当前位置:网站首页>X.509 certificate based on go language
X.509 certificate based on go language
2022-07-07 00:19:00 【biyezuopinvip】
Resource download address :https://download.csdn.net/download/sheziqiong/85926996
Resource download address :https://download.csdn.net/download/sheziqiong/85926996
One 、X.509 Certificate description
In cryptography ,X.509 Is the format standard of public key certificate , It has been applied in many Internet protocols .X.509 Format of public key certificate , Revocation certificate list (CRLs), The certificate verification path algorithm is specified .
One X.509 The certificate contains its version number , Certificate serial number , Signature algorithm , Issuer , Certificate subject , The period of validity , Public key , Public key and other information . The information in the certificate is used ASN.1 Encoding ,ASN.1 The data in this paper is represented by tag, length , Value . The basic structure of the certificate is RFC 5280 in 4.1 Section has the following provisions :
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING
}
( Certificate subject , Signature algorithm and signature value )
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
( Certificate subject , Include version number , Serial number , Signature algorithm identification , Signer information , The period of validity , Certificate subject , Certificate public key information , Issuer ID, The main body ID And extension segment )
Version ::= INTEGER { v1(0), v2(1), v3(2) }
( Certificate version , The value can be 0,1,2, Each represents version 1,2,3)
CertificateSerialNumber ::= INTEGER
( Certificate serial number )
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time
}
( The certificate is valid for , It consists of start and end times )
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime
}
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
( Public key information includes public key algorithm and public key data )
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
Two 、 Read X.509 certificate
Used in the submitted program Go Language writing and reading X.509 The program , Called Go Linguistic encoding/asn1 library ASN.1 Reading of encoded content and crypto/x509/pkix The library reads the issuer and certificate subject information .
In the code, according to the above X.509 The certificate structure defines the following structure for ASN.1 Read :
- CertificateData, Corresponding to Certificate:
type CertificateData struct {
TBSCertificate tbsCertificate
SignatureAlgorithm AlgorithmIdentifier
SignatureValue asn1.BitString
}
- TbsCertificate, Corresponding to TBSCertificate:
type tbsCertificate struct {
Version int `asn1:"optional,explicit,default:0,tag:0"`
SerialNumber *big.Int
Signature AlgorithmIdentifier
Issuer asn1.RawValue
Validity timeSpan
Subject asn1.RawValue
PublicKey publicKeyInfo
UniqueId asn1.BitString `asn1:"optional,tag:1"`
SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"`
Extensions []extension `asn1:"optional,explicit,tag:3"`
}
- timeSpan, Corresponding to the above structure Validity:
type timeSpan struct {
NotBefore, NotAfter time.Time
}
- publicKeyInfo, Corresponding to the above SubjectPublicKeyInfo:
type publicKeyInfo struct {
Algorithm AlgorithmIdentifier
PublicKey asn1.BitString
}
- extension, Corresponding to the above structure Extension
type extension struct {
ExtnID asn1.ObjectIdentifier
Critical bool `asn1:"default:false"`
ExtnValue []byte
}
- AlgorithmIdentifier, Corresponding to the above AlgorithmIdentifier:
type AlgorithmIdentifier struct {
Algorithm asn1.ObjectIdentifier
Parameters asn1.RawValue `asn1:"optional"`
}
3、 ... and 、 Brief description of program structure
The submitted code contains three code files :x509cert/certificate.go It is the definition of the certificate structure and the identification function of the algorithm in the certificate , And define the following certInfo The structure is convenient for other codes to obtain certificate information :
type CertInfo struct {
Version int
Serial *big.Int
Signature AlgorithmIdentifier
Issuer IssuerType
Validity timeSpan
Subject IssuerType
PublicKey publicKeyInfo
UniqueId asn1.BitString
SubjectUniqueId asn1.BitString
Extensions []extension
SignatureAlgorithm AlgorithmIdentifier
SignatureValue asn1.BitString
}
type IssuerType struct {
Country string
Province string
City string
Organization string
Unit string
}
x509cert/static.go The file contains some static data during the certificate reading process, such as the name of the algorithm and oid etc. .
main.go The file contains the main function of the program , Based on the pem Format or DER Read the file in format and print the certificate information to standard output .
