X509證書結構

原創

2020-05-26 10:38

package java.security.cert 包下的X509Certificate.java 是X.509證書的抽象類。這提供了一個標準訪問X.509證書所有屬性的方法。

使用ASN.1語言描述，我們可以將X509Certificate抽象爲以下結構：

 Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signature            BIT STRING  }

即基本證書域、簽名算法、簽名值。

其中TBSCertificate的結構爲：

  TBSCertificate  ::=  SEQUENCE  {
      version         [0]  EXPLICIT Version DEFAULT v1,
      serialNumber         CertificateSerialNumber,
      signature            AlgorithmIdentifier,
      issuer               Name,
      validity             Validity,
      subject              Name,
      subjectPublicKeyInfo SubjectPublicKeyInfo,
      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      extensions      [3]  EXPLICIT Extensions OPTIONAL
                           -- If present, version must be v3
      }

即版本、序列號、簽名算法、頒發者、有效期、使用者、主體公鑰信息、擴展項。

主體公鑰信息：

  SubjectPublicKeyInfo ::= SEQUENCE {
    algorithm AlgorithmIdentifier,
    subjectPublicKey BIT STRING }

算法標識符：

  AlgorithmIdentifier ::= SEQUENCE {
    algorithm OBJECT IDENTIFIER,
    parameters ANY DEFINED BY algorithm OPTIONAL }

package java.security包下Key.java的一段註釋：

* The Key interface is the top-level interface for all keys. It
* defines the functionality shared by all key objects. All keys
* have three characteristics:
*
* <UL>
*
* <LI>An Algorithm
*
* <P>This is the key algorithm for that key. The key algorithm is usually
* an encryption or asymmetric operation algorithm (such as DSA or
* RSA), which will work with those algorithms and with related
* algorithms (such as MD5 with RSA, SHA-1 with RSA, Raw DSA, etc.)
* The name of the algorithm of a key is obtained using the
* {@link #getAlgorithm() getAlgorithm} method.

可知祕鑰具有的三個特徵，其一爲Algorithm，通過getAlgorithm()獲取。所以獲取祕鑰算法的方法爲cert.getAlgorithm()；

另一常用方法：獲取簽名算法

/**
     * Gets the signature algorithm name for the certificate
     * signature algorithm. An example is the string "SHA256withRSA".
     * The ASN.1 definition for this is:
     * <pre>
     * signatureAlgorithm   AlgorithmIdentifier
     *
     * AlgorithmIdentifier  ::=  SEQUENCE  {
     *     algorithm               OBJECT IDENTIFIER,
     *     parameters              ANY DEFINED BY algorithm OPTIONAL  }
     *                             -- contains a value of the type
     *                             -- registered for use with the
     *                             -- algorithm object identifier value
     * </pre>
     *
     * <p>The algorithm name is determined from the {@code algorithm}
     * OID string.
     *
     * @return the signature algorithm name.
     */
    public abstract String getSigAlgName();

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

X509證書結構

區分獲取SM2、RSA類型證書的密鑰長度、祕鑰算法和簽名算法值

PostMan測試接口-----上傳文件

IntelliJ IDEA maven 項目打war包

使用開源軟件7ZIP在Windows壓縮.tar.gz格式包

Spring Boot使用@Value註解給靜態變量賦值，並且拼接靜態變量

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結