x509 证书中是否允许使用空格? [英] Are spaces alowed in x509 Certificates?

问题描述

有时，当用户从网络上将他们的 x509 证书剪切并传递到我们的系统中时，那里的空间会混淆.

Sometimes when users cut and past their x509 certificates into our system from the web, spaces get mixed up in in there.

假设空格不是 x509 证书中的有效字符并将其删除是否安全?

Is it safe to assume that spaces are not valid characters in x509 certificates and strip them out?

推荐答案

我假设谁在谈论 PEM 编码的证书，即带有 -----BEGIN CERTIFICATE----- 页眉和一个 -----END CERTIFICATE----- 页脚，看起来像这样:

I assume who are talking about PEM encoded certificate, i.e. a certificate with a -----BEGIN CERTIFICATE----- header and a -----END CERTIFICATE----- footer and which looks like that:

-----BEGIN CERTIFICATE-----
MIICwzCCAaugAwIBAgIKUXEyN2GLpe8......
-----END CERTIFICATE-----

在这种情况下，证书内容使用 base64 编码.由于证书是数字签名的对象，因此您不能更改任何一位，否则签名验证将失败.但是空格字符(包括制表符或换行符)不是有效的 base64 字符.如果某些空格字符已添加到证书字符串中，您可能可以安全地删除它们，因为它们不是有效字符.强大的证书解析器可能会忽略它们.请注意，通常的做法是将 PEM 编码的证书拆分为 64 列的行；证书阅读器将忽略添加的换行符.

In that case the certificate content is encoded with base64. Since a certificate is a digitally signed object you cannot change a single bit, otherwise the signature validation fails. But the space characters (including tabulations or line feed) are not valid base64 characters. If some space characters has been added to certificate string you could probably safely remove them since they are not valid characters. A robust certificate parser will probably just ignore them. Note that it is a common practice to split the PEM encoded certificate into lines of 64 columns; the certificate reader will ignore the added new-line characters.

好消息:去掉这些额外的字符后，得益于数字签名，如果证书解析成功，就说明它的完整性没问题.

The good news: after removing these additional characters, thanks to the digital signature, if the certificate is successfully parsed, it means that its integrity is ok.

这篇关于x509 证书中是否允许使用空格?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！