APK签名流程详解

2022-08-26 14:10:33 浏览数 (1)

大家好,又见面了,我是你们的朋友全栈君。

本文最好对照我的 APK签名解析示例进行阅读.

示例中的关键文件说明:

  • keys – 存放签名公私钥的目录
  • signed_logcat.apk – 已经使用keys目录中的密钥签名后的apk
  • signed_logcat – signed_logcat.apk解压出来的内容
  • sign.cmd – 对apk签名的批处理命令
  • signapk.jar – java版本的apk签名工具

APK签名过程示意图

安卓的签名实际就是产生 MANIFEST.MF/ CERT.SF/ CERT.RSA这3个文件的过程。

背景知识:

1. APK本身是ZIP格式,签名前后都没有变化。

2. APK签名后,默认使用最高zip压缩率打包,但不用最高压缩也没问题。

3. HASH算法需要与公钥证书的签名算法的HASH算法一致。

4. 产生出3个APK签名核心文件后,将其放置到META-INF目录下,然后打包即可

5. 有的应用会校验其ZIP包的注释内容,需要注意签名前后不能改变注释内容

解析MANIFEST.MF

这个文件中列出了apk包中的所有文件(META-INF目录除外),并计算了每个文件的HASH值.

signed_logcat目录下内容如下:

代码语言:javascript复制
│  AndroidManifest.xml
│  classes.dex
│  resources.arsc
│
├─META-INF
│      CERT.RSA
│      CERT.SF
│      MANIFEST.MF
│
└─res
    ├─drawable-hdpi
    │      ic_launcher.png
    │
    ├─drawable-ldpi
    │      ic_launcher.png
    │
    ├─drawable-mdpi
    │      ic_launcher.png
    │
    ├─layout
    │      about.xml
    │      filterinfo.xml
    │      log_item.xml
    │      main.xml
    │
    ├─menu
    │      menu.xml
    │
    └─xml
            filter_edit.xml
            setting.xml

去除META-INF下的3个目录,共计13个文件节点(目录节点不算)。

MANIFEST.MF中的内容如下:

代码语言:javascript复制
Manifest-Version: 1.0
Created-By: 1.0 (Android)

Name: res/drawable-ldpi/ic_launcher.png
SHA-256-Digest: 3W4u5DW0c73Y7ktvX/eEojCOqw4pWbL2FLLrOc4QCPg=
SHA1-Digest: Gptf3OFSHAJiqt1ruVWuAcXNPGQ=

Name: AndroidManifest.xml
SHA-256-Digest: RSv5GlsEuF5k5Sr5ri5g7XFH5VkpKWKoIKwNuE6xnHA=
SHA1-Digest: 5Mv14ygoWNrctE3N5Qr6Xt7QD9w=

Name: res/layout/filterinfo.xml
SHA-256-Digest: 7r1eNNO7rjKHMS0tp0HpRYiaejmXQawtosicJ x5oV8=
SHA1-Digest: w839vKNz3A6vUrMnKHYomzPu qg=

Name: res/drawable-mdpi/ic_launcher.png
SHA-256-Digest: nfDi95TP2Zfs/p53R1kFMjS96eTKyovB2a aQhvpLDQ=
SHA1-Digest: SxiY/cJC5brgQo8fLfEh5u0 ldE=

Name: res/xml/setting.xml
SHA-256-Digest: tlKeyI3BI6QXRSmGWwHq9dAmCZl2001mJR73x372wVM=
SHA1-Digest: c0LK1yCxbLYFIGcczERaOfrXFGs=

Name: res/layout/main.xml
SHA-256-Digest: e25lMknIWEBaN79jK52vNoEuoH/zE7/J/QERxfKZxaM=
SHA1-Digest:  LbSuE4 ynfywAdeM0So/iJSD5M=

Name: res/xml/filter_edit.xml
SHA-256-Digest: iOosC7O4 ZWmNG 7Ar1DEJBPp/RauMwdXG6oJ0PNiKo=
SHA1-Digest: pa42Lkz/v5S0CvO omGTpqtBB8E=

Name: res/layout/about.xml
SHA-256-Digest: cnaekKTY/DLyrzOUsf4A0Iq2GXLb7Npx5x8mTB2MlAM=
SHA1-Digest: HXxqOc4C1s3/mctREtlbqQuhUns=

Name: resources.arsc
SHA-256-Digest: UjmlzwOkRWFqbHiaS8TGsvv VVa4m8Kdv3bRBgOLU Q=
SHA1-Digest: CdvYBpUApJDwBcQvEA3Mk4 Q0hU=

