大家好,又见面了,我是你们的朋友全栈君。
本文最好对照我的 APK签名解析示例进行阅读.
示例中的关键文件说明:
- keys – 存放签名公私钥的目录
- signed_logcat.apk – 已经使用keys目录中的密钥签名后的apk
- signed_logcat – signed_logcat.apk解压出来的内容
- sign.cmd – 对apk签名的批处理命令
- signapk.jar – java版本的apk签名工具
APK签名过程示意图
安卓的签名实际就是产生 MANIFEST.MF/ CERT.SF/ CERT.RSA这3个文件的过程。
背景知识:
1. APK本身是ZIP格式,签名前后都没有变化。
2. APK签名后,默认使用最高zip压缩率打包,但不用最高压缩也没问题。
3. HASH算法需要与公钥证书的签名算法的HASH算法一致。
4. 产生出3个APK签名核心文件后,将其放置到META-INF目录下,然后打包即可
5. 有的应用会校验其ZIP包的注释内容,需要注意签名前后不能改变注释内容
解析MANIFEST.MF
这个文件中列出了apk包中的所有文件(META-INF目录除外),并计算了每个文件的HASH值.
signed_logcat目录下内容如下:
代码语言:javascript复制│ AndroidManifest.xml
│ classes.dex
│ resources.arsc
│
├─META-INF
│ CERT.RSA
│ CERT.SF
│ MANIFEST.MF
│
└─res
├─drawable-hdpi
│ ic_launcher.png
│
├─drawable-ldpi
│ ic_launcher.png
│
├─drawable-mdpi
│ ic_launcher.png
│
├─layout
│ about.xml
│ filterinfo.xml
│ log_item.xml
│ main.xml
│
├─menu
│ menu.xml
│
└─xml
filter_edit.xml
setting.xml
去除META-INF下的3个目录,共计13个文件节点(目录节点不算)。
MANIFEST.MF中的内容如下:
代码语言:javascript复制Manifest-Version: 1.0
Created-By: 1.0 (Android)
Name: res/drawable-ldpi/ic_launcher.png
SHA-256-Digest: 3W4u5DW0c73Y7ktvX/eEojCOqw4pWbL2FLLrOc4QCPg=
SHA1-Digest: Gptf3OFSHAJiqt1ruVWuAcXNPGQ=
Name: AndroidManifest.xml
SHA-256-Digest: RSv5GlsEuF5k5Sr5ri5g7XFH5VkpKWKoIKwNuE6xnHA=
SHA1-Digest: 5Mv14ygoWNrctE3N5Qr6Xt7QD9w=
Name: res/layout/filterinfo.xml
SHA-256-Digest: 7r1eNNO7rjKHMS0tp0HpRYiaejmXQawtosicJ x5oV8=
SHA1-Digest: w839vKNz3A6vUrMnKHYomzPu qg=
Name: res/drawable-mdpi/ic_launcher.png
SHA-256-Digest: nfDi95TP2Zfs/p53R1kFMjS96eTKyovB2a aQhvpLDQ=
SHA1-Digest: SxiY/cJC5brgQo8fLfEh5u0 ldE=
Name: res/xml/setting.xml
SHA-256-Digest: tlKeyI3BI6QXRSmGWwHq9dAmCZl2001mJR73x372wVM=
SHA1-Digest: c0LK1yCxbLYFIGcczERaOfrXFGs=
Name: res/layout/main.xml
SHA-256-Digest: e25lMknIWEBaN79jK52vNoEuoH/zE7/J/QERxfKZxaM=
SHA1-Digest: LbSuE4 ynfywAdeM0So/iJSD5M=
Name: res/xml/filter_edit.xml
SHA-256-Digest: iOosC7O4 ZWmNG 7Ar1DEJBPp/RauMwdXG6oJ0PNiKo=
SHA1-Digest: pa42Lkz/v5S0CvO omGTpqtBB8E=
Name: res/layout/about.xml
