如何使用 openssl 和 cms 检查文件的有效性?
我有一个文件(foo.bin)和一个签名(foo.bin.cms),其中包括 x509 der 格式的证书。
有什么方法可以用证书检查文件的有效性吗?
我可以在 foo.bin.cms 中找到 foo.bin 的 SHA256。
也可以使用 ASN1 打开 foo.bin.cms。但找不到任何使用 openssl 命令验证文件的方法。
openssl cms verify 命令需要 pub.key,但我找不到。
答案1
CMS 验证可能需要证书,但绝不会需要公钥。CMS-SignedData 格式有很多变体(更不用说其他类型的 CMS 数据了),而且您没有提供任何详细信息,因此这里有几个基本情况:
$ openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out sf1132354.key
$ openssl req -new -key sf1132354.key -x509 -days 365 -subj '/CN=Vladimir Putin' -out sf1132354.crt
$ printf 'hello and goodbye\r\n' >sf1132354.in
$ openssl sha256 <sf1132354.in
(stdin)= dc86ba13ac17e82ea9f0e8239f809d0596449dc3b59626b6ebd6178f27178af4
此数据用于以下所有情况。注意,我使用 CRLF 行尾作为数据;openssl cms默认情况下,即使执行的是 CMS 而不是 S/MIME,也会应用 S/MIME 规范化规则,因此除 CRLF 之外的行尾可能会导致问题。
$ openssl cms -sign -in sf1132354.in -inkey sf1132354.key -signer sf1132354.crt -md sha256 -outform der -out sf1132354.dety
$ openssl asn1parse -i -inform der <sf1132354.dety
0:d=0 hl=4 l= 839 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l= 824 cons: cont [ 0 ]
19:d=2 hl=4 l= 820 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=2 l= 11 cons: SEQUENCE
43:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
54:d=3 hl=4 l= 395 cons: cont [ 0 ]
58:d=4 hl=4 l= 391 cons: SEQUENCE
62:d=5 hl=4 l= 301 cons: SEQUENCE
66:d=6 hl=2 l= 3 cons: cont [ 0 ]
68:d=7 hl=2 l= 1 prim: INTEGER :02
71:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
93:d=6 hl=2 l= 10 cons: SEQUENCE
95:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
105:d=6 hl=2 l= 25 cons: SEQUENCE
107:d=7 hl=2 l= 23 cons: SET
109:d=8 hl=2 l= 21 cons: SEQUENCE
111:d=9 hl=2 l= 3 prim: OBJECT :commonName
116:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
132:d=6 hl=2 l= 30 cons: SEQUENCE
134:d=7 hl=2 l= 13 prim: UTCTIME :230601075720Z
149:d=7 hl=2 l= 13 prim: UTCTIME :240531075720Z
164:d=6 hl=2 l= 25 cons: SEQUENCE
166:d=7 hl=2 l= 23 cons: SET
168:d=8 hl=2 l= 21 cons: SEQUENCE
170:d=9 hl=2 l= 3 prim: OBJECT :commonName
175:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
191:d=6 hl=2 l= 89 cons: SEQUENCE
193:d=7 hl=2 l= 19 cons: SEQUENCE
195:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
204:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
214:d=7 hl=2 l= 66 prim: BIT STRING
282:d=6 hl=2 l= 83 cons: cont [ 3 ]
284:d=7 hl=2 l= 81 cons: SEQUENCE
286:d=8 hl=2 l= 29 cons: SEQUENCE
288:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
293:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
317:d=8 hl=2 l= 31 cons: SEQUENCE
319:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
324:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
350:d=8 hl=2 l= 15 cons: SEQUENCE
352:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
357:d=9 hl=2 l= 1 prim: BOOLEAN :255
360:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
367:d=5 hl=2 l= 10 cons: SEQUENCE
369:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
379:d=5 hl=2 l= 72 prim: BIT STRING
453:d=3 hl=4 l= 386 cons: SET
457:d=4 hl=4 l= 382 cons: SEQUENCE
