60924EC39E6D7974AF472651
RSA公鑰解密簽名
現在有了公鑰就可以對上述簽名進行解密操作。使用RSA的大數模冪運算即可
得到原始的明文爲:
M = "D8A89C529E371B906B03C3A6AE1A0A29340B903BDFCACAE6FC4A5D17BF6910FA1EC8137BF79EF0EA2A24322929EC415A21A7AD653D49F5ACCE8DC06FD0EE18AB1682005AA26125896CC706932FEE2ECCA813A31B02E3D35138A952BB27553BDE465AC4A40FFA42D31ACE8AB9D4D796BE630888E2B0B513E5625C9E8417815477064799E2797FDC5077B8FFE2D648959CD8287600573258D9FC801055D2CF40EF85C0B921A8D69D0513FB7092C61645AFAA3DBDD0DDBE1DA08B97580D3AE0867E702457ED97971099578B0E760AE9AEBCB2E0929186A9275A9664DF266B2A281D3561E6B6B90158A9972B1E4973648CD0D2666D9E60924EC39E6D7974AF472651"
E = "010001"
N = "D95A703900F2C95EC01FA8548355CCEFEC60B4820DBF0FDBF9C9F2B03C889C30DB794BCD9F0232AFEF54CA89ADB1763196AFD8857A6D316B6CDE12F3DB8A0A456C841E5F200ED44B80E8C685A5089D982021A1A8942B7F0DF1A0F5545F4FA1F53908317C7C56D3BDE0936ACC19EE8987BD12494FF2C3F740FF5C2E784C5EFCC04D16C6C6B98A3BBE5A4C2E7945DBF99A5B11DB61A3E1AF3CA6E413269884D4D4B5E557FFD6021182A19E63244DDEFE625DF07DDCB3FF7C2789EEBB5B0A7B9342240D2005BAA2818999EEB8B0F80EA8A24A703BBA05F2C31456DB88CAECE089826B809F5CD6A2F5B6552AC3453C632BC79A7AB5D396311F2EA0C38B1D04A786E5"
bignumM = BigNum(M)
bignumE = BigNum(E)
bignumN = BigNum(N)
bignumC = bignum_mod_exp(bignumM, bignumE, bignumN)
print bignumC
output:
0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D06096086480165030402010500042080F5E8FEF8DE48D910E9957E7847FDCCE91C7B1FD94241E1F6F8EAA4DFEF25A3
輸出內容裏面應該包含了SHA256的32字節哈希值, 想找規範對數據進行Hash驗證,未找到。(留個坑)
整個證書的哈希
直接對A1.cer證書中的所有二進制數據進行HASH,可以得到證書的指紋.
計算結果如下.
filename = A1.cer
MD5: F1F8908626ECADA576712AB01D6A0669
SHA1: BDDBCFBA75DBFA245136D46DFD71557761AB4B0F
SHA224: AB31FE22478DE99AD651F1BE5820F884F6771309A59E2A89A8AB8B75
SHA256: 492D853F6366610A7FF43051E774970F3E45A367E95A927B2C34DF43520A352B
SHA384: A5EE40D23901FB3B71B09F93F2DFA1EA4581B77D6BA7B2C60AE18EB48A2DBDA9B9BA226AA9F58B41FE84472C7F15ED03
SHA512: E33268F5D9DBA248D24CDD2ABBEB68DE0903ED8CF7B612A1E6F04577361BDECF63163B7DEC1A610685C23BD1265EF422DBF3C35C566EEE872ABE40E597AC2C0B
openssl解析證書
除了自己手動解析證書外, 可以直接調用openssl來把二進制格式的證書轉換成文本格式