SHA-256-Digest: cnaekKTY/DLyrzOUsf4A0Iq2GXLb7Npx5x8mTB2MlAM=
SHA1-Digest: HXxqOc4C1s3/mctREtlbqQuhUns=
Name: resources.arsc
SHA-256-Digest: UjmlzwOkRWFqbHiaS8TGsvv VVa4m8Kdv3bRBgOLU Q=
SHA1-Digest: CdvYBpUApJDwBcQvEA3Mk4 Q0hU=
Name: res/drawable-hdpi/ic_launcher.png
SHA-256-Digest: /9NqWE4MJ9MRZdaBPn403c4d6aqOOB0puK9wl7b1RIs=
SHA1-Digest: MHMvWYw9KpOlC 0rPifkm4g6e5M=
Name: res/layout/log_item.xml
SHA-256-Digest: RmnzQ7BRWIBxX/Dxcy2YsAHfazUXf6Y7Yc1JDvY0TE0=
SHA1-Digest: qU88yXe1lk6O5rhdNrNkadLRudA=
Name: res/menu/menu.xml
SHA-256-Digest: frL0Sjtd7OC6JHMyNHFYOQyR8vJWiFwyQME84lsFgP0=
SHA1-Digest: MaJpFnlCF7PqVq/Ms 2Z6HxzCvg=
Name: classes.dex
SHA-256-Digest: YsJR8PGYOy2N/aIsmNab2duvO8alJsdVDkYV80kHTOQ=
SHA1-Digest: tvuP2FFB2CfeneIOJ9RVW7QB1Gc=
MANIFEST.MF文件中,除去文件头外,共有13个节点,每个节点以Name开始,以0D0A0D0A(rnrn)结束.
Name:后面是文件路径
SHA-256-Digest:后面是对应文件的sha256 HASH值(base64编码)
SHA1-Digest:后面是对应文件的sha1 HASH值(base64编码)
以下面这个节点为例:
代码语言:javascript复制Name: AndroidManifest.xml
SHA-256-Digest: RSv5GlsEuF5k5Sr5ri5g7XFH5VkpKWKoIKwNuE6xnHA=
SHA1-Digest: 5Mv14ygoWNrctE3N5Qr6Xt7QD9w=
我们使用HASH工具计算AndroidManifest.xml的SHA1和SHA256值,得到:
SHA1: E4CBF5E3282858DADCB44DCDE50AFA5EDED00FDC
SHA256: 452BF91A5B04B85E64E52AF9AE2E60ED7147E559292962A820AC0DB84EB19C70
将上面的编码从HEX转换为Base64后:
SHA1: 5Mv14ygoWNrctE3N5Qr6Xt7QD9w=
SHA256: RSv5GlsEuF5k5Sr5ri5g7XFH5VkpKWKoIKwNuE6xnHA=
可以看到与MANIFEST.MF文件中的内容是一致的。
解析CERT.SF
CERT.SF的第一个节点:
代码语言:javascript复制Signature-Version: 1.0
SHA-256-Digest-Manifest: YfBiVXqW6JS XDa/gmbgSL3KmFncWVragRk/gJfjQE=
Created-By: 1.0 (Android SignApk)
其中的SHA-256-Digest-Manifest后面的HASH是MANIFEST.MF文件的SHA256 HASH值。
MANIFEST.MF文件的SHA256: F987C18955EA5BA252F970DAFE099B8122F72A616771656B6A0464FE025F8D01
转换为base64编码: YfBiVXqW6JS XDa/gmbgSL3KmFncWVragRk/gJfjQE=
CERT.SF之后的每个节点顺序与MANIFEST.MF中的节点顺序一致,以CERT.SF中的一个节点为例:
代码语言:javascript复制Name: res/drawable-ldpi/ic_launcher.png
SHA-256-Digest: KgPMKmwuRBe1QZZEItS/jS vpNKTsJC0Ve2RPCWX7eE=
Name: 后面是文件路径,与MANIFEST.MF中对应节点的Name内容一致。
SHA-256-Digest:
– 由于签名密钥中的签名算法使用了SHA256withRSA算法,所以这里输出的是SHA256 HASH.