461:d=5 hl=2 l= 1 prim: INTEGER :01
464:d=5 hl=2 l= 49 cons: SEQUENCE
466:d=6 hl=2 l= 25 cons: SEQUENCE
468:d=7 hl=2 l= 23 cons: SET
470:d=8 hl=2 l= 21 cons: SEQUENCE
472:d=9 hl=2 l= 3 prim: OBJECT :commonName
477:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
493:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
515:d=5 hl=2 l= 11 cons: SEQUENCE
517:d=6 hl=2 l= 9 prim: OBJECT :sha256
528:d=5 hl=3 l= 228 cons: cont [ 0 ]
531:d=6 hl=2 l= 24 cons: SEQUENCE
533:d=7 hl=2 l= 9 prim: OBJECT :contentType
544:d=7 hl=2 l= 11 cons: SET
546:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
557:d=6 hl=2 l= 28 cons: SEQUENCE
559:d=7 hl=2 l= 9 prim: OBJECT :signingTime
570:d=7 hl=2 l= 15 cons: SET
572:d=8 hl=2 l= 13 prim: UTCTIME :230601075746Z
587:d=6 hl=2 l= 47 cons: SEQUENCE
589:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
600:d=7 hl=2 l= 34 cons: SET
602:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:DC86BA13AC17E82EA9F0E8239F809D0596449DC3B59626B6EBD6178F27178AF4
636:d=6 hl=2 l= 121 cons: SEQUENCE
638:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities
649:d=7 hl=2 l= 108 cons: SET
651:d=8 hl=2 l= 106 cons: SEQUENCE
653:d=9 hl=2 l= 11 cons: SEQUENCE
655:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
666:d=9 hl=2 l= 11 cons: SEQUENCE
668:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
679:d=9 hl=2 l= 11 cons: SEQUENCE
681:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
692:d=9 hl=2 l= 10 cons: SEQUENCE
694:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
704:d=9 hl=2 l= 14 cons: SEQUENCE
706:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
716:d=10 hl=2 l= 2 prim: INTEGER :80
720:d=9 hl=2 l= 13 cons: SEQUENCE
722:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
732:d=10 hl=2 l= 1 prim: INTEGER :40
735:d=9 hl=2 l= 7 cons: SEQUENCE
737:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
744:d=9 hl=2 l= 13 cons: SEQUENCE
746:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
756:d=10 hl=2 l= 1 prim: INTEGER :28
759:d=5 hl=2 l= 10 cons: SEQUENCE
761:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
771:d=5 hl=2 l= 70 prim: OCTET STRING [HEX DUMP]:30440220497700032BB7F3B6974C6653D926320E2DDC5616565119ED7E968C2B155635CF022030DDA85378C9002AA8E29949FC39A9FD333A9D62B52C8EBB0F73B5D21EE3720E
$ openssl cms -verify -in sf1132354.dety -inform der -content sf1132354.in -CAfile sf1132354.crt
hello and goodbye
Verification successful
$ openssl cms -verify -in sf1132354.dety -inform der -content sf1132354.in -noverify
hello and goodbye
Verification successful
这是的默认变体openssl cms -sign:一个分离的签名(您可以看到从偏移量 41 开始,encapContentInfo 中没有 eContent),带有签名的属性(您可以看到从偏移量 528 开始)和签名者证书的副本(从偏移量 58 开始)。在有签名属性的情况下,验证操作通常会做三件事:
- 计算数据的哈希值(我必须提供它,
-content因为它不包含在 SignedData 中)并与messageDigestsignedattrs中的属性匹配 - 检查签名(偏移量 759 处)是否符合消息中证书公钥下的signedattrs的“规范”编码(即,将context-3标签替换为SET OF)
- 根据信任库验证步骤 2 中使用的证书(这里使用
-CAfile;有更复杂的方法来指定/创建信任库,但这里我仅展示简单的)