openssl x509 -in A1.cer -inform der -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 195305175 (0xba41ed7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=abcd, ST=abcd, L=abcd, O=abcd, OU=abcd, CN=abcd
Validity
Not Before: Dec 28 06:40:04 2016 GMT
Not After : Jul 5 06:40:04 2126 GMT
Subject: C=abcd, ST=abcd, L=abcd, O=abcd, OU=abcd, CN=abcd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d9:5a:70:39:00:f2:c9:5e:c0:1f:a8:54:83:55:
cc:ef:ec:60:b4:82:0d:bf:0f:db:f9:c9:f2:b0:3c:
88:9c:30:db:79:4b:cd:9f:02:32:af:ef:54:ca:89:
ad:b1:76:31:96:af:d8:85:7a:6d:31:6b:6c:de:12:
f3:db:8a:0a:45:6c:84:1e:5f:20:0e:d4:4b:80:e8:
c6:85:a5:08:9d:98:20:21:a1:a8:94:2b:7f:0d:f1:
a0:f5:54:5f:4f:a1:f5:39:08:31:7c:7c:56:d3:bd:
e0:93:6a:cc:19:ee:89:87:bd:12:49:4f:f2:c3:f7:
40:ff:5c:2e:78:4c:5e:fc:c0:4d:16:c6:c6:b9:8a:
3b:be:5a:4c:2e:79:45:db:f9:9a:5b:11:db:61:a3:
e1:af:3c:a6:e4:13:26:98:84:d4:d4:b5:e5:57:ff:
d6:02:11:82:a1:9e:63:24:4d:de:fe:62:5d:f0:7d:
dc:b3:ff:7c:27:89:ee:bb:5b:0a:7b:93:42:24:0d:
20:05:ba:a2:81:89:99:ee:b8:b0:f8:0e:a8:a2:4a:
70:3b:ba:05:f2:c3:14:56:db:88:ca:ec:e0:89:82:
6b:80:9f:5c:d6:a2:f5:b6:55:2a:c3:45:3c:63:2b:
c7:9a:7a:b5:d3:96:31:1f:2e:a0:c3:8b:1d:04:a7:
86:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:3C:A6:22:38:BD:F1:CB:77:FC:2C:9C:C2:D1:BD:77:BD:61:3B:F0
Signature Algorithm: sha256WithRSAEncryption
d8:a8:9c:52:9e:37:1b:90:6b:03:c3:a6:ae:1a:0a:29:34:0b:
90:3b:df:ca:ca:e6:fc:4a:5d:17:bf:69:10:fa:1e:c8:13:7b:
f7:9e:f0:ea:2a:24:32:29:29:ec:41:5a:21:a7:ad:65:3d:49:
f5:ac:ce:8d:c0:6f:d0:ee:18:ab:16:82:00:5a:a2:61:25:89:
6c:c7:06:93:2f:ee:2e:cc:a8:13:a3:1b:02:e3:d3:51:38:a9:
52:bb:27:55:3b:de:46:5a:c4:a4:0f:fa:42:d3:1a:ce:8a:b9:
d4:d7:96:be:63:08:88:e2:b0:b5:13:e5:62:5c:9e:84:17:81:
54:77:06:47:99:e2:79:7f:dc:50:77:b8:ff:e2:d6:48:95:9c:
d8:28:76:00:57:32:58:d9:fc:80:10:55:d2:cf:40:ef:85:c0:
b9:21:a8:d6:9d:05:13:fb:70:92:c6:16:45:af:aa:3d:bd:d0:
dd:be:1d:a0:8b:97:58:0d:3a:e0:86:7e:70:24:57:ed:97:97:
10:99:57:8b:0e:76:0a:e9:ae:bc:b2:e0:92:91:86:a9:27:5a:
96:64:df:26:6b:2a:28:1d:35:61:e6:b6:b9:01:58:a9:97:2b:
1e:49:73:64:8c:d0:d2:66:6d:9e:60:92:4e:c3:9e:6d:79:74:
af:47:26:51
如何獲取私鑰?
證書中是不包含私鑰的,私鑰存儲在最原始的A1.keystore文件中。
- 自己寫程序解析KeyStore格式
- 調用java的API來解析