如何解密封装的时间戳?

tag-icon tag-icon encryption certificate timestamp
如何解密封装的时间戳?

我有一个名为 signatures.xml 的文件,它是 Adob​​e AIR 文件的一部分。现在我想解密存储在 XADES 封装时间戳中的信息。如何从加密字符串中获取任何信息?要使用哪些工具?我需要公钥来解密它吗?在哪里可以得到它?(提示一下,我认为使用了此证书:https://blogs.oracle.com/mullan/java-applications-that-are-signed-and-timestamped-with-the-geotrust-timestamp-authority-are-no-longer-working)代码如下:

 <xades:QualifyingProperties>
<xades:UnsignedProperties > 
  <xades:UnsignedSignatureProperties>
    <xades:SignatureTimeStamp>
      <xades:HashDataInfo uri="#PackageSignatureValue">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        </Transforms>
        <xades:EncapsulatedTimeStamp>

    MIIIQgYJKoZIhvcNAQcCoIIIMzCCCC8CAQMxCzAJBgUrDgMCGgUAMIGvBgsqhkiG9w0BCRABBKCB
nwSBnDCBmQIBAQYCKQIwITAJBgUrDgMCGgUABBTRJGuAi64R/rtS0Vl/igSqQLG/3wIEEoJsshgP
MjAxMzA5MzAxMTMxMjRaMAMCATygUaRPME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxHZW9UcnVz
dCBJbmMxJzAlBgNVBAMTHkdlb1RydXN0IFRpbWVzdGFtcGluZyBTaWduZXIgMaCCBY8wggLmMIIC
T6ADAgECAhBejS2spEZlVGu1h5eBkai/MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJaQTEV
MBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhh
d3RlMR0wGwYDVQQLExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVz
dGFtcGluZyBDQTAeFw0wNzEwMzEwMDAwMDBaFw0xNzEwMzAyMzU5NTlaME0xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMxJzAlBgNVBAMTHkdlb1RydXN0IFRpbWVzdGFtcGluZyBT
aWduZXIgMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr2cSRUIuWwkzzCmZ7JAkmml3LgpP
UWIwZGkule4Cdqm1sYykLX1Fw/kF5lbYnjQZGStQPfUnfa+RbQKnGNk+0SSYJWcApzfUouoWolC9
9TgXjwJJcZIfQnk8cmoKleXF+TkEQgiBTxKhDUa4KhayhbDvWh903qhKp0e6jo5T/pkCAwEAAaOB
hzCBhDAMBgNVHRMBAf8EAjAAMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly90c3MtZ2VvdHJ1c3Qt
Y3JsLnRoYXd0ZS5jb20vVGhhd3RlVGltZXN0YW1waW5nQ0EuY3JsMA4GA1UdDwEB/wQEAwIGwDAW
BgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOBgQCp8h1xrhHJJ0mPaN/n3gzf
qZ5J/SIs9aQD/tZsI6zzsvyS9uxqwrhS2IzRyvrrxQyYgdn2zlwzTn7W1I+yvJ2Bc+rwbOOpwW7X
9tlGoAdDnNn3YGHDL27aUD4WoCgM7OQBoeRsmdXCMah96y0TAilp2R6WF0D72u9i14QHsYL5kTCC
AqEwggIKoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgYsxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX
ZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNV
BAsTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMR8wHQYDVQQDExZUaGF3dGUgVGltZXN0YW1waW5nIENB
MB4XDTk3MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgYsxCzAJBgNVBAYTAlpBMRUwEwYDVQQI
EwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAb
BgNVBAsTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMR8wHQYDVQQDExZUaGF3dGUgVGltZXN0YW1waW5n
IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWK1h4YUWGU+o0e1Gc7bDmLhgO/uBfqCfT
tMngfFlOFg5zVGDBf/afLuk6hSQVPNtHBGPDnsSUGlrfTHrz2UMdPBB6eSXbkP7wUecw1kEA/Z8o
33m+lLudthTjI4XXqUHgTKR5sCsai/L4O4o+RaxxkgC0kEGY+1/t+rcuiviINwIDAQABoxMwETAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAGfb4sLmhz1Ag4Y3NX0fzprDDGYgqLqq
BImGwvUQCA2/y6IFitBNNj701+9pxl7ksJRvSrnn3luItnvb4yfldsPwNcHLtSebM3nckKYAnnf6
/M0nlEIWnNMcaOy/XN3lqXsQCjJ0VBMxi4UDhJG3WAEwFDivKMr8sVAZGQmsiUnTMYIB1jCCAdIC
AQEwgaAwgYsxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFDASBgNVBAcTC0R1
cmJhbnZpbGxlMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9u
MR8wHQYDVQQDExZUaGF3dGUgVGltZXN0YW1waW5nIENBAhBejS2spEZlVGu1h5eBkai/MAkGBSsO
AwIaBQCggYwwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xMzA5
MzAxMTMxMjRaMCMGCSqGSIb3DQEJBDEWBBT3Vzs/HYAkfx+RMIi3fWS/+YzGWTArBgsqhkiG9w0B
CRACDDEcMBowGDAWBBQiPNonB5ZzgWtgihuMsKsCMBB/zDANBgkqhkiG9w0BAQEFAASBgJZOFu5t
PDnUenO2A1BZ788Yh/sRI/hjC//zAXRY9rnq/t7hvFGDbruA0pEsTlynJpaKeIu4J/M1iday+phr
BKcj7o0pFYKquDMC/RKnkG+P5tc9QBrvPaAwamrdjoYmXtC6hiRnkA/X0gG/68PtBjGJQpmPmcWt
CpdLjrFCsjen
            </xades:EncapsulatedTimeStamp>      
          </xades:HashDataInfo>         
        </xades:SignatureTimeStamp>
      </xades:UnsignedSignatureProperties> 
    </xades:UnsignedProperties>
  </xades:QualifyingProperties>
</Object>

