证书和密钥是ssl协议中常用的两个对象,那么其中包含什么可见的内容呢?
常见的证书、PEM、CER、PFX 等,均采用ASN.1编码。我们使用openssl签发一个证书,然后使用ASN.1解码工具进行解码看看:
-----BEGIN CERTIFICATE-----
MIIC7TCCAdUCCQCvKjKgPIrwNzANBgkqhkiG9w0BAQUFADAyMTAwLgYDVQQKDCdU
TFMgUHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwODEw
MDcyODI0WhcNMzUwNDE5MDcyODI0WjA/MScwJQYDVQQKDB5UTFMgUHJvamVjdCBE
ZXZpY2UgQ2VydGlmaWNhdGUxFDASBgNVBAMMCzEwLjEuMTAuMjMzMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jf4bpYmY/fK9L+kTMt/I4LhH00zGWZN
A+sDYIjAqHXwAdypBeTtEoy9iKI1jn0Ga8VvWNUSQHq+rdwsl6cs3fjKxYF1H6IH
qWI09Hi2WvXl6Uh15SLOxx5EVNY3pn15T5VlCHvGuOMSSaRKpoDzBbk2hx9Y4Lzi
khhjz9k8m0izt2tScV9YHCpmP7Neszpx1Ftr8q8lKi4FdFZ0bx/s3lKGbHr5lBiV
s3iJAvD/FRjR7L80ToFI8zu0zSg0HYpujMQ/xQtqKhe1R+Wx2FbVosYoD1aLzEFN
A3FRwkAoIS29sXdz9w2hvTkfcr0ynYmHB3S1lZv1PPGD0zq0EyY44wIDAQABMA0G
CSqGSIb3DQEBBQUAA4IBAQA/rnHtCk+ijRMB/calaNfgwBCYIRSmiVAoO8XTvkr6
qTr46KqVG2JhWhqX/NNAg85HonbLB6yp5hy3VyBt3sJICzva57mqRVhEBVJiFRMJ
15oRg3uPTDTr8FPMUTSlQ26MATXrKr0fjjVQLiuZZ7FqsbDLwvDKy8hLSr2x/l5L
bdWrMlNyBpW8l2litpuqzwucvp/Pm67gCG9QJHkgxh6drcW4c16Alad/6AUnsu79
2+WtbNDIr/zSF693VjgRVhD9D8u835QQ9tM6EepKlorjT7RRVY9nF2/JDbdlWA0o
B0J/T283bg+aWeNSRdkUlJnDPc7plA7esdR7ixoQUrEt
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1jf4bpYmY/fK9L+kTMt/I4LhH00zGWZNA+sDYIjAqHXwAdyp
BeTtEoy9iKI1jn0Ga8VvWNUSQHq+rdwsl6cs3fjKxYF1H6IHqWI09Hi2WvXl6Uh1
5SLOxx5EVNY3pn15T5VlCHvGuOMSSaRKpoDzBbk2hx9Y4Lzikhhjz9k8m0izt2tS
cV9YHCpmP7Neszpx1Ftr8q8lKi4FdFZ0bx/s3lKGbHr5lBiVs3iJAvD/FRjR7L80
ToFI8zu0zSg0HYpujMQ/xQtqKhe1R+Wx2FbVosYoD1aLzEFNA3FRwkAoIS29sXdz
9w2hvTkfcr0ynYmHB3S1lZv1PPGD0zq0EyY44wIDAQABAoIBAQDVsuwwVbVikLV0
xyE+QttIL64orbjGI9m8iNvLl2CqLU0KbnhnGuKtWJ1TCo5m4K5hIIpdkeEtVcWW
Z0hM2UbXAPQ3Z1fSAK+n+AJfx3QS9a8vs0t5E+o3lSgRgcnuWsmD7MLnXaL2mf+K
W0zlIUpOcV/GGC1vtL5Jg+8+T7Y4KNAgrToDZUDfj9VsBA3s+X/5wtVkQhOdj7Ls
EgLHMAJ7J5rRYXq8/pk+4trsoqCvcjANBagGIlEcJyCHGTsonq9FooAma5KUFTSn
FpowlOPK0hy9rMo0KRviRkMrf5WYjOBVCwFnlIBKuhgjQ0+6vZt4sMR75YvkF40n
54KPkG+hAoGBAPyFgFw6Dtsio+I2hECQLNBogXqKWitL+QxvWK9hP/B4yT/GoOgc
