3

我正在尝试查找什么是公钥标头和公钥信息。我已经使用 openssl 以及公钥模数转储了 C 格式的证书。它将公钥信息和公钥头列为公钥。但我无法使用openssl.exe rsa -pubin -inform DER -text -noout < publickey.der在我的服务器上生成的公钥转储这些字段。

任何人都可以解释这些字段在数字证书中的意义是什么,它们对于所有的公钥都是一样的吗?无法在 openssl 上获取此信息,只是提到 DER 编码将具有额外的页眉和页脚。

4

1 回答 1

3

I've never heard of the public key header... could you give an example?

The Public Key info is probably the standard way how public keys in X.509 certificates are generally encoded, in the form of a SubjectPublicKeyInfo attribute. These SubjectPublicKeyInfos can be turned into a public key file (I assumed that's what you were trying to do? Please correct me if I'm wrong!) That section also tells you about where you can find information about particular algorithms, for RSA they reference RFC 3279. A SubjectPublicKeyInfo is defined as follows:

SubjectPublicKeyInfo  ::=  SEQUENCE  {
    algorithm            AlgorithmIdentifier,
    subjectPublicKey     BIT STRING  } 

RFC 3279 says:

The rsaEncryption OID is intended to be used in the algorithm field of a value of type AlgorithmIdentifier. The parameters field MUST have ASN.1 type NULL for this algorithm identifier.

Further:

The RSA public key MUST be encoded using the ASN.1 type RSAPublicKey:

  RSAPublicKey ::= SEQUENCE {
     modulus            INTEGER,    -- n
     publicExponent     INTEGER  }  -- e

So it's the subjectPublicKey field that contains the relevant data - you can for example get to these values with the x509 command of OpenSSL:

openssl x509 -in certificate.cer -inform DER -noout -text

Prints out (for PEM certificates, drop the -inform DER):

Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
            Public-Key: (1024 bit)
            Modulus:
                00:cb:c2:...
            Exponent: 65537 (0x10001)

There's also a neat trick how you can directly produce a PEM RSA public key file with x509:

openssl x509 -inform DER -in certificate.cer -pubkey -noout > pubkey.pem

and there's your public key exported in PEM encoding.

于 2012-05-30T21:48:14.143 回答