– HASH原始的数据来源是MANIFEST.MF中对应的节点,此例中的源数据内容为:
代码语言:javascript复制Name: res/drawable-ldpi/ic_launcher.png
SHA-256-Digest: 3W4u5DW0c73Y7ktvX/eEojCOqw4pWbL2FLLrOc4QCPg=
SHA1-Digest: Gptf3OFSHAJiqt1ruVWuAcXNPGQ=
上面源数据, 包含两个rn.
上面这个源数据算出来的SHA256: 2A03CC2A6C2E4417B541964422D4BF8D2FAFA4D293B090B455ED913C2597EDE1
转换为base64编码:KgPMKmwuRBe1QZZEItS/jS vpNKTsJC0Ve2RPCWX7eE=
与CERT.SF中的结果一致。
解析CERT.RSA
这个文件是一个DER编码格式的PKCS7签名文件。
使用Openssl可以对其进行解析:
openssl asn1parse -inform DER -in CERT.RSA -dump > CERT.RSA.txt
代码语言:javascript复制 0:d=0 hl=4 l=1432 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1417 cons: cont [ 0 ]
19:d=2 hl=4 l=1413 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 15 cons: SET
28:d=4 hl=2 l= 13 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha256
41:d=5 hl=2 l= 0 prim: NULL
43:d=3 hl=2 l= 11 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=3 hl=4 l= 949 cons: cont [ 0 ]
60:d=4 hl=4 l= 945 cons: SEQUENCE
64:d=5 hl=4 l= 665 cons: SEQUENCE
68:d=6 hl=2 l= 3 cons: cont [ 0 ]
70:d=7 hl=2 l= 1 prim: INTEGER :02
73:d=6 hl=2 l= 9 prim: INTEGER :8B9E3C007FCAEFAB
84:d=6 hl=2 l= 13 cons: SEQUENCE
86:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
97:d=7 hl=2 l= 0 prim: NULL
99:d=6 hl=2 l= 111 cons: SEQUENCE
101:d=7 hl=2 l= 11 cons: SET
103:d=8 hl=2 l= 9 cons: SEQUENCE
105:d=9 hl=2 l= 3 prim: OBJECT :countryName
110:d=9 hl=2 l= 2 prim: PRINTABLESTRING :CN
114:d=7 hl=2 l= 17 cons: SET
116:d=8 hl=2 l= 15 cons: SEQUENCE
118:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
123:d=9 hl=2 l= 8 prim: UTF8STRING :ShangHai
133:d=7 hl=2 l= 16 cons: SET
135:d=8 hl=2 l= 14 cons: SEQUENCE
137:d=9 hl=2 l= 3 prim: OBJECT :organizationName
142:d=9 hl=2 l= 7 prim: UTF8STRING :BASEWIN
151:d=7 hl=2 l= 36 cons: SET
153:d=8 hl=2 l= 34 cons: SEQUENCE
155:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
160:d=9 hl=2 l= 27 prim: UTF8STRING :Shanghai Basewin Technology
189:d=7 hl=2 l= 21 cons: SET
191:d=8 hl=2 l= 19 cons: SEQUENCE
193:d=9 hl=2 l= 3 prim: OBJECT :commonName
198:d=9 hl=2 l= 12 prim: UTF8STRING :Android Team
212:d=6 hl=2 l= 30 cons: SEQUENCE
214:d=7 hl=2 l= 13 prim: UTCTIME :171129070139Z
229:d=7 hl=2 l= 13 prim: UTCTIME :450416070139Z
244:d=6 hl=2 l= 111 cons: SEQUENCE
246:d=7 hl=2 l= 11 cons: SET
248:d=8 hl=2 l= 9 cons: SEQUENCE
250:d=9 hl=2 l= 3 prim: OBJECT :countryName
255:d=9 hl=2 l= 2 prim: PRINTABLESTRING :CN