Name: res/drawable-hdpi/ic_launcher.png
SHA-256-Digest: /9NqWE4MJ9MRZdaBPn403c4d6aqOOB0puK9wl7b1RIs=
SHA1-Digest: MHMvWYw9KpOlC 0rPifkm4g6e5M=

Name: res/layout/log_item.xml
SHA-256-Digest: RmnzQ7BRWIBxX/Dxcy2YsAHfazUXf6Y7Yc1JDvY0TE0=
SHA1-Digest: qU88yXe1lk6O5rhdNrNkadLRudA=

Name: res/menu/menu.xml
SHA-256-Digest: frL0Sjtd7OC6JHMyNHFYOQyR8vJWiFwyQME84lsFgP0=
SHA1-Digest: MaJpFnlCF7PqVq/Ms 2Z6HxzCvg=

Name: classes.dex
SHA-256-Digest: YsJR8PGYOy2N/aIsmNab2duvO8alJsdVDkYV80kHTOQ=
SHA1-Digest: tvuP2FFB2CfeneIOJ9RVW7QB1Gc=

MANIFEST.MF文件中,除去文件头外,共有13个节点,每个节点以Name开始,以0D0A0D0A(rnrn)结束.

Name:后面是文件路径

SHA-256-Digest:后面是对应文件的sha256 HASH值(base64编码)

SHA1-Digest:后面是对应文件的sha1 HASH值(base64编码)

以下面这个节点为例:

代码语言:javascript复制
Name: AndroidManifest.xml
SHA-256-Digest: RSv5GlsEuF5k5Sr5ri5g7XFH5VkpKWKoIKwNuE6xnHA=
SHA1-Digest: 5Mv14ygoWNrctE3N5Qr6Xt7QD9w=

我们使用HASH工具计算AndroidManifest.xml的SHA1和SHA256值,得到:

SHA1: E4CBF5E3282858DADCB44DCDE50AFA5EDED00FDC

SHA256: 452BF91A5B04B85E64E52AF9AE2E60ED7147E559292962A820AC0DB84EB19C70

将上面的编码从HEX转换为Base64后:

SHA1: 5Mv14ygoWNrctE3N5Qr6Xt7QD9w=

SHA256: RSv5GlsEuF5k5Sr5ri5g7XFH5VkpKWKoIKwNuE6xnHA=

可以看到与MANIFEST.MF文件中的内容是一致的。

解析CERT.SF

CERT.SF的第一个节点:

代码语言:javascript复制
Signature-Version: 1.0
SHA-256-Digest-Manifest:  YfBiVXqW6JS XDa/gmbgSL3KmFncWVragRk/gJfjQE=
Created-By: 1.0 (Android SignApk)

其中的SHA-256-Digest-Manifest后面的HASH是MANIFEST.MF文件的SHA256 HASH值。

MANIFEST.MF文件的SHA256: F987C18955EA5BA252F970DAFE099B8122F72A616771656B6A0464FE025F8D01

转换为base64编码: YfBiVXqW6JS XDa/gmbgSL3KmFncWVragRk/gJfjQE=

CERT.SF之后的每个节点顺序与MANIFEST.MF中的节点顺序一致,以CERT.SF中的一个节点为例:

代码语言:javascript复制
Name: res/drawable-ldpi/ic_launcher.png
SHA-256-Digest: KgPMKmwuRBe1QZZEItS/jS vpNKTsJC0Ve2RPCWX7eE=

Name: 后面是文件路径,与MANIFEST.MF中对应节点的Name内容一致。

SHA-256-Digest:

– 由于签名密钥中的签名算法使用了SHA256withRSA算法,所以这里输出的是SHA256 HASH.

– HASH原始的数据来源是MANIFEST.MF中对应的节点,此例中的源数据内容为:

代码语言:javascript复制
Name: res/drawable-ldpi/ic_launcher.png
SHA-256-Digest: 3W4u5DW0c73Y7ktvX/eEojCOqw4pWbL2FLLrOc4QCPg=
SHA1-Digest: Gptf3OFSHAJiqt1ruVWuAcXNPGQ=

上面源数据, 包含两个rn.