答案1

XAdES 是围绕 X.509 证书和相关格式构建的,因此“封装数据”可能包含某种 ASN.1 DER 数据,以 Base64 编码。但它不一定加密无论如何 – 只是一层厚厚的二进制格式。

(实际上,MII…前缀是隐藏在 Base64 内部的 ASN.1 SEQUENCE 标签的明显标志。)

我手头没有 XAdES 格式的描述,但是在将标签值通过 Base64 解码器和 ASN.1 转储器运行后(或者或者),我得到:

$ base64 --decode <data.txt >data.raw
$ dumpasn1 data.raw
   0 2114: SEQUENCE {
   4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
  15 2099:   [0] {
  19 2095:     SEQUENCE {
  23    1:       INTEGER 3
  26   11:       SET {
  28    9:         SEQUENCE {
...

方便的是,该文件以自己的“内容类型”(类似于 MIME 类型,但适用于 X.500)开头,并声称自己是PKCS#7 (CMS) 签名数据结构,本质上与 S/MIME 所用的结构相同。OpenSSL 可以成功解析它,如下所示:

$ openssl cms -in data.raw -inform DER -cmsout -print
CMS_ContentInfo: 
  contentType: pkcs7-signedData (1.2.840.113549.1.7.2)
  d.signedData: 
    version: 3
    digestAlgorithms:
        algorithm: sha1 (1.3.14.3.2.26)
        parameter: NULL
    encapContentInfo: 
      eContentType: id-smime-ct-TSTInfo (1.2.840.113549.1.9.16.1.4)
      eContent: 
        0000 - 30 81 99 02 01 01 06 02-29 02 30 21 30 09 06   0.......).0!0..
        000f - 05 2b 0e 03 02 1a 05 00-04 14 d1 24 6b 80 8b   .+.........$k..
        001e - ae 11 fe bb 52 d1 59 7f-8a 04 aa 40 b1 bf df   ....R.Y....@...
        002d - 02 04 12 82 6c b2 18 0f-32 30 31 33 30 39 33   ....l...2013093
        003c - 30 31 31 33 31 32 34 5a-30 03 02 01 3c a0 51   0113124Z0...<.Q
        004b - a4 4f 30 4d 31 0b 30 09-06 03 55 04 06 13 02   .O0M1.0...U....
        005a - 55 53 31 15 30 13 06 03-55 04 0a 13 0c 47 65   US1.0...U....Ge
        0069 - 6f 54 72 75 73 74 20 49-6e 63 31 27 30 25 06   oTrust Inc1'0%.
        0078 - 03 55 04 03 13 1e 47 65-6f 54 72 75 73 74 20   .U....GeoTrust 
        0087 - 54 69 6d 65 73 74 61 6d-70 69 6e 67 20 53 69   Timestamping Si
        0096 - 67 6e 65 72 20 31                              gner 1
    certificates:
      d.certificate: 
        cert_info: 
          version: 2
...

