X.509 证书定义

最新推荐文章于 2024-06-25 07:43:41 发布

baozixiaopu

最新推荐文章于 2024-06-25 07:43:41 发布

阅读量234

点赞数

分类专栏： SSL/TLS 文章标签： Rsa python java RSA X.509证书

本文链接：https://blog.csdn.net/paozixiaopu/article/details/124070641

版权

SSL/TLS 专栏收录该内容

4 篇文章 0 订阅

订阅专栏

概念

证书撤销列表 certificate revocation list (CRL)
证书颁发机构 certification authority (CA)
注册机构 registration authority (RA)
公用密钥基础设施 Public Key Infrastructure (PKI)

编码

DER X.509依赖于的唯一编码规则（distinguished encoding rules,DER）是BER的子集
PEM 基于DER编码后内容使用BASE64编码且带头带尾的特定格式

证书相关文件后缀

证书字段

 Certificate  ::=  SEQUENCE  {
        tbsCertificate       TBSCertificate,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

TBSCertificate

TBSCertificate  ::=  SEQUENCE  {
     version         [0]  EXPLICIT Version DEFAULT v1,
     serialNumber         CertificateSerialNumber,
     signature            AlgorithmIdentifier,
     issuer               Name,
     validity             Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version MUST be v2 or v3
      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version MUST be v2 or v3
     extensions      [3]  EXPLICIT Extensions OPTIONAL
                          -- If present, version MUST be v3
     }

Version

Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }

CertificateSerialNumber

CertificateSerialNumber  ::=  INTEGER

AlgorithmIdentifier

AlgorithmIdentifier  ::=  SEQUENCE  {
     algorithm               OBJECT IDENTIFIER,
     parameters              ANY DEFINED BY algorithm OPTIONAL  }

Name

 Name ::= CHOICE { -- only one possibility for now --
     rdnSequence  RDNSequence }

   RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

   RelativeDistinguishedName ::=
     SET SIZE (1..MAX) OF AttributeTypeAndValue

   AttributeTypeAndValue ::= SEQUENCE {
     type     AttributeType,
     value    AttributeValue }

   AttributeType ::= OBJECT IDENTIFIER

   AttributeValue ::= ANY -- DEFINED BY AttributeType

   DirectoryString ::= CHOICE {
         teletexString           TeletexString (SIZE (1..MAX)),
         printableString         PrintableString (SIZE (1..MAX)),
         universalString         UniversalString (SIZE (1..MAX)),
         utf8String              UTF8String (SIZE (1..MAX)),
         bmpString               BMPString (SIZE (1..MAX)) }

Validity

Validity ::= SEQUENCE {
     notBefore      Time,
     notAfter       Time 
    
    }

Time

Time ::= CHOICE {
     utcTime        UTCTime,
     generalTime    GeneralizedTime }

UniqueIdentifier

UniqueIdentifier  ::=  BIT STRING

SubjectPublicKeyInfo

SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING  }

Extensions

Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

Extension

Extension  ::=  SEQUENCE  {
     extnID      OBJECT IDENTIFIER,
     critical    BOOLEAN DEFAULT FALSE,
     extnValue   OCTET STRING
                 -- contains the DER encoding of an ASN.1 value
                 -- corresponding to the extension type identified
                 -- by extnID
     }