1kY6lWT3Wd5afn8gklO8DDiZKAtDQnUG2SvrzSTTCUU883rwEaX80yY96neWG4n8
FoCXMR0xtA0BV+2BHY3Llx2xGsnlMz8bn0FD4yfyQBXmzHmew05FPURJAoGBANkr
ZZU00a5xPbIbxRzFLkSdT6jofpuwcWnW2lxaDjdCs7DaajZPhnNJgcwn2wVPm2n5
RQBqUfNvws70w/H4Pp/8Q65sG8e/+pHlkkX8NMhSiHmNjAPuhjjNwj1gOYcQUcPO
ylkf022E/IvVrwdmI8sNiPcp0tT4G48bCQk5snvLAoGAfxZVNpVFmsXBQvz67F9j
HnQqDdkJblbq/XYgZQuFmWnApyc5Hfg9YtTjERBnmz9iAGsNGbU/VVDHVXvBO5J5
w+AFu622MbFuPIYL68TlI47vrMXQEE7dqFPvNOkp2428idx8WjuHTzst50RB2VX2
fWtELHuAA0XHzMG5O3AfWHkCgYB/khCQP4DU+kyFre5yYho10DsVO83z4wgcZkvL
aFNlftdTklpGIR0X6BxJMzhjvEnNTNKN1ebiG8rSC9J2957CGEwhz/vZsRqeTb9J
QUg4TNNCpDWVsa5C/AuYRkhE4P9HCNiw1hM7CJ3Z/uJcdFGeXAsTNgxVcpGt1PHP
64a/VQKBgAJ5PZ8lMF5buaMyyAJAnJiLK3Qh/A31TSczXgbn1sK8AtD0f3XpXh4e
wvgQyBFeiBwl8ZE6m06TmAQuL/t67pZ55mS2sL1cyGKzp3UGB4MtmQVeyYRGx5rL
bhvwTGr8fIj3AXOC2cjjikzlEOZjeb75tCfEfCyPTUCb1v8oze3E
-----END RSA PRIVATE KEY-----
1、证书解码
使用openssl工具对证书进行asn1解码,可以看到,显示了签发证书的一些信息。包括证书签发机构、签发时间、过期时间、CommonName、算法等信息。
openssl asn1parse -in client.crt
0:d=0 hl=4 l= 749 cons: SEQUENCE
4:d=1 hl=4 l= 469 cons: SEQUENCE
8:d=2 hl=2 l= 9 prim: INTEGER :AF2A32A03C8AF037
19:d=2 hl=2 l= 13 cons: SEQUENCE
21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
32:d=3 hl=2 l= 0 prim: NULL
34:d=2 hl=2 l= 50 cons: SEQUENCE
36:d=3 hl=2 l= 48 cons: SET
38:d=4 hl=2 l= 46 cons: SEQUENCE
40:d=5 hl=2 l= 3 prim: OBJECT :organizationName
45:d=5 hl=2 l= 39 prim: UTF8STRING :TLS Project Dodgy Certificate Authority
86:d=2 hl=2 l= 30 cons: SEQUENCE
88:d=3 hl=2 l= 13 prim: UTCTIME :210810072824Z
103:d=3 hl=2 l= 13 prim: UTCTIME :350419072824Z
118:d=2 hl=2 l= 63 cons: SEQUENCE
120:d=3 hl=2 l= 39 cons: SET
122:d=4 hl=2 l= 37 cons: SEQUENCE
124:d=5 hl=2 l= 3 prim: OBJECT :organizationName
129:d=5 hl=2 l= 30 prim: UTF8STRING :TLS Project Device Certificate
161:d=3 hl=2 l= 20 cons: SET
163:d=4 hl=2 l= 18 cons: SEQUENCE
165:d=5 hl=2 l= 3 prim: OBJECT :commonName
170:d=5 hl=2 l= 11 prim: UTF8STRING :10.1.10.233
183:d=2 hl=4 l= 290 cons: SEQUENCE
187:d=3 hl=2 l= 13 cons: SEQUENCE
189:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