这种组合证明接收方/验证方文件中的数据与.in发送方/签名方使用/意图使用的数据相同,并且未被篡改或以其他方式修改。但是,使用像这里这样的自签名证书,它不能证明签名者是谁,也不能证明您应该信任他们签名和发送的数据;特别是,这个证书声称我是弗拉基米尔·普京,但我不是。真的,老实说,我不是——赶快叫停那些攻击无人机 :-}
如果签名者使用了由“真实的”(并且正常运行的)CA 颁发的证书,且验证者验证了该证书,则 CA 会在颁发证书之前验证证书“所有者”(主体)的身份,并且此过程不仅可以验证我是否收到了发送者想要的数据,还可以验证发送者是否是我可以识别并决定是否(以及在多大程度上)信任的人。
最后一条(看似矛盾的)命令跳过了步骤 3;它仅验证数据是否与signedattrs匹配,并且签名(使用证书中的密钥)验证signedattrs,但不验证证书(并且不需要信任库)。这证明您从创建签名的同一方获得了未经篡改的数据,但该方可能是攻击者,并且即使签名经过验证,数据也是伪造和恶意的。
$ openssl cms -sign -in sf1132354.in -inkey sf1132354.key -signer sf1132354.crt -md sha256 -outform der -out sf1132354.detn -noattr
$ openssl asn1parse -i -inform der <sf1132354.detn
0:d=0 hl=4 l= 607 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l= 592 cons: cont [ 0 ]
19:d=2 hl=4 l= 588 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=2 l= 11 cons: SEQUENCE
43:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
54:d=3 hl=4 l= 395 cons: cont [ 0 ]
58:d=4 hl=4 l= 391 cons: SEQUENCE
62:d=5 hl=4 l= 301 cons: SEQUENCE
66:d=6 hl=2 l= 3 cons: cont [ 0 ]
68:d=7 hl=2 l= 1 prim: INTEGER :02
71:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
93:d=6 hl=2 l= 10 cons: SEQUENCE
95:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
105:d=6 hl=2 l= 25 cons: SEQUENCE
107:d=7 hl=2 l= 23 cons: SET
109:d=8 hl=2 l= 21 cons: SEQUENCE
111:d=9 hl=2 l= 3 prim: OBJECT :commonName
116:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
132:d=6 hl=2 l= 30 cons: SEQUENCE
134:d=7 hl=2 l= 13 prim: UTCTIME :230601075720Z
149:d=7 hl=2 l= 13 prim: UTCTIME :240531075720Z
164:d=6 hl=2 l= 25 cons: SEQUENCE
166:d=7 hl=2 l= 23 cons: SET
168:d=8 hl=2 l= 21 cons: SEQUENCE
170:d=9 hl=2 l= 3 prim: OBJECT :commonName
175:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
191:d=6 hl=2 l= 89 cons: SEQUENCE
193:d=7 hl=2 l= 19 cons: SEQUENCE
195:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
204:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
214:d=7 hl=2 l= 66 prim: BIT STRING
282:d=6 hl=2 l= 83 cons: cont [ 3 ]
284:d=7 hl=2 l= 81 cons: SEQUENCE
286:d=8 hl=2 l= 29 cons: SEQUENCE
288:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
293:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
317:d=8 hl=2 l= 31 cons: SEQUENCE
319:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
324:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
350:d=8 hl=2 l= 15 cons: SEQUENCE
352:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
357:d=9 hl=2 l= 1 prim: BOOLEAN :255
360:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
367:d=5 hl=2 l= 10 cons: SEQUENCE
369:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
379:d=5 hl=2 l= 72 prim: BIT STRING
453:d=3 hl=3 l= 155 cons: SET
456:d=4 hl=3 l= 152 cons: SEQUENCE
459:d=5 hl=2 l= 1 prim: INTEGER :01
462:d=5 hl=2 l= 49 cons: SEQUENCE
464:d=6 hl=2 l= 25 cons: SEQUENCE
466:d=7 hl=2 l= 23 cons: SET
468:d=8 hl=2 l= 21 cons: SEQUENCE
470:d=9 hl=2 l= 3 prim: OBJECT :commonName
475:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
491:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
513:d=5 hl=2 l= 11 cons: SEQUENCE
515:d=6 hl=2 l= 9 prim: OBJECT :sha256