这里您可以看到封装的签名数据——同样,它以类型标识符为前缀,并声称是 RFC 3161“签名时间戳”。紧随其后的是用于签署外层的证书(为简洁起见,此处未显示)。

如果您只需要证书,您可以使用:

$ openssl pkcs7 -in data.raw -inform DER -print_certs > signer.pem

如果您需要签名数据,有多种方法可以提取它。当然,您可以直接将所需的字节复制并粘贴到新文件中。但“正确”的方法是进行完整的签名验证和一切:

$ wget -q https://www.thawte.com/roots/Thawte_Timestamping_CA.pem

$ openssl cms -in data.raw -inform DER \
              -verify -CAfile Thawte_Timestamping_CA.pem \
              -purpose any -attime $(date -d "1 year ago" +%s) \
              -out inner_data.raw -binary

CA 证书仅用于验证,但openssl cms没有跳过签名检查的选项。-purpose是需要的,因为签名证书不是 S/MIME 证书。-attime是需要的,因为证书已经过期。

最后我们得到了这个RFC 3161 “TST信息”已签名的时间戳数据 blob。不幸的是,它似乎格式不正确,OpenSSL 的 ASN.1 解析器不会接受它。

$ openssl ts -reply -in inner_data.raw -text
:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1112:
:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:274:Type=TS_STATUS_INFO
:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:609:Field=status_info, Type=TS_RESP

但至少它的原始内容可以被转储:

$ dumpasn1 inner_data.raw
  0 153: SEQUENCE {
  3   1:   INTEGER 1
  6   2:   OBJECT IDENTIFIER.
       :     Error: OBJECT IDENTIFIER has invalid length 2.
 10  33:   SEQUENCE {
 12   9:     SEQUENCE {
 14   5:       OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 21   0:       NULL
       :       }
 23  20:     OCTET STRING D1 24 6B 80 8B AE 11 FE BB 52 D1 59 7F 8A 04 AA 40 B1 BF DF
       :     }
 45   4:   INTEGER 310537394
 51  15:   GeneralizedTime 30/09/2013 11:31:24 GMT
 68   3:   SEQUENCE {
 70   1:     INTEGER 60
       :     }
 73  81:   [0] {
 75  79:     [4] {
 77  77:       SEQUENCE {
 79  11:         SET {
 81   9:           SEQUENCE {
 83   3:             OBJECT IDENTIFIER countryName (2 5 4 6)
 88   2:             PrintableString 'US'
       :             }
       :           }
 92  21:         SET {
 94  19:           SEQUENCE {
 96   3:             OBJECT IDENTIFIER organizationName (2 5 4 10)
101  12:             PrintableString 'GeoTrust Inc'
       :             }
       :           }
115  39:         SET {
117  37:           SEQUENCE {
119   3:             OBJECT IDENTIFIER commonName (2 5 4 3)
124  30:             PrintableString 'GeoTrust Timestamping Signer 1'
       :             }
       :           }
       :         }
       :       }
       :     }
       :   }

或者:

$ openssl asn1parse -in inner_data.raw -inform DER -i

相关内容