使用RSA签名DTLSv1.0证书验证消息的内容 [英] What to sign for DTLSv1.0 Certificate Verify Message with RSA
问题描述
我正在使用 DTLS v1.0 与服务器进行通信。我在弄清楚究竟该怎么做才能生成证书验证消息时遇到了一些麻烦。我一直在阅读 RFC ( DTLSv1.0 和 TLS1.1 (基于DTLS v1.0的)),但它们
I'm using DTLS v1.0 to communicate with a server. I'm having some trouble figuring out exactly what to do to generate the certificate verify message. I've been reading the RFCs (DTLSv1.0 and TLS1.1, which DTLS v1.0 is based on) but they're somewhat non-specific when it comes to this particular message.
我看到消息的结构如下,我知道签名类型为 RSA 。
I see the structure of the message is as below, and I know the signature type is RSA.
struct {
Signature signature;
} CertificateVerify;
签名类型在7.4.3中定义。
The Signature type is defined in 7.4.3.
CertificateVerify.signature.md5_hash
MD5(handshake_messages);
CertificateVerify.signature.sha_hash
SHA(handshake_messages);
根据我所读的内容,这似乎是一个串联 sha1 哈希和 md5 哈希中所有以前发送和接收的消息(直到此消息除外)的值然后签名 RSA 。
Based on what I've read it seems to be a concatenation of the sha1 hash and the md5 hash of all the previous messages sent and received (up to and excluding this one) and then RSA signed.
让我有些困惑的是如何将消息组装为哈希他们。
The piece that's got me a bit confused though is how to assemble the messages to hash them.
是使用每个片段还是使用重新组合的消息?另外,它使用消息的哪些部分?
Does it use each fragment piece or does it use the re-assembled messages? Also, what parts of the messages does it use?
TLS 1.1的RFC表示
The RFC for TLS 1.1 says
从客户端开始,直到不包括此消息,
包括握手消息的类型和长度字段
starting at client hello up to but not including this message, including the type and length fields of the handshake messages
但是DTLS特定部分如 message_seq , fragment_offset 和 fragment_length ,是否包含它们?
but what about the DTLS specific parts like message_seq, fragment_offset, and fragment_length, do I include them?
更新:
我曾尝试做为 DTLS 1.2 显示(表示使用所有握手字段(包括 DTLS 特定字段)将消息分段,不包括最初的客户Hello 或 Hello验证请求消息),但我仍收到错误签名。我确实认为我已经正确签名,所以我认为我将数据以不正确的方式串联在一起。
UPDATE:
I have tried doing as the RFC for DTLS 1.2 shows (meaning keeping the messages fragmented, using all the handshake fields including DTLS specific fields, and not including the initial Client Hello or Hello Verify Request messages) but I am still receiving "Bad Signature". I do believe I'm signing properly, so it's my belief that I'm concatenating the data improperly to be signed.
推荐答案
对于DTLS 1.2,已定义。阅读RFC 4347时,我的印象是RFC 6347没什么不同,它澄清了计算。
For DTLS 1.2 it is defined. And reading RFC 4347, my impression is, RFC 6347 doesn't differ, it clarifies the calculations.
RFC 6347,4.2.6。 CertificateVerify和完成的邮件
这篇关于使用RSA签名DTLSv1.0证书验证消息的内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