Four 、 Program compilation run results
Program usage go Compile , Execute the command under the code directory go build –o x509 It can be compiled and generated and named x509 The executable of . The submitted bin The folder already contains the use go1.11.1 Compiled Windows,MacOS as well as Linux The executable under .
The use method of the program is :
./x509 [--DER] filename
If DER Options , Then the program will use DER Way to read the certificate , If not specified, the program will use PEM Way to read the certificate .
The certificate used in the test run is openssl Generate self signed root certificate , The order is as follows :
openssl req -new -x509 -days 365 -keyout rsa.key -out rsa.pem
After the command is executed, you need to enter the certificate subject information :
Using this command will use RSA The validity period of algorithm signature generation is 365 Root certificate of days , Use the certificate tool provided by the system to view the certificate information as follows :
Use the following command to generate pem Certificate to DER Certificate for testing :
openssl x509 -in rsa.pem -outform der -out rsa.crt
Generated after conversion rsa.crt Certificate file , The viewing result is the same as the original certificate .
Use the following command to generate ECDSA The certificate of the signing algorithm is used for testing :
openssl ecparam -name secp256k1 -genkey -param_enc explicit -out ecparam.pem
openssl req -new -x509 -key ecparam.pem -out ec.pem -days 365
Enter the certificate subject information to generate a certificate :
The effect of using the written program to execute under the certificate directory is shown in the figure :
- rsa.pem
./…/bin/x509-darwin-amd64 rsa.pem
The program displays the version number of the certificate , Serial number , Signature algorithm , Issuer , The main body , The period of validity , Public key information ,RSA Public key data and certificate signature , The content of the certificate displayed by the system tool is the same .
- Use DER The result of reading the certificate file is shown in the figure :
And PEM The result of certificate reading in mode is the same .
- Read ecdsa The encrypted certificate results are as follows :
The same information as when generating the certificate .
Resource download address :https://download.csdn.net/download/sheziqiong/85926996
Resource download address :https://download.csdn.net/download/sheziqiong/85926996
边栏推荐
- 2022/2/11 summary
- Designed for decision tree, the National University of Singapore and Tsinghua University jointly proposed a fast and safe federal learning system
- 【CVPR 2022】目标检测SOTA:DINO: DETR with Improved DeNoising Anchor Boxes for End-to-End Object Detection
- Building lease management system based on SSM framework
- Why should a complete knapsack be traversed in sequence? Briefly explain
- MySQL master-slave multi-source replication (3 master and 1 slave) setup and synchronization test
- 使用yum来安装PostgreSQL13.3数据库
- GPIO簡介
- 《LaTex》LaTex数学公式简介「建议收藏」
- How can computers ensure data security in the quantum era? The United States announced four alternative encryption algorithms
猜你喜欢
STM32 enters and wakes up the stop mode through the serial port
37頁數字鄉村振興智慧農業整體規劃建設方案
Testers, how to prepare test data
2022年PMP项目管理考试敏捷知识点(9)
17、 MySQL - high availability + read / write separation + gtid + semi synchronous master-slave replication cluster
Interface joint debugging test script optimization v4.0
Racher integrates LDAP to realize unified account login
After leaving a foreign company, I know what respect and compliance are
2022 PMP project management examination agile knowledge points (9)
37 page overall planning and construction plan for digital Village revitalization of smart agriculture
随机推荐
MySQL master-slave multi-source replication (3 master and 1 slave) setup and synchronization test
Three application characteristics of immersive projection in offline display
Things like random
在docker中快速使用各个版本的PostgreSQL数据库
Three sentences to briefly introduce subnet mask
MIT 6.824 - raft Student Guide
华为mate8电池价格_华为mate8换电池后充电巨慢
Tourism Management System Based on jsp+servlet+mysql framework [source code + database + report]
谷歌百度雅虎都是中国公司开发的通用搜索引擎_百度搜索引擎url
2022 PMP project management examination agile knowledge points (9)
Compile logisim
2021 SASE integration strategic roadmap (I)
沉浸式投影在线下展示中的三大应用特点
[boutique] Pinia Persistence Based on the plug-in Pinia plugin persist
PXE server configuration
什么是响应式对象?响应式对象的创建过程?
DAY ONE
SuperSocket 1.6 创建一个简易的报文长度在头部的Socket服务器
[2022 the finest in the whole network] how to test the interface test generally? Process and steps of interface test
Unity color palette | color palette | stepless color change function