x.509证书签名提取 [英] x.509 Certificate Signature Extraction

问题描述

是否有更好的方法(更可靠或更标准)来编写已签名的x.509证书签名的脚本:

Is there a better (more reliable or standard) way to script the extraction of a signature of a signed x.509 certificate:

SIGNED_CERTIFICATE=/path/to/signed/x509-cert.pem
openssl x509 -in ${SIGNED_CERTIFICATE} -text -noout | tac | sed '/.*Signature Algorithm:/q' | tac

我正在寻找在bash脚本中使用的签名的十六进制转储.目前，这对我测试过的所有(但很少有)签名证书有效，但是依赖于签名是 openssl x509 中输出的最后一个东西.我也知道如何手动使用 openssl asn1parse 来提取它，但是它需要您查看输出并且很难实现自动化.

I am looking for the hexdump of the signature for use in a bash script. Currently this works on all (but few) signed certs I tested but relies on the signature being the last thing outputted in openssl x509. I also know how to manually use openssl asn1parse to extract this, but it requires you to look at the output and is harder to automate.

谢谢

推荐答案

您在追寻这样的东西吗?

Are you after something like this :

openssl x509 -in /usr/local/share/ca-certificates/TestCA.crt -text -noout -certopt ca_default -certopt no_validity -certopt no_serial -certopt no_subject -certopt no_extensions -certopt no_signame
    Signature Algorithm: sha1WithRSAEncryption
         6d:94:92:e0:e4:a4:f4:65:aa:e3:cc:1b:9f:2a:01:b0:20:cf:
         67:5a:58:cf:aa:d9:99:08:07:91:9a:0b:b6:2b:52:9d:f0:e5:
         0d:50:cb:66:8c:a6:93:21:36:11:c7:30:98:45:65:43:e1:54:
         a5:22:0bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1e:05:
         0e:e3:10:01:73:06:5b:98:f5:e8:6d:73:a5:65:8d:3d:48:b0:
         21:4a:30:9f:7c:7d:99:d0:e7:c1:cc:22:fa:c4:fc:9c:48:3f:
         ff:83:72:98:d0:33:3b:05:69:84:fd:7b:bc:b8:e6:44:96:cf:
         58:27:4c:c3:d1:9d:c1:f1:02:f8:3c:11:92:fe:fa:c1:ff:48:
         cf:a8:e9:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx:9b:b0:4f:c2:ca:
         28:5b:13:c2:1d:c9:79:7a:71:4c:9c:4a:f5:26:60:6d:75:3f:
         00:31:57:8f:00:99:ca:93:52:5d:fc:dd:71:76:1b:22:61:4b:
         5f:29:f6:77:fd:f0:e5:20:dc:fd:e1:d5:d2:05:a3:3f:96:2c:
         d9:cc:d9:87:9c:7b:16:c8:4f:2c:2e:b6:dd:bd:e5:9b:d7:97:
         c5:b0:31:19:69:a7:f8:f9:3e:b2:0b:3d:b0:13:68:a1:1d:ee:
         e3:86:60:77

为 openssl x509 提供适当的参数听起来是实现您所追求的更好的方法.所有选项都位于x509 联机帮助页

Giving the proper arguments to openssl x509 sounds a better way to achieve what you're after. All options are in the TEXT section of the x509 manpage

这篇关于x.509证书签名提取的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！