上面这个源数据算出来的SHA256: 2A03CC2A6C2E4417B541964422D4BF8D2FAFA4D293B090B455ED913C2597EDE1

转换为base64编码:KgPMKmwuRBe1QZZEItS/jS vpNKTsJC0Ve2RPCWX7eE=

与CERT.SF中的结果一致。

解析CERT.RSA

这个文件是一个DER编码格式的PKCS7签名文件。

使用Openssl可以对其进行解析:

openssl asn1parse -inform DER -in CERT.RSA -dump > CERT.RSA.txt

代码语言:javascript复制
    0:d=0  hl=4 l=1432 cons: SEQUENCE          
    4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
   15:d=1  hl=4 l=1417 cons: cont [ 0 ]        
   19:d=2  hl=4 l=1413 cons: SEQUENCE          
   23:d=3  hl=2 l=   1 prim: INTEGER           :01
   26:d=3  hl=2 l=  15 cons: SET               
   28:d=4  hl=2 l=  13 cons: SEQUENCE          
   30:d=5  hl=2 l=   9 prim: OBJECT            :sha256
   41:d=5  hl=2 l=   0 prim: NULL              
   43:d=3  hl=2 l=  11 cons: SEQUENCE          
   45:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
   56:d=3  hl=4 l= 949 cons: cont [ 0 ]        
   60:d=4  hl=4 l= 945 cons: SEQUENCE          
   64:d=5  hl=4 l= 665 cons: SEQUENCE          
   68:d=6  hl=2 l=   3 cons: cont [ 0 ]        
   70:d=7  hl=2 l=   1 prim: INTEGER           :02
   73:d=6  hl=2 l=   9 prim: INTEGER           :8B9E3C007FCAEFAB
   84:d=6  hl=2 l=  13 cons: SEQUENCE          
   86:d=7  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
   97:d=7  hl=2 l=   0 prim: NULL              
   99:d=6  hl=2 l= 111 cons: SEQUENCE          
  101:d=7  hl=2 l=  11 cons: SET               
  103:d=8  hl=2 l=   9 cons: SEQUENCE          
  105:d=9  hl=2 l=   3 prim: OBJECT            :countryName
  110:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :CN
  114:d=7  hl=2 l=  17 cons: SET               
  116:d=8  hl=2 l=  15 cons: SEQUENCE          
  118:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
  123:d=9  hl=2 l=   8 prim: UTF8STRING        :ShangHai
  133:d=7  hl=2 l=  16 cons: SET               
  135:d=8  hl=2 l=  14 cons: SEQUENCE          
  137:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
  142:d=9  hl=2 l=   7 prim: UTF8STRING        :BASEWIN
  151:d=7  hl=2 l=  36 cons: SET               
  153:d=8  hl=2 l=  34 cons: SEQUENCE          
  155:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  160:d=9  hl=2 l=  27 prim: UTF8STRING        :Shanghai Basewin Technology
  189:d=7  hl=2 l=  21 cons: SET               
  191:d=8  hl=2 l=  19 cons: SEQUENCE          
  193:d=9  hl=2 l=   3 prim: OBJECT            :commonName
  198:d=9  hl=2 l=  12 prim: UTF8STRING        :Android Team
  212:d=6  hl=2 l=  30 cons: SEQUENCE          
  214:d=7  hl=2 l=  13 prim: UTCTIME           :171129070139Z
  229:d=7  hl=2 l=  13 prim: UTCTIME           :450416070139Z
  244:d=6  hl=2 l= 111 cons: SEQUENCE          
  246:d=7  hl=2 l=  11 cons: SET               
  248:d=8  hl=2 l=   9 cons: SEQUENCE          
  250:d=9  hl=2 l=   3 prim: OBJECT            :countryName
  255:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :CN
  259:d=7  hl=2 l=  17 cons: SET               
  261:d=8  hl=2 l=  15 cons: SEQUENCE          
  263:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
  268:d=9  hl=2 l=   8 prim: UTF8STRING        :ShangHai
  278:d=7  hl=2 l=  16 cons: SET               
  280:d=8  hl=2 l=  14 cons: SEQUENCE          
  282:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
  287:d=9  hl=2 l=   7 prim: UTF8STRING        :BASEWIN
  296:d=7  hl=2 l=  36 cons: SET               
  298:d=8  hl=2 l=  34 cons: SEQUENCE          
  300:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  305:d=9  hl=2 l=  27 prim: UTF8STRING        :Shanghai Basewin Technology
  334:d=7  hl=2 l=  21 cons: SET               
  336:d=8  hl=2 l=  19 cons: SEQUENCE          