259:d=7 hl=2 l= 17 cons: SET
261:d=8 hl=2 l= 15 cons: SEQUENCE
263:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
268:d=9 hl=2 l= 8 prim: UTF8STRING :ShangHai
278:d=7 hl=2 l= 16 cons: SET
280:d=8 hl=2 l= 14 cons: SEQUENCE
282:d=9 hl=2 l= 3 prim: OBJECT :organizationName
287:d=9 hl=2 l= 7 prim: UTF8STRING :BASEWIN
296:d=7 hl=2 l= 36 cons: SET
298:d=8 hl=2 l= 34 cons: SEQUENCE
300:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
305:d=9 hl=2 l= 27 prim: UTF8STRING :Shanghai Basewin Technology
334:d=7 hl=2 l= 21 cons: SET
336:d=8 hl=2 l= 19 cons: SEQUENCE
338:d=9 hl=2 l= 3 prim: OBJECT :commonName
343:d=9 hl=2 l= 12 prim: UTF8STRING :Android Team
357:d=6 hl=4 l= 290 cons: SEQUENCE
361:d=7 hl=2 l= 13 cons: SEQUENCE
363:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
374:d=8 hl=2 l= 0 prim: NULL
376:d=7 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 de f6 1b 53 79 14 .0...........Sy.
0010 - a5 0e bd 3b 0b 91 2d be-1a 6c e9 c6 2e 01 15 75 ...;..-..l.....u
0020 - 4b 6c b6 09 39 e2 48 82-ef 04 59 38 06 da f3 c9 Kl..9.H...Y8....
0030 - 9c 46 89 e2 93 ff f5 13-bd 68 33 95 67 0c e1 ae .F.......h3.g...
0040 - 97 c2 27 cf a4 ee 94 d3-9f 54 62 b3 a7 4c 4a ec ..'......Tb..LJ.
0050 - 70 1f 9e 1b 8d 5f 4c 07-36 91 63 86 a0 b0 65 4f p...._L.6.c...eO
0060 - bf cc 49 04 11 00 47 9e-7d 99 05 d0 ec 5f 31 17 ..I...G.}...._1.
0070 - 56 46 61 69 39 02 6c e8-2d ea 94 c5 66 64 38 32 VFai9.l.-...fd82
0080 - 9a 9e 5d ad a9 d4 61 16-a9 6c 29 21 2e 62 82 78 ..]...a..l)!.b.x
0090 - d3 69 0c 2d ed 72 aa 3f-9e 6f 6a a1 e1 ab 01 e5 .i.-.r.?.oj.....
00a0 - 31 b3 fc ee e5 50 4f f6-8e cc 2f d1 12 be 47 74 1....PO.../...Gt
00b0 - df 04 d8 70 ca bf 5d 01-5b 44 14 83 0e 9d 19 f0 ...p..].[D......
00c0 - 29 8f 7e ff 49 c0 2d 82-24 74 2f 98 2a 2a 6d 78 ).~.I.-.$t/.**mx
00d0 - 7b b5 8c 4d b9 d9 01 35-72 03 f7 ce 0d 18 57 ee {..M...5r.....W.
00e0 - f9 25 66 90 84 cf a5 74-9e b8 7d ca cc 1d 4a 67 .%f....t..}...Jg
00f0 - 61 af e9 1a 9b d7 56 b3-38 30 f7 10 07 61 f1 1e a.....V.80...a..
0100 - 4b 0b bd 1d dc bc 62 22-48 fb 02 03 01 00 01 K.....b"H......
651:d=6 hl=2 l= 80 cons: cont [ 3 ]
653:d=7 hl=2 l= 78 cons: SEQUENCE
655:d=8 hl=2 l= 29 cons: SEQUENCE
657:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
662:d=9 hl=2 l= 22 prim: OCTET STRING
0000 - 04 14 45 31 44 f3 b3 28-99 2c a5 3b fb 17 6e 8d ..E1D..(.,.;..n.
