openSSL验证使用自签名证书签名的RFC 3161 TimeStampResp [英] openSSL verify RFC 3161 TimeStampResp signed with self-signed certificate

问题描述

我使用openSSL从RFC 3161 TimeStampReq中生成了RFC 3161 TimeStampResp. 因此，我使用以下命令使用了自签名CA颁发的自签名CA证书和TSA证书:

I generated a RFC 3161 TimeStampResp out of a RFC 3161 TimeStampReq using openSSL. Therefore I used a self signed CA cert and a TSA cert issued by the self-signed CA using this command:

openssl ts -reply -queryfile request.tsq -signer TSAcert.pem -out response.tsr

响应已创建.

openssl ts -reply -text -in response.tsr

生成了以下输出:

状态信息:
状态:已授予.
状态说明:未指定
故障信息:未指定
TST信息:
版本:1
策略OID:tsa_policy1
哈希算法:sha256
消息数据:
0000-43 2c bb 03 28 48 42 06-c0 c8 95 ee d8 32 9d 29 C，..(HB ...... 2.)
0010-09 7c 10是68 2a 77 f6-6e 96 61 7c bf 8f e2 cd.| ..h * w.n.a | ....
序列号:0x01
时间戳记:2018年8月1日13:40:03 GMT
精度:0x01秒，0x01F4毫秒，0x64微米
订购:是
随机数:未指定
TSA:DirName:/C = stuff/ST = Some-State/L = stuff/O = stuff/CN = stuff
扩展程序:

Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified
TST info:
Version: 1
Policy OID: tsa_policy1
Hash Algorithm: sha256
Message data:
0000 - 43 2c bb 03 28 48 42 06-c0 c8 95 ee d8 32 9d 29 C,..(HB......2.)
0010 - 09 7c 10 be 68 2a 77 f6-6e 96 61 7c bf 8f e2 cd .|..h*w.n.a|....
Serial number: 0x01
Time stamp: Aug 1 13:40:03 2018 GMT
Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros
Ordering: yes
Nonce: unspecified
TSA: DirName:/C=stuff/ST=Some-State/L=stuff/O=stuff/CN=stuff
Extensions:

当我尝试使用以下命令对照TimeStampReq验证TimeStampResp时:

As I try to verify the TimeStampResp against the TimeStampReq using this command:

openssl ts -verify -queryfile request.tsq -in response.tsr -CAfile CAcert.pem -untrusted TSAcert.pem

我收到一条错误消息，指出我的CAcert是自签名的(实际上是真的)

I get a error message stating, that my CAcert is self signed (which is actually true)

验证:失败
139727615005120:错误:2F06D064:时间戳例程:ts_verify_cert:证书验证错误:../crypto/ts/ts_rsp_verify.c:182:验证错误:自签名证书

Verification: FAILED
139727615005120:error:2F06D064:time stamp routines:ts_verify_cert:certificate verify error:../crypto/ts/ts_rsp_verify.c:182:Verify error:self signed certificate

是否有任何方法可以跳过证书验证或告诉openSSL该CA可以信任?

Is there any way to skip the certificate validation or to tell openSSL that this CA can be trusted?

推荐答案

首先，这实际上不是编程或开发问题，而probalby属于超级用户，unix.SX或也许属于security.SX.

First, this isn't really a programming or development question, and probalby belongs instead on superuser, unix.SX, or maybe security.SX .

第二，如果我在所有最新发行版(1.0.0-2,1.1.0)上使用显而易见"的默认值来重构您所描述的情况(对于您省略或编辑的信息)，它都对我有用(验证没问题).我只能建议您仔细查看证书中的内容.一种明显的可能性:您是否将TSA名称(证书使用者)与CA名称相同?这会使链接失败，从而导致出现您遇到的验证错误.

Second, it works for me (verifies okay) if I reconstruct the situation you describe with 'obvious' defaults for the information you omitted or redacted, on all recent releases (1.0.0-2,1.1.0). All I can suggest is, look carefully at exactly what's in your certs. One obvious possibility: did you make the TSA name (cert Subject) the same as the CA name? That makes chaining fail, resulting in the type of verify error you got.

第三，openssl ts -verify除了正常的验证序列外没有其他选择.但是成功的TimeStampResp只是一个包含简单标头的SEQUENCE(包含INTEGER 0的子SEQUENCE)和作为时间戳记令牌的CMS SignedData.您可以提取CMS SignedData部分-使用openssl asn1parse -inform d手动找到其偏移量(通常为9)，然后添加-strparse 9 -out signedtst或只是诸如tail -c +10 <tsresp >signedtst (添加)之类的简单内容，或者我以前以某种方式错过的选项:openssl ts -reply -in response -token_out -out signedtst-然后使用

Third, there is no option in openssl ts -verify to do other than the normal verification sequence. But a successful TimeStampResp is just a SEQUENCE containing a simple header (a sub-SEQUENCE containing INTEGER 0) and a CMS SignedData which is the Timestamp Token. You can extract the CMS SignedData part -- manually with openssl asn1parse -inform d to find its offset which is usually 9 and then adding -strparse 9 -out signedtst or just something simple like tail -c +10 <tsresp >signedtst (added) or more easily with an option I somehow missed before: openssl ts -reply -in response -token_out -out signedtst -- then use

 openssl cms -verify -noverify -certfile signercert -inform der -in signedtst -binary -out tstinfo

(是-verify -noverify！)来验证证书(即TSA)对签名数据的签名，但不验证证书本身(针对以信任库结尾的链，所需的ExtKeyUsage以及OpenSSL的-purpose timestampsign也限制了KeyUsage，尽管我在标准中没有看到它)，还提取了签名的正文，然后可以使用

(yes -verify -noverify!) to verify the signature on the signed data by the cert (i.e. by the TSA) but not verify the cert itself (against a chain ending in the truststore, and the required ExtKeyUsage, plus OpenSSL's -purpose timestampsign also constrains KeyUsage although I don't see this in the standard) and also extract the signed body which you can then manually parse with

openssl asn1parse -inform der -in tstinfo [-i]

尽管这不如为您标记和格式化它方便.

although that's not as convenient as having it labelled and formatted for you.

添加:1.1.0中有一些我显然错过的选项；参见 https://stackoverflow.com/a/52134401/2868801

ADDED: There are some added options in 1.1.0 that I apparently missed; see https://stackoverflow.com/a/52134401/2868801

这篇关于openSSL验证使用自签名证书签名的RFC 3161 TimeStampResp的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！