signature=694cde3d7f2450116894167453553a22,FIDO-U2F-Ledger 注册和登录过程中chrome和后台交互log分析...

于 2021-05-29 20:06:06 发布
阅读量912 收藏
点赞数
文章标签: signature=694cde3d7f2450116894167453553a22

注册流程

LOG

Successfully registered device:

No vendor metadata present!

No device metadata present!

Device transports: USB

Registration Request javascript demo

var request = {"appId":"https://localhost:8443","registeredKeys":[],"registerRequests":[{"version":"U2F_V2","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","appId":"https://localhost:8443"}]};

setTimeout(function() {

u2f.register(

request.appId,

request.registerRequests,

request.registeredKeys,

function(data) {

var form = document.getElementById('form');

var reg = document.getElementById('tokenResponse');

if(data.errorCode) {

switch (data.errorCode) {

case 4:

alert("This device is already registered.");

break;

default:

alert("U2F failed with error: " + data.errorCode);

}

} else {

reg.value=JSON.stringify(data);

form.submit();

}

}

);

}, 1000);

Registration Response

{"registrationData":"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV","clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9"}

Registration data

DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3

SerialNumber: 33

IssuerDN: CN=Ledger FIDO Attestation CA 1

Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016

Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026

SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1

Public Key: EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

Signature Algorithm: SHA256WITHECDSA

Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e

3f6e3f72417c5968dba9407e60c46a140221008f

2aff7afeff55cf8fced7f579cfec9c87940aa544

2560c6e79f3da01aaa6a42

Extensions:

critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]

}

Navigation

Register

Login

注册验签流程

Base64 URL解码注册返回值Registration Response中的registrationData,得到

0504385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee98540eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e73082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a423045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

解析上面的值:

05 // reserved bytes

04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key

40 // key handle length

eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle

3082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42 // attestation certificate,ledger设备内的证书

3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315 // signature

组装要验签数据的原文:

00 // RFU

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter

// -----application parameter得到的过程---------

// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E

// ---------------------------------------------

754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 // challenge parameter

// -----challenge parameter得到的过程---------

// client data Base64Url解码后的字符串按照utf8编码进行sha256

// client data base64Url解码结果为:

// {"typ":"navigator.id.finishEnrollment","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","origin":"https://localhost:8443","cid_pubkey":"unused"}

// 转为utf8编码的hex为:

// 7B22747970223A226E6176696761746F722E69642E66696E697368456E726F6C6C6D656E74222C226368616C6C656E6765223A226E48676C6E525F447676573038426F6A5132322D5261693032727454624E56655050775468684770726863222C226F726967696E223A2268747470733A2F2F6C6F63616C686F73743A38343433222C226369645F7075626B6579223A22756E75736564227D

// sha256的结果为: 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759

// --------------------------------------------

eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle

04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key

组装后的结果:

00 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

结果做sha256:

4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B

将signature拆分为r和s

3045 0221 00933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d 0220 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

0221是长度,前面的00去掉

r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d

s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

使用ecc工具验签:

Qx= 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046 // 证书里面的公钥x

Qy= 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387 // 证书里面的公钥y

Hm= 4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B // 组装后的验签数据做sha256的结果

r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d

s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。

用代码验证response结果是否正确

final String response = "{\"registrationData\":\"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV\",\"clientData\":\"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9\"}";

final String appId = "https://localhost:8443";

final String challenge = "nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc";

RegisterResponse registerResponse = RegisterResponse.fromJson(response);

final RegisterRequest registerRequest = new RegisterRequest(challenge, appId);

List registerRequestList = new ArrayList(1) {

{

add(registerRequest);

}

};

RegisterRequestData registerRequestData = new RegisterRequestData("https://localhost:8443", null, registerRequestList);

U2F u2f = new U2F();

DeviceRegistration registration = u2f.finishRegistration(registerRequestData, registerResponse);

System.out.println("-------registration------\n" + registration);

如果代码出现错误会报异常,需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"

代码输出:

---hash---

bytes=68747470733a2f2f6c6f63616c686f73743a38343433

---hash---

bytes=7b22747970223a226e6176696761746f722e69642e66696e697368456e726f6c6c6d656e74222c226368616c6c656e6765223a226e48676c6e525f447676573038426f6a5132322d5261693032727454624e56655050775468684770726863222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d

---checkSignature---

publicKey toString=EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

publicKey getFormat=X.509

signedBytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

---hash---

bytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

signedBytes sha256=4006d3fd69c519bae1ef7c6f75eca1036e87078f3bac2a9f162b0c392716598b

signature=3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315

-------registration------

DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3

SerialNumber: 33

IssuerDN: CN=Ledger FIDO Attestation CA 1

Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016

Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026

SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1

Public Key: EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

Signature Algorithm: SHA256WITHECDSA

Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e

3f6e3f72417c5968dba9407e60c46a140221008f

2aff7afeff55cf8fced7f579cfec9c87940aa544

2560c6e79f3da01aaa6a42

Extensions:

critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]

}

如何用代码解析证书内容并打印

X509Certificate certificate = CertificateParser.parseDer(ByteUtil.fromHex("3082015d 30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42"));

System.out.println("parse cer----------\n" + certificate + "\n-----------");

需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"

输出为:

parse cer----------

[0] Version: 3

SerialNumber: 33

IssuerDN: CN=Ledger FIDO Attestation CA 1

Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016

Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026

SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1

Public Key: EC Public Key

X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046

Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387

Signature Algorithm: SHA256withECDSA

Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e

3f6e3f72417c5968dba9407e60c46a140221008f

2aff7afeff55cf8fced7f579cfec9c87940aa544

2560c6e79f3da01aaa6a42

Extensions:

critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]

-----------

登录流程

LOG

Successfully authenticated!

Sign Request javascript demo

var request = {"appId":"https://localhost:8443","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","signRequests":[{"version":"U2F_V2","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","appId":"https://localhost:8443","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}]};

setTimeout(function() {

if (request.signRequests.length > 0) {

u2f.sign(

request.appId,

request.challenge,

request.signRequests,

function(data) {

if(data.errorCode) {

switch (data.errorCode) {

case 4:

alert("This device is not registered for this account.");

break;

default:

alert("U2F failed with error code: " + data.errorCode);

}

return;

} else {

document.getElementById('tokenResponse').value = JSON.stringify(data);

document.getElementById('form').submit();

}

}

);

}

}, 1000);

Sign response

{"clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoickdsNHhERVBRZzVsVmR0a3RyMm5PeWdFaDBkUDlJOVdzZEJMVzFocGp6SSIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJjaWRfcHVia2V5IjoidW51c2VkIn0","signatureData":"AQAAABMwRQIhAKpHI3mf1iCP3gb_63CxVH3M3nOPiOg3CHyHS9xc8kRxAiB6YJ0jQfmSQn1AAo7HSIDGDQ0zhI5JVyUZyQV2qlfP7A","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}

Navigation

Register

Login

登录验签过程

将signatureData进行base64Url解码:

01000000133045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

解析:

01 // user presence

00000013 // counter

3045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec // signature

验签原数据组织:

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter

// -----application parameter得到的过程---------

// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E

// ---------------------------------------------

01 // user presence

00000013 // counter

54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388 // challenge parameter

// -----challenge parameter得到的过程---------

// 将clientData进行base64Url解码为hex:

// 7b22747970223a226e6176696761746f722e69642e676574417373657274696f6e222c226368616c6c656e6765223a2272476c34784445505167356c5664746b7472326e4f79674568306450394939577364424c573168706a7a49222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d

// 将hex进行sha256:

// 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388

// --------------------------------------------

组装起来:

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 01 00000013 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388

8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E010000001354E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388

进行sha256:

BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275

注册时的user public key信息

04 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985

从signature中解析r和s

3045 0221 00aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471 0220 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

0221是长度,前面的00去掉

r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471

s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

使用ecc工具验签:

Qx= 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc // user public key x,这个数据从注册时的信息得来

Qy= faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key y

Hm= BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275 // 组装后的验签数据做sha256的结果

r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471

s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec

使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。

weixin_39922534
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值