  338:d=9  hl=2 l=   3 prim: OBJECT            :commonName
  343:d=9  hl=2 l=  12 prim: UTF8STRING        :Android Team
  357:d=6  hl=4 l= 290 cons: SEQUENCE          
  361:d=7  hl=2 l=  13 cons: SEQUENCE          
  363:d=8  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  374:d=8  hl=2 l=   0 prim: NULL              
  376:d=7  hl=4 l= 271 prim: BIT STRING        
      0000 - 00 30 82 01 0a 02 82 01-01 00 de f6 1b 53 79 14   .0...........Sy.
      0010 - a5 0e bd 3b 0b 91 2d be-1a 6c e9 c6 2e 01 15 75   ...;..-..l.....u
      0020 - 4b 6c b6 09 39 e2 48 82-ef 04 59 38 06 da f3 c9   Kl..9.H...Y8....
      0030 - 9c 46 89 e2 93 ff f5 13-bd 68 33 95 67 0c e1 ae   .F.......h3.g...
      0040 - 97 c2 27 cf a4 ee 94 d3-9f 54 62 b3 a7 4c 4a ec   ..'......Tb..LJ.
      0050 - 70 1f 9e 1b 8d 5f 4c 07-36 91 63 86 a0 b0 65 4f   p...._L.6.c...eO
      0060 - bf cc 49 04 11 00 47 9e-7d 99 05 d0 ec 5f 31 17   ..I...G.}...._1.
      0070 - 56 46 61 69 39 02 6c e8-2d ea 94 c5 66 64 38 32   VFai9.l.-...fd82
      0080 - 9a 9e 5d ad a9 d4 61 16-a9 6c 29 21 2e 62 82 78   ..]...a..l)!.b.x
      0090 - d3 69 0c 2d ed 72 aa 3f-9e 6f 6a a1 e1 ab 01 e5   .i.-.r.?.oj.....
      00a0 - 31 b3 fc ee e5 50 4f f6-8e cc 2f d1 12 be 47 74   1....PO.../...Gt
      00b0 - df 04 d8 70 ca bf 5d 01-5b 44 14 83 0e 9d 19 f0   ...p..].[D......
      00c0 - 29 8f 7e ff 49 c0 2d 82-24 74 2f 98 2a 2a 6d 78   ).~.I.-.$t/.**mx
      00d0 - 7b b5 8c 4d b9 d9 01 35-72 03 f7 ce 0d 18 57 ee   {..M...5r.....W.
      00e0 - f9 25 66 90 84 cf a5 74-9e b8 7d ca cc 1d 4a 67   .%f....t..}...Jg
      00f0 - 61 af e9 1a 9b d7 56 b3-38 30 f7 10 07 61 f1 1e   a.....V.80...a..
      0100 - 4b 0b bd 1d dc bc 62 22-48 fb 02 03 01 00 01      K.....b"H......
  651:d=6  hl=2 l=  80 cons: cont [ 3 ]        
  653:d=7  hl=2 l=  78 cons: SEQUENCE          
  655:d=8  hl=2 l=  29 cons: SEQUENCE          
  657:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  662:d=9  hl=2 l=  22 prim: OCTET STRING      
      0000 - 04 14 45 31 44 f3 b3 28-99 2c a5 3b fb 17 6e 8d   ..E1D..(.,.;..n.
      0010 - 96 48 53 a7 91 41                                 .HS..A
  686:d=8  hl=2 l=  31 cons: SEQUENCE          
  688:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  693:d=9  hl=2 l=  24 prim: OCTET STRING      
      0000 - 30 16 80 14 45 31 44 f3-b3 28 99 2c a5 3b fb 17   0...E1D..(.,.;..
      0010 - 6e 8d 96 48 53 a7 91 41-                          n..HS..A
  719:d=8  hl=2 l=  12 cons: SEQUENCE          
  721:d=9  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  726:d=9  hl=2 l=   5 prim: OCTET STRING      
      0000 - 30 03 01 01 ff                                    0....
  733:d=5  hl=2 l=  13 cons: SEQUENCE          
  735:d=6  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
  746:d=6  hl=2 l=   0 prim: NULL              
  748:d=5  hl=4 l= 257 prim: BIT STRING        
      0000 - 00 5e a0 ef 2f ff e8 0b-6f d0 c9 c5 00 03 74 88   .^../...o.....t.
      0010 - 20 de d3 ab 6c 33 a1 20-1c 6c c6 94 11 c0 58 a3    ...l3. .l....X.
      0020 - 2e 7b 2a 50 34 3e fd 3f-4c 42 f7 48 e8 fb 43 4c   .{*P4>.?LB.H..CL
      0030 - 48 ed cd 2b 22 cb 6d 11-69 cc 41 ff d5 42 f9 d2   H.. ".m.i.A..B..
      0040 - 8b 7f 5a 43 38 f3 6d f3-a3 66 94 be 7f f0 39 57   ..ZC8.m..f....9W
      0050 - 6c 9c e6 a3 4f a8 6f 43-ea 10 60 61 96 e2 0b 88   l...O.oC..`a....
      0060 - 1c 30 99 be 19 4d 92 4a-d4 a4 74 e6 89 16 dc 96   .0...M.J..t.....
      0070 - 69 62 e5 76 ab 5e 59 7a-f0 16 b0 e2 5d f3 04 50   ib.v.^Yz....]..P
      0080 - a2 40 4e c9 b0 ed 21 0e-5f 85 44 5b 1d c9 eb e9   .@N...!._.D[....
