为什么Symantec CSR检查器认为我的CSR在AlgorithmIdentifier中缺少NULL值? RFC3279(Why does the Symantec CSR checker think my CSR is missing a NULL value in AlgorithmIdentifier? RFC3279)

6 IT屋

For a number of unpleasant reasons, I have been attempting to build my own Certificate Signing Request manually using the bouncycastle API.

Ostensibly I chose to do this because I needed the pre-signed version of the CSR in order to generate the sha256withRSA signature using a key that is stored in an HSM, encrypted under an LMK, and therefore not immediately available at the point of CSR creation.

Anyway, that's sort of incidental at this point.

I have managed to create a CSR structure by comparing with other CSRs generated using openSSL, add the required information to it, send it off to the HSM to generate a signature using the private key, get that signature back and then append it to the CSR.

I've then stuck my generated certificate into a few CSR checkers, notably the Symantec one as this is, I believe, our CA who will have to sign this.

The symantec CSR checker confidently informs me that:

The CSR is missing a NULL value in its AlgorithmIdentifier parameter

Hmm. Ok.

It then gives an example of what a good one would look like:

An example of a good AlgorithmIdentifier parameter in a CSR

Here's the bit of code where I added this particular NULL value to the AlgorithmIdentifier object:

    ASN1EncodableVector topLevelPublicKeySequenceVector = new ASN1EncodableVector();
    ASN1EncodableVector publicKeySequenceVector = new ASN1EncodableVector();
    AlgorithmIdentifier rsaEncryptionOid = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);      

    ASN1Integer pkModulus = new ASN1Integer(publicKey.getModulus());
    ASN1Integer pkExponent = new ASN1Integer(publicKey.getPublicExponent());
    publicKeySequenceVector.add(pkModulus);
    publicKeySequenceVector.add(pkExponent);
    DERSequence publicKeySequence = new DERSequence(publicKeySequenceVector);
    DERBitString publicKeyBitString = null;
    try {
        publicKeyBitString = new DERBitString(publicKeySequence);
    } catch (IOException e1) {
        e1.printStackTrace();
    }

    topLevelPublicKeySequenceVector.add(rsaEncryptionOid);
    topLevelPublicKeySequenceVector.add(publicKeyBitString);

    DERSequence topLevelPublicKeySequence = new DERSequence(topLevelPublicKeySequenceVector);

So, if I take my CSR and pop it into an ASN.1 decoder, to take a look at this AlgorithmIdentifier parameter and verify that it is indeed missing this NULL value, I get the following output (complete with spurious values for the benefit of StackOverflow), which shows that my NULL value appears to be right there, where I'd expect it to be:

SEQUENCE(3 elem)
   SEQUENCE(3 elem)
   INTEGER 0
   SEQUENCE(7 elem)
      SET(1 elem)
         SEQUENCE(2 elem)
            OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
            PrintableString GB
      SET(1 elem)
         SEQUENCE(2 elem)
            OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
            UTF8String Sol
      SET(1 elem)
         SEQUENCE(2 elem)
            OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
            UTF8String Earth
      SET(1 elem)
         SEQUENCE(2 elem)
            OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
            UTF8String Stackoverflow
      SET(1 elem)
         SEQUENCE(2 elem)
            OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
            UTF8String Stackoverflow
      SET(1 elem)
         SEQUENCE(2 elem)
            OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
            UTF8String common.name.for.stackoverflow
      SET(1 elem)
         SEQUENCE(2 elem)
         OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9)
         IA5String duff.value@forstackoverflow.com
   SEQUENCE(2 elem)
      SEQUENCE(2 elem)
         OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
         NULL
      BIT STRING(1 elem)
         SEQUENCE(2 elem)
            INTEGER(2048 bit) 231457529965blahblahetc
            INTEGER65537
   SEQUENCE(2 elem)
      OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
      NULL
   BIT STRING(2048 bit) 1011010etc etc...

So, with apologies for the slightly circuitous way I've described this, does anyone have even the foggiest idea why my CSR would fail validation for a missing field that is, it would appear, not actually missing?

