如何从证书获取签名算法? [英] How to get the signature algorithm out of a certificate?
本文介绍了如何从证书获取签名算法?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我要使用PHP函数,您可以这样做,请尝试:
私人函数GetCertSignatureAlgorithm($ certSignatureBinary,$ pubKeyResourceId)
{
if(false === openssl_public_decrypt certSignatureBinary,$ sigString,$ pubKeyResourceId))
{
return false;
}
if(empty($ sigString)||
strlen($ sigString)< 5)
{
return false;
}
if(ord($ sigString [0])!== 0x30 ||
ord($ sigString [2])!== 0x30 ||
ord($ sigString [4])!== 0x06)
{
return false;
}
$ sigString = substr($ sigString,4);
$ len = ord($ sigString [1]);
$ bytes = 0;
if($ len& 0x80)
{
$ bytes =($ len& 0x7f);
$ len = 0;
for($ i = 0; $ i <$ bytes; $ i ++)
{
$ len =($ len << 8)| ord($ sigString [$ i + 2]);
}
}
$ oidData = substr($ sigString,2 + $ bytes,$ len);
$ hashOid = floor(ord($ oidData [0])/ 40)。 '。'。 ord($ oidData [0])%40;
$ value = 0;
for($ i = 1; $ i {
$ value = $ value< 7;
$ value = $ value | (ord($ oidData [$ i])& 0x7f);
if(!(ord($ oidData [$ i])& 0x80))
{
$ hashOid。='。'。 $ value;
$ value = 0;
}
}
//www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml
/ /www.php.net/manual/en/openssl.signature-algos.php
switch($ hashOid)
{
case'1.2.840.113549.2.5':return'md5';
case'1.3.14.3.2.26':return'sha1';
case'2.16.840.1.101.3.4.2.1':return'sha256';
case'2.16.840.1.101.3.4.2.2':return'sha384';
case'2.16.840.1.101.3.4.2.3':return'sha512';
//不安全=不接受
// case'1.2.840.113549.2.2'://'md2';
// case'1.2.840.113549.2.4'://'md4';
// case'1.3.14.3.2.18'://'sha';
}
throw new Exception('CertSignatureAlgorithm not found');
}
I want to use the PHP function openssl_verify() to verify the signatures of different X.509 certificates.
I have all it needs (certificate, $data, $signature, $pub_key_id) except of the signature algorithm but which is stored in the certificate.
My simple question is: How can I extract signature algorithm from certificates?
解决方案
Look at this question, you can do it similar, try this:
private function GetCertSignatureAlgorithm($certSignatureBinary, $pubKeyResourceId)
{
if(false === openssl_public_decrypt($certSignatureBinary, $sigString, $pubKeyResourceId))
{
return false;
}
if (empty($sigString) ||
strlen($sigString) < 5)
{
return false;
}
if (ord($sigString[0]) !== 0x30 ||
ord($sigString[2]) !== 0x30 ||
ord($sigString[4]) !== 0x06)
{
return false;
}
$sigString = substr($sigString, 4);
$len = ord($sigString[1]);
$bytes = 0;
if ($len & 0x80)
{
$bytes = ($len & 0x7f);
$len = 0;
for ($i = 0; $i < $bytes; $i++)
{
$len = ($len << 8) | ord($sigString[$i + 2]);
}
}
$oidData = substr($sigString, 2 + $bytes, $len);
$hashOid = floor(ord($oidData[0]) / 40) . '.' . ord($oidData[0]) % 40;
$value = 0;
for ($i = 1; $i < strlen($oidData); $i++)
{
$value = $value << 7;
$value = $value | (ord($oidData[$i]) & 0x7f);
if (!(ord($oidData[$i]) & 0x80))
{
$hashOid .= '.' . $value;
$value = 0;
}
}
//www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xml
//www.php.net/manual/en/openssl.signature-algos.php
switch($hashOid)
{
case '1.2.840.113549.2.5': return 'md5';
case '1.3.14.3.2.26': return 'sha1';
case '2.16.840.1.101.3.4.2.1': return 'sha256';
case '2.16.840.1.101.3.4.2.2': return 'sha384';
case '2.16.840.1.101.3.4.2.3': return 'sha512';
//not secure = not accepted
//case '1.2.840.113549.2.2': //'md2';
//case '1.2.840.113549.2.4': //'md4';
//case '1.3.14.3.2.18': //'sha';
}
throw new Exception('CertSignatureAlgorithm not found');
}
这篇关于如何从证书获取签名算法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文