      0090 - 7e a1 13 37 92 e1 b4 1d-54 78 c5 75 7f cf 73 ff   ~..7....Tx.u..s.
      00a0 - 6e f0 57 b9 9f 58 83 37-2f bc 0c 02 64 39 ec a6   n.W..X.7/...d9..
      00b0 - 64 38 10 95 3f 7e d5 de-51 76 fc 27 86 16 31 a1   d8..?~..Qv.'..1.
      00c0 - 72 ed 41 dc 32 fb 09 9b-2e 88 68 52 24 b9 f4 60   r.A.2.....hR$..`
      00d0 - f0 7e c2 67 20 64 2f 27-c1 58 b6 f5 eb 44 96 2e   .~.g d/'.X...D..
      00e0 - 08 0c b3 c7 79 5f b6 7f-df 30 bd f0 fe f2 89 2d   ....y_...0.....-
      00f0 - b7 22 6d cc 79 80 fd c8-42 9a 33 3a 00 fb 43 e0   ."m.y...B.3:..C.
      0100 - 4d                                                M
 1009:d=3  hl=4 l= 423 cons: SET               
 1013:d=4  hl=4 l= 419 cons: SEQUENCE          
 1017:d=5  hl=2 l=   1 prim: INTEGER           :01
 1020:d=5  hl=2 l= 124 cons: SEQUENCE          
 1022:d=6  hl=2 l= 111 cons: SEQUENCE          
 1024:d=7  hl=2 l=  11 cons: SET               
 1026:d=8  hl=2 l=   9 cons: SEQUENCE          
 1028:d=9  hl=2 l=   3 prim: OBJECT            :countryName
 1033:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :CN
 1037:d=7  hl=2 l=  17 cons: SET               
 1039:d=8  hl=2 l=  15 cons: SEQUENCE          
 1041:d=9  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
 1046:d=9  hl=2 l=   8 prim: UTF8STRING        :ShangHai
 1056:d=7  hl=2 l=  16 cons: SET               
 1058:d=8  hl=2 l=  14 cons: SEQUENCE          
 1060:d=9  hl=2 l=   3 prim: OBJECT            :organizationName
 1065:d=9  hl=2 l=   7 prim: UTF8STRING        :BASEWIN
 1074:d=7  hl=2 l=  36 cons: SET               
 1076:d=8  hl=2 l=  34 cons: SEQUENCE          
 1078:d=9  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
 1083:d=9  hl=2 l=  27 prim: UTF8STRING        :Shanghai Basewin Technology
 1112:d=7  hl=2 l=  21 cons: SET               
 1114:d=8  hl=2 l=  19 cons: SEQUENCE          
 1116:d=9  hl=2 l=   3 prim: OBJECT            :commonName
 1121:d=9  hl=2 l=  12 prim: UTF8STRING        :Android Team
 1135:d=6  hl=2 l=   9 prim: INTEGER           :8B9E3C007FCAEFAB
 1146:d=5  hl=2 l=  13 cons: SEQUENCE          
 1148:d=6  hl=2 l=   9 prim: OBJECT            :sha256
 1159:d=6  hl=2 l=   0 prim: NULL              
 1161:d=5  hl=2 l=  13 cons: SEQUENCE          
 1163:d=6  hl=2 l=   9 prim: OBJECT            :rsaEncryption
 1174:d=6  hl=2 l=   0 prim: NULL              
 1176:d=5  hl=4 l= 256 prim: OCTET STRING      
      0000 - 31 bf fd 61 88 01 3f d8-d6 e6 16 b7 94 c0 5e f9   1..a..?.......^.
      0010 - b4 f0 a9 29 e6 62 ad 68-ef 82 95 f4 f8 07 8b d0   ...).b.h........
      0020 - 16 c6 cb 55 22 66 ac 50-fe f8 9c d3 f0 8d 61 9d   ...U"f.P......a.
      0030 - 7b ec 80 20 04 7a a7 ff-42 07 b8 19 d5 99 9c c1   {.. .z..B.......
      0040 - 35 0b 09 ca d6 26 50 5c-7b 95 84 38 45 ac da d2   5....&P{..8E...
      0050 - 2b 6b ad 87 61 6c 39 1d-2e 3b b1 6a 36 b1 9c 44    k..al9..;.j6..D
      0060 - 9d 7b de 1d 8b d1 80 38-f3 95 57 40 08 21 12 5c   .{.....8..W@.!.
      0070 - 06 f2 49 b2 f4 ec 4e b9-4a 00 c5 91 27 05 5b 55   ..I...N.J...'.[U
      0080 - 51 71 94 2a c9 e0 bf 0e-4c 5d d4 08 14 f2 cf 4d   Qq.*....L].....M
      0090 - 8c f1 4e 35 e0 83 2b a9-56 dd c4 5a 93 c8 6f 7f   ..N5.. .V..Z..o.
      00a0 - b3 b2 aa 2a 36 85 b1 ef-f6 b6 59 42 7b b4 bd 78   ...*6.....YB{..x
      00b0 - a8 88 af 3f c6 82 2d 29-7b 72 d5 0c 00 64 ee 16   ...?..-){r...d..
      00c0 - 9f 39 0d 27 1a c2 ba 42-13 76 d5 05 b5 14 5e d9   .9.'...B.v....^.
      00d0 - a1 26 fb 5b ca 73 b1 a0-3c b1 40 47 8a af da d8   .&.[.s..<.@G....
      00e0 - 0a e1 2d 4e ad c8 6d c4-e5 fa 51 cb b2 9c 1f d9   ..-N..m...Q.....
      00f0 - 61 d1 3a 8f d3 d0 e3 0a-0c 97 7c 54 f6 84 41 61   a.:.......|T..Aa

