哪些数据用于计算此asn.1消息的sha256消息摘要? [英] What data is used to calculate the sha256 messagedigest of this asn.1 message?

问题描述

给出以下asn.1消息，如何计算sha256消息摘要"8798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A"?我意识到这是一些数据的32字节哈希.哪些特定数据用于计算哈希?这是tr34文件.使用openssl，只要我使用消息中相同的数据块，我就应该能够得出相同的哈希值.

Given the following asn.1 message, how is the sha256 message digest, "8798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A", calculated? I realize it is a 32 byte hash of some data. What specific data is used to calculate the hash? This is a tr34 document. Using openssl, I should be able to come up with the same hash as long as I'm using the same chunck of data from the message.

-----BEGIN TR34_Sample_UBT_KDH PEM File-----
MIIEPAYJKoZIhvcNAQcCoIIELTCCBCkCAQExDTALBglghkgBZQMEAgEwWwYJKoZI
hvcNAQcBoE4ETDBKMEExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBs
ZXMxGzAZBgNVBAMTElRSMzQgU2FtcGxlIENBIEtSRAIFNAAAAAehggHYMIIB1DCB
vQIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVFIz
NCBTYW1wbGVzMRswGQYDVQQDExJUUjM0IFNhbXBsZSBDQSBLREgXDTEwMTEwMjE3
MzMzMFoXDTEwMTIwMjE3MzMzMFowSDAWAgU0AAAACBcNMTAxMTAyMTcyODEzWjAW
AgU0AAAAChcNMTAxMTAyMTczMTQ2WjAWAgU0AAAACxcNMTAxMTAyMTczMzI1WjAN
BgkqhkiG9w0BAQsFAAOCAQEANvBqPIisvPqfjjsIUO7gmpz3tbKRiG5RDTSf5fBc
G9t9nznk6mUIgo8u0+55Y8hYdFJ5XDlGKwYNW5csmnte+JChk8VyJdHIjVbu0dA/
fpp1hw1gTRXgEv/XuFBupLoU57UQGMFtjZ77asXFFWhrE04WsdZ/Hov0PI/JpguW
FK3M6a9pwnqUU9QmNE9rFEUO5YOCFHQeq/f4fxUqkxn62e07SBoRPAM2PSmt0C4w
MTopOvwYe3JSmPsUxdmXlnhaJswZzwfCvJojuPb27hmgB5BPS/Yy3P3n8oJfMS/m
KOPQxxzVC7CO5ATipfARoLWrTyphJ14lAJ2uAGYO/zLWwzGCAdowggHWAgEBMEow
QTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEbMBkGA1UEAxMS
VFIzNCBTYW1wbGUgQ0EgS0RIAgU0AAAABjALBglghkgBZQMEAgGgZTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBgGCiqGSIb3DQEJGQMxCgQIfeocAIlOJGowLwYJ
KoZIhvcNAQkEMSIEIIeYFo5vfzEY7ehSK2M237Vs/fldtwY8tyMO8AtNZm0aMA0G
CSqGSIb3DQEBAQUABIIBAE80v8n2d8D3kBFwR7HqYM/TMltuf10kfDrB8LYMqLLp
JXOhQctjYBetCTDQ0kK75szZyaapV1cjmowsmfwejK6IrS1qtueiVsjFLmqROECz
QiqSdSZ/iPZ82Brdkwd//jD20n2XYIpdmBUhSL7XD65DPz963KcSYARf9bPkK1wK
FB9ozwsW4YeuT2Rv0QpwCBJEKspvIpKM8D8pJQHT+3cEMGurGVQtvXaG396YuOJs
qg4mLN+92YRSBY61rRrlFxX4ARwtn6a9RuHW8P+dOTYkT9t0msZByYdJrk8V2oyQ
VtM8wqN6incGM24kRrcZvoU5lsEz9brY6Uz/wvC+JB0=
-----END TR34_Sample_UBT_KDH PEM File-----

这是消息的另一种形式:

Here is another form of the message:

3082043C06092A864886F70D010702A082042D30820429020101310D300B0609608648016503040201305B06092A864886F70D010701A04E044C304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B524402053400000007A18201D8308201D43081BD020101300D06092A864886F70D01010B05003041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B4448170D3130313130323137333333305A170D3130313230323137333333305A3048301602053400000008170D3130313130323137323831335A30160205340000000A170D3130313130323137333134365A30160205340000000B170D3130313130323137333332355A300D06092A864886F70D01010B0500038201010036F06A3C88ACBCFA9F8E3B0850EEE09A9CF7B5B291886E510D349FE5F05C1BDB7D9F39E4EA6508828F2ED3EE7963C8587452795C39462B060D5B972C9A7B5EF890A193C57225D1C88D56EED1D03F7E9A75870D604D15E012FFD7B8506EA4BA14E7B51018C16D8D9EFB6AC5C515686B134E16B1D67F1E8BF43C8FC9A60B9614ADCCE9AF69C27A9453D426344F6B14450EE5838214741EABF7F87F152A9319FAD9ED3B481A113C03363D29ADD02E30313A293AFC187B725298FB14C5D99796785A26CC19CF07C2BC9A23B8F6F6EE19A007904F4BF632DCFDE7F2825F312FE628E3D0C71CD50BB08EE404E2A5F011A0B5AB4F2A61275E25009DAE00660EFF32D6C3318201DA308201D6020101304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B444802053400000006300B0609608648016503040201A065301806092A864886F70D010903310B06092A864886F70D0107013018060A2A864886F70D01091903310A04087DEA1C00894E246A302F06092A864886F70D010904312204208798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A300D06092A864886F70D0101010500048201004F34BFC9F677C0F790117047B1EA60CFD3325B6E7F5D247C3AC1F0B60CA8B2E92573A141CB636017AD0930D0D242BBE6CCD9C9A6A95757239A8C2C99FC1E8CAE88AD2D6AB6E7A256C8C52E6A913840B3422A9275267F88F67CD81ADD93077FFE30F6D27D97608A5D98152148BED70FAE433F3F7ADCA71260045FF5B3E42B5C0A141F68CF0B16E187AE4F646FD10A700812442ACA6F22928CF03F292501D3FB7704306BAB19542DBD7686DFDE98B8E26CAA0E262CDFBDD98452058EB5AD1AE51715F8011C2D9FA6BD46E1D6F0FF9D3936244FDB749AC641C98749AE4F15DA8C9056D33CC2A37A8A7706336E2446B719BE853996C133F5BAD8E94CFFC2F0BE241D

推荐答案

这是CMS-formerly-PKCS7 SignedData消息在rfc5652及pred 中定义，并带有签名.您引用的摘要(即signedattrs中的messagedigest元素)如5.4中所述，encapContentInfo中的OCTET STRING eContent值部分的摘要，如5.2中所述.

This is a CMS-formerly-PKCS7 SignedData message defined in rfc5652 et pred with signedattrs. The digest you quote, which is the messagedigest element in signedattrs, is as described in 5.4 the digest of the value part of the OCTET STRING eContent in encapContentInfo, as described in 5.2.

由于您没有显示任何开始的代码，因此这是绝对的最小值:

Since you didn't show any code to start from, here's just about the absolute minimum:

#include <stdio.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>

int main (void){
  unsigned char hash[32]; 

  // TEST CODE doesn't check or handle errors; DON'T USE FOR REAL
  BIO *in = BIO_push (BIO_new(BIO_f_base64()), BIO_new_file ("54262612.pem","r"));
  // file's PEM type not understood by PEM_read_PKCS7; rather than fixing
  PKCS7 *outer = d2i_PKCS7_bio (in, NULL); // just bypass it
  // assume signeddata with (nonomitted) content octetstring; should check
  ASN1_OCTET_STRING *cont = outer->d.sign->contents->d.data;

  // assume hash is sha256; should check digestalgs and signerinfo(s)
  EVP_Digest (cont->data, cont->length, hash, NULL, EVP_sha256(), NULL);
  for( int i = 0; i < 32; i++ ) printf ("%02x", hash[i]); putchar ('\n');
  return 0;
}

这篇关于哪些数据用于计算此asn.1消息的sha256消息摘要?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！