526:d=5 hl=2 l= 10 cons: SEQUENCE
528:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
538:d=5 hl=2 l= 71 prim: OCTET STRING [HEX DUMP]:3045022100B5B167CC707D015025C9631EEA3D351E6B53ABB5AE1280A975ABE5D6EB92A4F90220525F75DF118479B6E41A9983104E6B55D215E5A5C4DBBD41B66511A25278479E
$ openssl cms -verify -in sf1132354.detn -inform der -content sf1132354.in -CAfile sf1132354.crt
hello and goodbye
Verification successful
$ openssl cms -verify -in sf1132354.detn -inform der -content sf1132354.in -noverify
hello and goodbye
Verification successful
此变体不使用signedattrs,因此您在任何地方都看不到其中的内容摘要,并且验证过程也不同:
- 验证签名内容(不是signedattrs)使用证书中的公钥
- 验证证书
...现在-noverify版本跳过了步骤 2,只执行步骤 1。
$ openssl cms -sign -in sf1132354.in -inkey sf1132354.key -signer sf1132354.crt -md sha256 -outform der -out sf1132354.envy -nodetach
$ openssl asn1parse -i -inform der <sf1132354.envy 0:d=0 hl=4 l= 862 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l= 847 cons: cont [ 0 ]
19:d=2 hl=4 l= 843 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=2 l= 34 cons: SEQUENCE
43:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
54:d=4 hl=2 l= 21 cons: cont [ 0 ]
56:d=5 hl=2 l= 19 prim: OCTET STRING :hello and goodbye
77:d=3 hl=4 l= 395 cons: cont [ 0 ]
81:d=4 hl=4 l= 391 cons: SEQUENCE
85:d=5 hl=4 l= 301 cons: SEQUENCE
89:d=6 hl=2 l= 3 cons: cont [ 0 ]
91:d=7 hl=2 l= 1 prim: INTEGER :02
94:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
116:d=6 hl=2 l= 10 cons: SEQUENCE
118:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
128:d=6 hl=2 l= 25 cons: SEQUENCE
130:d=7 hl=2 l= 23 cons: SET
132:d=8 hl=2 l= 21 cons: SEQUENCE
134:d=9 hl=2 l= 3 prim: OBJECT :commonName
139:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
155:d=6 hl=2 l= 30 cons: SEQUENCE
157:d=7 hl=2 l= 13 prim: UTCTIME :230601075720Z
172:d=7 hl=2 l= 13 prim: UTCTIME :240531075720Z
187:d=6 hl=2 l= 25 cons: SEQUENCE
189:d=7 hl=2 l= 23 cons: SET
191:d=8 hl=2 l= 21 cons: SEQUENCE
193:d=9 hl=2 l= 3 prim: OBJECT :commonName
198:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
214:d=6 hl=2 l= 89 cons: SEQUENCE
216:d=7 hl=2 l= 19 cons: SEQUENCE
218:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
227:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
237:d=7 hl=2 l= 66 prim: BIT STRING
305:d=6 hl=2 l= 83 cons: cont [ 3 ]
307:d=7 hl=2 l= 81 cons: SEQUENCE
309:d=8 hl=2 l= 29 cons: SEQUENCE
311:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
316:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
340:d=8 hl=2 l= 31 cons: SEQUENCE
342:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
347:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
373:d=8 hl=2 l= 15 cons: SEQUENCE
375:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
380:d=9 hl=2 l= 1 prim: BOOLEAN :255
383:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
390:d=5 hl=2 l= 10 cons: SEQUENCE
392:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
402:d=5 hl=2 l= 72 prim: BIT STRING
476:d=3 hl=4 l= 386 cons: SET