可以看出这个CERT.RSA中实际主要包含了:

– HASH算法

– 公钥证书

– 数字签名

这3个部分内容。

我们将公钥证书的ASN1数据解析出来:

openssl asn1parse -inform PEM -in platform.x509.pem -dump > publickey_asn1.txt

代码语言:javascript复制
    0:d=0  hl=4 l= 945 cons: SEQUENCE          
    4:d=1  hl=4 l= 665 cons: SEQUENCE          
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]        
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   13:d=2  hl=2 l=   9 prim: INTEGER           :8B9E3C007FCAEFAB
   24:d=2  hl=2 l=  13 cons: SEQUENCE          
   26:d=3  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
   37:d=3  hl=2 l=   0 prim: NULL              
   39:d=2  hl=2 l= 111 cons: SEQUENCE          
   41:d=3  hl=2 l=  11 cons: SET               
   43:d=4  hl=2 l=   9 cons: SEQUENCE          
   45:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   50:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :CN
   54:d=3  hl=2 l=  17 cons: SET               
   56:d=4  hl=2 l=  15 cons: SEQUENCE          
   58:d=5  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
   63:d=5  hl=2 l=   8 prim: UTF8STRING        :ShangHai
   73:d=3  hl=2 l=  16 cons: SET               
   75:d=4  hl=2 l=  14 cons: SEQUENCE          
   77:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   82:d=5  hl=2 l=   7 prim: UTF8STRING        :BASEWIN
   91:d=3  hl=2 l=  36 cons: SET               
   93:d=4  hl=2 l=  34 cons: SEQUENCE          
   95:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  100:d=5  hl=2 l=  27 prim: UTF8STRING        :Shanghai Basewin Technology
  129:d=3  hl=2 l=  21 cons: SET               
  131:d=4  hl=2 l=  19 cons: SEQUENCE          
  133:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  138:d=5  hl=2 l=  12 prim: UTF8STRING        :Android Team
  152:d=2  hl=2 l=  30 cons: SEQUENCE          
  154:d=3  hl=2 l=  13 prim: UTCTIME           :171129070139Z
  169:d=3  hl=2 l=  13 prim: UTCTIME           :450416070139Z
  184:d=2  hl=2 l= 111 cons: SEQUENCE          
  186:d=3  hl=2 l=  11 cons: SET               
  188:d=4  hl=2 l=   9 cons: SEQUENCE          
  190:d=5  hl=2 l=   3 prim: OBJECT            :countryName
  195:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :CN
  199:d=3  hl=2 l=  17 cons: SET               
  201:d=4  hl=2 l=  15 cons: SEQUENCE          
  203:d=5  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
  208:d=5  hl=2 l=   8 prim: UTF8STRING        :ShangHai
  218:d=3  hl=2 l=  16 cons: SET               
  220:d=4  hl=2 l=  14 cons: SEQUENCE          
  222:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
  227:d=5  hl=2 l=   7 prim: UTF8STRING        :BASEWIN
  236:d=3  hl=2 l=  36 cons: SET               
  238:d=4  hl=2 l=  34 cons: SEQUENCE          
  240:d=5  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  245:d=5  hl=2 l=  27 prim: UTF8STRING        :Shanghai Basewin Technology
  274:d=3  hl=2 l=  21 cons: SET               
  276:d=4  hl=2 l=  19 cons: SEQUENCE          
  278:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  283:d=5  hl=2 l=  12 prim: UTF8STRING        :Android Team
  297:d=2  hl=4 l= 290 cons: SEQUENCE          
  301:d=3  hl=2 l=  13 cons: SEQUENCE          
  303:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  314:d=4  hl=2 l=   0 prim: NULL              
  316:d=3  hl=4 l= 271 prim: BIT STRING        
      0000 - 00 30 82 01 0a 02 82 01-01 00 de f6 1b 53 79 14   .0...........Sy.
      0010 - a5 0e bd 3b 0b 91 2d be-1a 6c e9 c6 2e 01 15 75   ...;..-..l.....u
      0020 - 4b 6c b6 09 39 e2 48 82-ef 04 59 38 06 da f3 c9   Kl..9.H...Y8....