200:d=4 hl=2 l= 0 prim: NULL
202:d=3 hl=4 l= 271 prim: BIT STRING
477:d=1 hl=2 l= 13 cons: SEQUENCE
479:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
490:d=2 hl=2 l= 0 prim: NULL
492:d=1 hl=4 l= 257 prim: BIT STRING
2、私钥解码
modules参数表示模数,模数的位数指的就是私钥的位数,此处为RSA 2048位
openssl rsa -in client.key -text -noout
RSA Private-Key: (2048 bit, 2 primes)
modulus:
00:d6:37:f8:6e:96:26:63:f7:ca:f4:bf:a4:4c:cb:
7f:23:82:e1:1f:4d:33:19:66:4d:03:eb:03:60:88:
c0:a8:75:f0:01:dc:a9:05:e4:ed:12:8c:bd:88:a2:
35:8e:7d:06:6b:c5:6f:58:d5:12:40:7a:be:ad:dc:
2c:97:a7:2c:dd:f8:ca:c5:81:75:1f:a2:07:a9:62:
34:f4:78:b6:5a:f5:e5:e9:48:75:e5:22:ce:c7:1e:
44:54:d6:37:a6:7d:79:4f:95:65:08:7b:c6:b8:e3:
12:49:a4:4a:a6:80:f3:05:b9:36:87:1f:58:e0:bc:
e2:92:18:63:cf:d9:3c:9b:48:b3:b7:6b:52:71:5f:
58:1c:2a:66:3f:b3:5e:b3:3a:71:d4:5b:6b:f2:af:
25:2a:2e:05:74:56:74:6f:1f:ec:de:52:86:6c:7a:
f9:94:18:95:b3:78:89:02:f0:ff:15:18:d1:ec:bf:
34:4e:81:48:f3:3b:b4:cd:28:34:1d:8a:6e:8c:c4:
3f:c5:0b:6a:2a:17:b5:47:e5:b1:d8:56:d5:a2:c6:
28:0f:56:8b:cc:41:4d:03:71:51:c2:40:28:21:2d:
bd:b1:77:73:f7:0d:a1:bd:39:1f:72:bd:32:9d:89:
87:07:74:b5:95:9b:f5:3c:f1:83:d3:3a:b4:13:26:
38:e3
publicExponent: 65537 (0x10001)
privateExponent:
00:d5:b2:ec:30:55:b5:62:90:b5:74:c7:21:3e:42:
db:48:2f:ae:28:ad:b8:c6:23:d9:bc:88:db:cb:97:
60:aa:2d:4d:0a:6e:78:67:1a:e2:ad:58:9d:53:0a:
8e:66:e0:ae:61:20:8a:5d:91:e1:2d:55:c5:96:67:
48:4c:d9:46:d7:00:f4:37:67:57:d2:00:af:a7:f8:
02:5f:c7:74:12:f5:af:2f:b3:4b:79:13:ea:37:95:
28:11:81:c9:ee:5a:c9:83:ec:c2:e7:5d:a2:f6:99:
ff:8a:5b:4c:e5:21:4a:4e:71:5f:c6:18:2d:6f:b4:
be:49:83:ef:3e:4f:b6:38:28:d0:20:ad:3a:03:65:
40:df:8f:d5:6c:04:0d:ec:f9:7f:f9:c2:d5:64:42:
13:9d:8f:b2:ec:12:02:c7:30:02:7b:27:9a:d1:61:
7a:bc:fe:99:3e:e2:da:ec:a2:a0:af:72:30:0d:05:
a8:06:22:51:1c:27:20:87:19:3b:28:9e:af:45:a2:
80:26:6b:92:94:15:34:a7:16:9a:30:94:e3:ca:d2:
1c:bd:ac:ca:34:29:1b:e2:46:43:2b:7f:95:98:8c:
e0:55:0b:01:67:94:80:4a:ba:18:23:43:4f:ba:bd:
9b:78:b0:c4:7b:e5:8b:e4:17:8d:27:e7:82:8f:90:
6f:a1
prime1:
00:fc:85:80:5c:3a:0e:db:22:a3:e2:36:84:40:90:
2c:d0:68:81:7a:8a:5a:2b:4b:f9:0c:6f:58:af:61:
3f:f0:78:c9:3f:c6:a0:e8:1c:d6:46:3a:95:64:f7:
59:de:5a:7e:7f:20:92:53:bc:0c:38:99:28:0b:43:
42:75:06:d9:2b:eb:cd:24:d3:09:45:3c:f3:7a:f0:
11:a5:fc:d3:26:3d:ea:77:96:1b:89:fc:16:80:97:
31:1d:31:b4:0d:01:57:ed:81:1d:8d:cb:97:1d:b1:
1a:c9:e5:33:3f:1b:9f:41:43:e3:27:f2:40:15:e6:
cc:79:9e:c3:4e:45:3d:44:49
prime2:
00:d9:2b:65:95:34:d1:ae:71:3d:b2:1b:c5:1c:c5:
2e:44:9d:4f:a8:e8:7e:9b:b0:71:69:d6:da:5c:5a:
0e:37:42:b3:b0:da:6a:36:4f:86:73:49:81:cc:27:
db:05:4f:9b:69:f9:45:00:6a:51:f3:6f:c2:ce:f4:
c3:f1:f8:3e:9f:fc:43:ae:6c:1b:c7:bf:fa:91:e5:
92:45:fc:34:c8:52:88:79:8d:8c:03:ee:86:38:cd:
c2:3d:60:39:87:10:51:c3:ce:ca:59:1f:d3:6d:84:
fc:8b:d5:af:07:66:23:cb:0d:88:f7:29:d2:d4:f8:
1b:8f:1b:09:09:39:b2:7b:cb
exponent1:
7f:16:55:36:95:45:9a:c5:c1:42:fc:fa:ec:5f:63:
1e:74:2a:0d:d9:09:6e:56:ea:fd:76:20:65:0b:85:
99:69:c0:a7:27:39:1d:f8:3d:62:d4:e3:11:10:67:
9b:3f:62:00:6b:0d:19:b5:3f:55:50:c7:55:7b:c1:
3b:92:79:c3:e0:05:bb:ad:b6:31:b1:6e:3c:86:0b:
eb:c4:e5:23:8e:ef:ac:c5:d0:10:4e:dd:a8:53:ef:
34:e9:29:db:8d:bc:89:dc:7c:5a:3b:87:4f:3b:2d:
e7:44:41:d9:55:f6:7d:6b:44:2c:7b:80:03:45:c7:
cc:c1:b9:3b:70:1f:58:79
exponent2:
7f:92:10:90:3f:80:d4:fa:4c:85:ad:ee:72:62:1a:
35:d0:3b:15:3b:cd:f3:e3:08:1c:66:4b:cb:68:53:
65:7e:d7:53:92:5a:46:21:1d:17:e8:1c:49:33:38:
63:bc:49:cd:4c:d2:8d:d5:e6:e2:1b:ca:d2:0b:d2:
76:f7:9e:c2:18:4c:21:cf:fb:d9:b1:1a:9e:4d:bf:
49:41:48:38:4c:d3:42:a4:35:95:b1:ae:42:fc:0b:
98:46:48:44:e0:ff:47:08:d8:b0:d6:13:3b:08:9d:
d9:fe:e2:5c:74:51:9e:5c:0b:13:36:0c:55:72:91:
ad:d4:f1:cf:eb:86:bf:55
coefficient:
02:79:3d:9f:25:30:5e:5b:b9:a3:32:c8:02:40:9c:
98:8b:2b:74:21:fc:0d:f5:4d:27:33:5e:06:e7:d6:
c2:bc:02:d0:f4:7f:75:e9:5e:1e:1e:c2:f8:10:c8:
11:5e:88:1c:25:f1:91:3a:9b:4e:93:98:04:2e:2f:
fb:7a:ee:96:79:e6:64:b6:b0:bd:5c:c8:62:b3:a7:
75:06:07:83:2d:99:05:5e:c9:84:46:c7:9a:cb:6e:
1b:f0:4c:6a:fc:7c:88:f7:01:73:82:d9:c8:e3:8a:
4c:e5:10:e6:63:79:be:f9:b4:27:c4:7c:2c:8f:4d:
40:9b:d6:ff:28:cd:ed:c4