480:d=4 hl=4 l= 382 cons: SEQUENCE
484:d=5 hl=2 l= 1 prim: INTEGER :01
487:d=5 hl=2 l= 49 cons: SEQUENCE
489:d=6 hl=2 l= 25 cons: SEQUENCE
491:d=7 hl=2 l= 23 cons: SET
493:d=8 hl=2 l= 21 cons: SEQUENCE
495:d=9 hl=2 l= 3 prim: OBJECT :commonName
500:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
516:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
538:d=5 hl=2 l= 11 cons: SEQUENCE
540:d=6 hl=2 l= 9 prim: OBJECT :sha256
551:d=5 hl=3 l= 228 cons: cont [ 0 ]
554:d=6 hl=2 l= 24 cons: SEQUENCE
556:d=7 hl=2 l= 9 prim: OBJECT :contentType
567:d=7 hl=2 l= 11 cons: SET
569:d=8 hl=2 l= 9 prim: OBJECT :pkcs7-data
580:d=6 hl=2 l= 28 cons: SEQUENCE
582:d=7 hl=2 l= 9 prim: OBJECT :signingTime
593:d=7 hl=2 l= 15 cons: SET
595:d=8 hl=2 l= 13 prim: UTCTIME :230601083230Z
610:d=6 hl=2 l= 47 cons: SEQUENCE
612:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
623:d=7 hl=2 l= 34 cons: SET
625:d=8 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:DC86BA13AC17E82EA9F0E8239F809D0596449DC3B59626B6EBD6178F27178AF4
659:d=6 hl=2 l= 121 cons: SEQUENCE
661:d=7 hl=2 l= 9 prim: OBJECT :S/MIME Capabilities
672:d=7 hl=2 l= 108 cons: SET
674:d=8 hl=2 l= 106 cons: SEQUENCE
676:d=9 hl=2 l= 11 cons: SEQUENCE
678:d=10 hl=2 l= 9 prim: OBJECT :aes-256-cbc
689:d=9 hl=2 l= 11 cons: SEQUENCE
691:d=10 hl=2 l= 9 prim: OBJECT :aes-192-cbc
702:d=9 hl=2 l= 11 cons: SEQUENCE
704:d=10 hl=2 l= 9 prim: OBJECT :aes-128-cbc
715:d=9 hl=2 l= 10 cons: SEQUENCE
717:d=10 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
727:d=9 hl=2 l= 14 cons: SEQUENCE
729:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
739:d=10 hl=2 l= 2 prim: INTEGER :80
743:d=9 hl=2 l= 13 cons: SEQUENCE
745:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
755:d=10 hl=2 l= 1 prim: INTEGER :40
758:d=9 hl=2 l= 7 cons: SEQUENCE
760:d=10 hl=2 l= 5 prim: OBJECT :des-cbc
767:d=9 hl=2 l= 13 cons: SEQUENCE
769:d=10 hl=2 l= 8 prim: OBJECT :rc2-cbc
779:d=10 hl=2 l= 1 prim: INTEGER :28
782:d=5 hl=2 l= 10 cons: SEQUENCE
784:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
794:d=5 hl=2 l= 70 prim: OCTET STRING [HEX DUMP]:3044022004297664781BFF7FF183FBA4F8536C83A3EA796690B810970DDC3C49E5F28FCC0220048A0A573AD584282DF8C2079AAC5E036B33E414F9B55762A16A49B60D176E68
$ openssl cms -verify -in sf1132354.envy -inform der -CAfile sf1132354.crt
hello and goodbye
Verification successful
$ openssl cms -verify -in sf1132354.envy -inform der -noverify
hello and goodbye
Verification successful
$ openssl cms -sign -in sf1132354.in -inkey sf1132354.key -signer sf1132354.crt -md sha256 -outform der -out sf1132354.envn -nodetach -noattr
$ openssl asn1parse -i -inform der <sf1132354.envn
0:d=0 hl=4 l= 629 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l= 614 cons: cont [ 0 ]
19:d=2 hl=4 l= 610 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 13 cons: SET
28:d=4 hl=2 l= 11 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=3 hl=2 l= 34 cons: SEQUENCE
43:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
54:d=4 hl=2 l= 21 cons: cont [ 0 ]