      0030 - 9c 46 89 e2 93 ff f5 13-bd 68 33 95 67 0c e1 ae   .F.......h3.g...
      0040 - 97 c2 27 cf a4 ee 94 d3-9f 54 62 b3 a7 4c 4a ec   ..'......Tb..LJ.
      0050 - 70 1f 9e 1b 8d 5f 4c 07-36 91 63 86 a0 b0 65 4f   p...._L.6.c...eO
      0060 - bf cc 49 04 11 00 47 9e-7d 99 05 d0 ec 5f 31 17   ..I...G.}...._1.
      0070 - 56 46 61 69 39 02 6c e8-2d ea 94 c5 66 64 38 32   VFai9.l.-...fd82
      0080 - 9a 9e 5d ad a9 d4 61 16-a9 6c 29 21 2e 62 82 78   ..]...a..l)!.b.x
      0090 - d3 69 0c 2d ed 72 aa 3f-9e 6f 6a a1 e1 ab 01 e5   .i.-.r.?.oj.....
      00a0 - 31 b3 fc ee e5 50 4f f6-8e cc 2f d1 12 be 47 74   1....PO.../...Gt
      00b0 - df 04 d8 70 ca bf 5d 01-5b 44 14 83 0e 9d 19 f0   ...p..].[D......
      00c0 - 29 8f 7e ff 49 c0 2d 82-24 74 2f 98 2a 2a 6d 78   ).~.I.-.$t/.**mx
      00d0 - 7b b5 8c 4d b9 d9 01 35-72 03 f7 ce 0d 18 57 ee   {..M...5r.....W.
      00e0 - f9 25 66 90 84 cf a5 74-9e b8 7d ca cc 1d 4a 67   .%f....t..}...Jg
      00f0 - 61 af e9 1a 9b d7 56 b3-38 30 f7 10 07 61 f1 1e   a.....V.80...a..
      0100 - 4b 0b bd 1d dc bc 62 22-48 fb 02 03 01 00 01      K.....b"H......
  591:d=2  hl=2 l=  80 cons: cont [ 3 ]        
  593:d=3  hl=2 l=  78 cons: SEQUENCE          
  595:d=4  hl=2 l=  29 cons: SEQUENCE          
  597:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  602:d=5  hl=2 l=  22 prim: OCTET STRING      
      0000 - 04 14 45 31 44 f3 b3 28-99 2c a5 3b fb 17 6e 8d   ..E1D..(.,.;..n.
      0010 - 96 48 53 a7 91 41                                 .HS..A
  626:d=4  hl=2 l=  31 cons: SEQUENCE          
  628:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
  633:d=5  hl=2 l=  24 prim: OCTET STRING      
      0000 - 30 16 80 14 45 31 44 f3-b3 28 99 2c a5 3b fb 17   0...E1D..(.,.;..
      0010 - 6e 8d 96 48 53 a7 91 41-                          n..HS..A
  659:d=4  hl=2 l=  12 cons: SEQUENCE          
  661:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
  666:d=5  hl=2 l=   5 prim: OCTET STRING      
      0000 - 30 03 01 01 ff                                    0....
  673:d=1  hl=2 l=  13 cons: SEQUENCE          
  675:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
  686:d=2  hl=2 l=   0 prim: NULL              
  688:d=1  hl=4 l= 257 prim: BIT STRING        
      0000 - 00 5e a0 ef 2f ff e8 0b-6f d0 c9 c5 00 03 74 88   .^../...o.....t.
      0010 - 20 de d3 ab 6c 33 a1 20-1c 6c c6 94 11 c0 58 a3    ...l3. .l....X.
      0020 - 2e 7b 2a 50 34 3e fd 3f-4c 42 f7 48 e8 fb 43 4c   .{*P4>.?LB.H..CL
      0030 - 48 ed cd 2b 22 cb 6d 11-69 cc 41 ff d5 42 f9 d2   H.. ".m.i.A..B..
      0040 - 8b 7f 5a 43 38 f3 6d f3-a3 66 94 be 7f f0 39 57   ..ZC8.m..f....9W
      0050 - 6c 9c e6 a3 4f a8 6f 43-ea 10 60 61 96 e2 0b 88   l...O.oC..`a....
      0060 - 1c 30 99 be 19 4d 92 4a-d4 a4 74 e6 89 16 dc 96   .0...M.J..t.....
      0070 - 69 62 e5 76 ab 5e 59 7a-f0 16 b0 e2 5d f3 04 50   ib.v.^Yz....]..P
      0080 - a2 40 4e c9 b0 ed 21 0e-5f 85 44 5b 1d c9 eb e9   .@N...!._.D[....
      0090 - 7e a1 13 37 92 e1 b4 1d-54 78 c5 75 7f cf 73 ff   ~..7....Tx.u..s.
      00a0 - 6e f0 57 b9 9f 58 83 37-2f bc 0c 02 64 39 ec a6   n.W..X.7/...d9..
      00b0 - 64 38 10 95 3f 7e d5 de-51 76 fc 27 86 16 31 a1   d8..?~..Qv.'..1.
      00c0 - 72 ed 41 dc 32 fb 09 9b-2e 88 68 52 24 b9 f4 60   r.A.2.....hR$..`
      00d0 - f0 7e c2 67 20 64 2f 27-c1 58 b6 f5 eb 44 96 2e   .~.g d/'.X...D..
      00e0 - 08 0c b3 c7 79 5f b6 7f-df 30 bd f0 fe f2 89 2d   ....y_...0.....-
      00f0 - b7 22 6d cc 79 80 fd c8-42 9a 33 3a 00 fb 43 e0   ."m.y...B.3:..C.
      0100 - 4d                                                M