EDIT: Here is the actual request (or at least, one I've generated with nonsense values that shares the same symptom, for the purposes of this question)

-----BEGIN CERTIFICATE REQUEST-----
MIIC6zCCAdMCAQAwgaUxCzAJBgNVBAYTAkdCMQwwCgYDVQQIDANTb2wxDjAMBgNV
BAcMBUVhcnRoMRYwFAYDVQQKDA1TdGFja292ZXJmbG93MRYwFAYDVQQLDA1TdGFj
a292ZXJmbG93MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20xLjAsBgkqhkiG9w0B
CQEWH2R1ZmYudmFsdWVAZm9yc3RhY2tvdmVyZmxvdy5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDrH2qNz5wtTc9jFQPoTfdk1Mf9N1LGXrqyV5sA
1w9Y4BGGJNm3yW0KUPLxyHhSJLWzHqdKzcLwlocSJvYVrMmBG9agOnHhX1aQLrnr
ruEAP7aN/gHW9isQLk6/MJPt8TkIby6azR0qq4VYR/+6dRCv7PhVvGBMxWjdQbEa
UxJAyq3eVMNBMdDdrOIMLrvxF3xcido4O9qWtdXFQwUgXoUGJG0sY3tXpwE5jB7A
1MWayfbSXj2NATU9fqHhwEoPwBm4yw65Hg+VDHWABCR/qYmLQKrVThF9UE4RUy5I
+DMRoTOUX3YRqZkg3aaCfe/LtuoHhfsCSZwxak2GZ1TI8vWBAgMBAAGgADANBgkq
hkiG9w0BAQsFAAOCAQEAoqTYzypOlLKSrF4+5jKqbRgC+9JBUhYKmQcAIaDzmDNf
0ZHwxG4iGeCS5pj60MKpv6gxUZcLhwgcm717XZrMMR4dD9yILyJsFp7C8MnOgYpB
C/VzSBwH8FvmnVsSmOcAR8IcvXLW2BpTgH6tSiFsU+xlpUWUUceFL97xZAiM93cZ
tdsH6KbKo/YvCbKhGkX311S+oTPk1oSvu5znRXBl2iyk3wbFiC9blARIcfYlhGPH
gL/ic+7+Mn5qmOY8w39Y42aP/G4ISG8h52Q1pbxH7B/I++sK73yTwRZCf1tprMP6
27j3Bpr72VY1Egge97rrb8KcL+K+A84/74Ad7NNywQ==
-----END CERTIFICATE REQUEST-----
解决方案

The error message is completely wrong. It should say that PKCS#10 request signature validation failed :)

Details of your PKCS#10 request in xca

Try to generate PKCS#10 request using openssl/xca/certreq and change the value of signature algorithm oid to something else.

由于许多不愉快的原因,我一直试图使用bouncycastle API手动建立自己的证书签名请求。



表面上,我选择这样做是因为我需要使用CSR的预签名版本,以便使用存储在HSM中的密钥生成sha256withRSA签名,该密钥在LMK下加密,因此在CSR创建时无法立即使用。



无论如何,这有点偶然。



我已经设法通过与使用openSSL生成的其他CSR进行比较来创建CSR结构,添加所需的信息,将其发送给HSM以使用私钥生成签名,取回该签名,然后将其附加到CSR。



I然后将我生成的证书粘贴到一些CSR检查器中,特别是Symantec(赛门铁克)检查器,因为我相信这是我们的CA,必须对此进行签名。



symantec企业社会责任检查员自信地告诉我t:




CSR在其AlgorithmIdentifier参数中缺少NULL值




嗯。好的。



然后给出一个好的例子:



 CSR中良好的AlgorithmIdentifier参数的示例



以下是我将此特定的NULL值添加到AlgorithmIdentifier对象的代码段:



  ASN1EncodableVector topLevelPublicKeySequenceVector = new ASN1EncodableVector(); 
ASN1EncodableVector publicKeySequenceVector = new ASN1EncodableVector();
AlgorithmIdentifier rsaEncryptionOid =新的AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption,DERNull.INSTANCE);

ASN1Integer pkModulus =新的ASN1Integer(publicKey.getModulus());
ASN1Integer pkExponent =新的ASN1Integer(publicKey.getPublicExponent());
publicKeySequenceVector.add(pkModulus);
publicKeySequenceVector.add(pkExponent);
DERSequence publicKeySequence =新的DERSequence(publicKeySequenceVector);
DERBitString publicKeyBitString = null;
try {
publicKeyBitString = new DERBitString(publicKeySequence);
} catch(IOException e1){
e1.printStackTrace();
}

topLevelPublicKeySequenceVector.add(rsaEncryptionOid);
topLevelPublicKeySequenceVector.add(publicKeyBitString);

DERSequence topLevelPublicKeySequence =新的DERSequence(topLevelPublicKeySequenceVector);


因此,如果我将我的CSR并放入ASN.1解码器中,在这个AlgorithmIdentifier参数处,并验证它确实缺少此NULL值,我得到以下输出(为了使StackOverflow受益,使用了虚假值完成),这表明我的NULL值似乎就在那里,在我期望的位置会是:



  SEQUENCE(3个元素)
SEQUENCE(3个元素)
整数0
SEQUENCE(7个元素)
SET(1个元素)
SEQUENCE(2个元素)
对象标识符2.5.4.6 countryName(X.520 DN组件)
PrintableString GB
SET(1个elem)
SEQUENCE(2个elem)
对象标识符2.5.4.8 stateOrProvinceName(X.520 DN组件)
UTF8String Sol
SET(1个elem)
SEQUENCE(2个元素)
对象标识符2.5.4.7 localityName(X.520 DN组件)
UTF8String Earth
SE T(1个元素)
序列(2个元素)
对象标识符2.5.4.10 OrganizationName(X.520 DN组件)
UTF8String Stackoverflow
SET(1个元素)
SEQUENCE(2个元素)
对象标识符2.5.4.11 OrganizationalUnitName(X.520 DN组件)
UTF8String Stackoverflow
SET(1个元素)
SEQUENCE(2个元素)
对象标识符2.5.4.3 commonName(X.520 DN组件)
UTF8String common.name.for.stackoverflow
SET(1 elem)
SEQUENCE(2 elem)
对象标识符1.2 .840.113549.1.9.1 emailAddress(PKCS#9)
IA5String duff.value@forstackoverflow.com
SEQUENCE(2 elem)
SEQUENCE(2 elem)
对象标识符1.2。 840.113549.1.1.1 rsaEncryption(PKCS#1)

BIT STRING(1个elem)
SEQUENCE(2个elem)
INTEGER(2048位)231457529965blahblahetc
INTEGER65537
序列(2个元素)
对象标识符1.2.840.113549.1.1.11 sha256WithRSAEncryption(PKCS#1)

位字符串(2048位)1011010等...


因此,对于我所描述的略带circuit回的方式表示歉意,没有人有最雾的想法为什么我的CSR无法通过缺少字段的验证,即会出现,但实际上并未丢失?



编辑:
这是实际请求(或位于至少,出于这个问题的目的,我生成了一个带有相同症状的废话值)



 - --BEGIN CERTIFICATE REQUEST ----- 
MIIC6zCCAdMCAQAwgaUxCzAJBgNVBAYTAkdCMQwwCgYDVQQIDANTb2wxDjAMBgNV
BAcMBUVhcnRoMRYwFAYDVQQKDA1TdGFja292ZXJmbG93MRYwFAYDVQQLDA1TdGFj
a292ZXJmbG93MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20xLjAsBgkqhkiG9w0B
CQEWH2R1ZmYudmFsdWVAZm9yc3RhY2tvdmVyZmxvdy5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDrH2qNz5wt Tc9jFQPoTfdk1Mf9N1LGXrqyV5sA
1w9Y4BGGJNm3yW0KUPLxyHhSJLWzHqdKzcLwlocSJvYVrMmBG9agOnHhX1aQLrnr
ruEAP7aN / gHW9isQLk6 / MJPt8TkIby6azR0qq4VYR / + 6dRCv7PhVvGBMxWjdQbEa
UxJAyq3eVMNBMdDdrOIMLrvxF3xcido4O9qWtdXFQwUgXoUGJG0sY3tXpwE5jB7A
1MWayfbSXj2NATU9fqHhwEoPwBm4yw65Hg + VDHWABCR / qYmLQKrVThF9UE4RUy5I
+ DMRoTOUX3YRqZkg3aaCfe / LtuoHhfsCSZwxak2GZ1TI8vWBAgMBAAGgADANBgkq
hkiG9w0BAQsFAAOCAQEAoqTYzypOlLKSrF4 + 5jKqbRgC + 9JBUhYKmQcAIaDzmDNf
0ZHwxG4iGeCS5pj60MKpv6gxUZcLhwgcm717XZrMMR4dD9yILyJsFp7C8MnOgYpB
C / VzSBwH8FvmnVsSmOcAR8IcvXLW2BpTgH6tSiFsU + xlpUWUUceFL97xZAiM93cZ
tdsH6KbKo / YvCbKhGkX311S + oTPk1oSvu5znRXBl2iyk3wbFiC9blARIcfYlhGPH
GL / IC + 7 + Mn5qmOY8w39Y42aP / G4ISG8h52Q1pbxH7B / I ++ sK73yTwRZCf1tprMP6
27j3Bpr72VY1Egge97rrb8KcL + K + A84 / 74Ad7NNywQ ==
-----结束证书请求-----

解决方案

该错误消息是完全错误的。应该说PKCS#10请求签名验证失败:)



您在xca中的PKCS#10请求的详细信息



尝试使用 openssl / certreq 并将签名算法oid的值更改为其他值


本文地址:IT屋 » 为什么Symantec CSR检查器认为我的CSR在AlgorithmIdentifier中缺少NULL值? RFC3279