56:d=5 hl=2 l= 19 prim: OCTET STRING :hello and goodbye
77:d=3 hl=4 l= 395 cons: cont [ 0 ]
81:d=4 hl=4 l= 391 cons: SEQUENCE
85:d=5 hl=4 l= 301 cons: SEQUENCE
89:d=6 hl=2 l= 3 cons: cont [ 0 ]
91:d=7 hl=2 l= 1 prim: INTEGER :02
94:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
116:d=6 hl=2 l= 10 cons: SEQUENCE
118:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
128:d=6 hl=2 l= 25 cons: SEQUENCE
130:d=7 hl=2 l= 23 cons: SET
132:d=8 hl=2 l= 21 cons: SEQUENCE
134:d=9 hl=2 l= 3 prim: OBJECT :commonName
139:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
155:d=6 hl=2 l= 30 cons: SEQUENCE
157:d=7 hl=2 l= 13 prim: UTCTIME :230601075720Z
172:d=7 hl=2 l= 13 prim: UTCTIME :240531075720Z
187:d=6 hl=2 l= 25 cons: SEQUENCE
189:d=7 hl=2 l= 23 cons: SET
191:d=8 hl=2 l= 21 cons: SEQUENCE
193:d=9 hl=2 l= 3 prim: OBJECT :commonName
198:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
214:d=6 hl=2 l= 89 cons: SEQUENCE
216:d=7 hl=2 l= 19 cons: SEQUENCE
218:d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
227:d=8 hl=2 l= 8 prim: OBJECT :prime256v1
237:d=7 hl=2 l= 66 prim: BIT STRING
305:d=6 hl=2 l= 83 cons: cont [ 3 ]
307:d=7 hl=2 l= 81 cons: SEQUENCE
309:d=8 hl=2 l= 29 cons: SEQUENCE
311:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
316:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
340:d=8 hl=2 l= 31 cons: SEQUENCE
342:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
347:d=9 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014AFBF46DE3CED60E2A5BBEA461C187C4FBE4D4654
373:d=8 hl=2 l= 15 cons: SEQUENCE
375:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
380:d=9 hl=2 l= 1 prim: BOOLEAN :255
383:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
390:d=5 hl=2 l= 10 cons: SEQUENCE
392:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
402:d=5 hl=2 l= 72 prim: BIT STRING
476:d=3 hl=3 l= 154 cons: SET
479:d=4 hl=3 l= 151 cons: SEQUENCE
482:d=5 hl=2 l= 1 prim: INTEGER :01
485:d=5 hl=2 l= 49 cons: SEQUENCE
487:d=6 hl=2 l= 25 cons: SEQUENCE
489:d=7 hl=2 l= 23 cons: SET
491:d=8 hl=2 l= 21 cons: SEQUENCE
493:d=9 hl=2 l= 3 prim: OBJECT :commonName
498:d=9 hl=2 l= 14 prim: UTF8STRING :Vladimir Putin
514:d=6 hl=2 l= 20 prim: INTEGER :09D45914492F88F6E9812C905D2A0405C5769CCD
536:d=5 hl=2 l= 11 cons: SEQUENCE
538:d=6 hl=2 l= 9 prim: OBJECT :sha256
549:d=5 hl=2 l= 10 cons: SEQUENCE
551:d=6 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
561:d=5 hl=2 l= 70 prim: OCTET STRING [HEX DUMP]:304402207D12A9C0281FF39ED3DA7C0966E1B153D70150B25976B7FEBF8C35B92986861902202C8FA05D23E2988C06FC3A973104E88195596D94340A43802202A266D6DEFB43
$ openssl cms -verify -in sf1132354.envn -inform der -CAfile sf1132354.crt
hello and goodbye
Verification successful
$ openssl cms -verify -in sf1132354.envn -inform der -noverify
hello and goodbye
Verification successful
这些是“封装”(非分离)签名,做包括内容(偏移量 56 处),并分别使用或不使用signedattrs。验证与上面的两种情况相同,只是现在我不需要指定,-content因为内容在SignedData中。
还有更多案例,但我已经在这个 A 上花费了太多时间,这对其他人来说并不公平,所以我就此打住。如果你的案例不同,请明确说明不同之处,我会尽量在几天后回复。