对比可以发现,在CERT.RSA中,原封不动的包含了公钥证书的内容。

然后我们尝试将CERT.RSA末尾的RSA加密数据,如下:

代码语言:javascript复制
31bffd6188013fd8d6e616b794c05ef9
b4f0a929e662ad68ef8295f4f8078bd0
16c6cb552266ac50fef89cd3f08d619d
7bec8020047aa7ff4207b819d5999cc1
350b09cad626505c7b95843845acdad2
2b6bad87616c391d2e3bb16a36b19c44
9d7bde1d8bd18038f39557400821125c
06f249b2f4ec4eb94a00c59127055b55
5171942ac9e0bf0e4c5dd40814f2cf4d
8cf14e35e0832ba956ddc45a93c86f7f
b3b2aa2a3685b1eff6b659427bb4bd78
a888af3fc6822d297b72d50c0064ee16
9f390d271ac2ba421376d505b5145ed9
a126fb5bca73b1a03cb140478aafdad8
0ae12d4eadc86dc4e5fa51cbb29c1fd9
61d13a8fd3d0e30a0c977c54f6844161

使用公钥解密得到:

代码语言:javascript复制
3031300D06096086480165030402010500042002B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872

将这个内容按二进制保存为 sign.bin,使用openssl将其按照DER编码进行ASN1解析:

openssl asn1parse -inform DER -in sign.bin

得到如下内容:

代码语言:javascript复制
    0:d=0  hl=2 l=  49 cons: SEQUENCE
    2:d=1  hl=2 l=  13 cons: SEQUENCE
    4:d=2  hl=2 l=   9 prim: OBJECT            :sha256
   15:d=2  hl=2 l=   0 prim: NULL
   17:d=1  hl=2 l=  32 prim: OCTET STRING      [HEX DUMP]:02B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872

可以看出,这是一个ASN1描述的签名结构,其中包含:

– 算法描述: SHA256

– HASH值: 02B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872

我们使用SHA256对文件CERT.SF计算HASH,可以得到:

SHA256(CERT.SF) = 02B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872

说明:签名是使用私钥对CERT.SF来签名的,与其他内容无关。

发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/143992.html原文链接:https://javaforall.cn

0 人点赞