0010 - 96 48 53 a7 91 41 .HS..A
686:d=8 hl=2 l= 31 cons: SEQUENCE
688:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
693:d=9 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 80 14 45 31 44 f3-b3 28 99 2c a5 3b fb 17 0...E1D..(.,.;..
0010 - 6e 8d 96 48 53 a7 91 41- n..HS..A
719:d=8 hl=2 l= 12 cons: SEQUENCE
721:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
726:d=9 hl=2 l= 5 prim: OCTET STRING
0000 - 30 03 01 01 ff 0....
733:d=5 hl=2 l= 13 cons: SEQUENCE
735:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
746:d=6 hl=2 l= 0 prim: NULL
748:d=5 hl=4 l= 257 prim: BIT STRING
0000 - 00 5e a0 ef 2f ff e8 0b-6f d0 c9 c5 00 03 74 88 .^../...o.....t.
0010 - 20 de d3 ab 6c 33 a1 20-1c 6c c6 94 11 c0 58 a3 ...l3. .l....X.
0020 - 2e 7b 2a 50 34 3e fd 3f-4c 42 f7 48 e8 fb 43 4c .{*P4>.?LB.H..CL
0030 - 48 ed cd 2b 22 cb 6d 11-69 cc 41 ff d5 42 f9 d2 H.. ".m.i.A..B..
0040 - 8b 7f 5a 43 38 f3 6d f3-a3 66 94 be 7f f0 39 57 ..ZC8.m..f....9W
0050 - 6c 9c e6 a3 4f a8 6f 43-ea 10 60 61 96 e2 0b 88 l...O.oC..`a....
0060 - 1c 30 99 be 19 4d 92 4a-d4 a4 74 e6 89 16 dc 96 .0...M.J..t.....
0070 - 69 62 e5 76 ab 5e 59 7a-f0 16 b0 e2 5d f3 04 50 ib.v.^Yz....]..P
0080 - a2 40 4e c9 b0 ed 21 0e-5f 85 44 5b 1d c9 eb e9 .@N...!._.D[....
0090 - 7e a1 13 37 92 e1 b4 1d-54 78 c5 75 7f cf 73 ff ~..7....Tx.u..s.
00a0 - 6e f0 57 b9 9f 58 83 37-2f bc 0c 02 64 39 ec a6 n.W..X.7/...d9..
00b0 - 64 38 10 95 3f 7e d5 de-51 76 fc 27 86 16 31 a1 d8..?~..Qv.'..1.
00c0 - 72 ed 41 dc 32 fb 09 9b-2e 88 68 52 24 b9 f4 60 r.A.2.....hR$..`
00d0 - f0 7e c2 67 20 64 2f 27-c1 58 b6 f5 eb 44 96 2e .~.g d/'.X...D..
00e0 - 08 0c b3 c7 79 5f b6 7f-df 30 bd f0 fe f2 89 2d ....y_...0.....-
00f0 - b7 22 6d cc 79 80 fd c8-42 9a 33 3a 00 fb 43 e0 ."m.y...B.3:..C.
0100 - 4d M
1009:d=3 hl=4 l= 423 cons: SET
1013:d=4 hl=4 l= 419 cons: SEQUENCE
1017:d=5 hl=2 l= 1 prim: INTEGER :01
1020:d=5 hl=2 l= 124 cons: SEQUENCE
1022:d=6 hl=2 l= 111 cons: SEQUENCE
1024:d=7 hl=2 l= 11 cons: SET
1026:d=8 hl=2 l= 9 cons: SEQUENCE
1028:d=9 hl=2 l= 3 prim: OBJECT :countryName
1033:d=9 hl=2 l= 2 prim: PRINTABLESTRING :CN
1037:d=7 hl=2 l= 17 cons: SET
1039:d=8 hl=2 l= 15 cons: SEQUENCE
1041:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
1046:d=9 hl=2 l= 8 prim: UTF8STRING :ShangHai
1056:d=7 hl=2 l= 16 cons: SET
1058:d=8 hl=2 l= 14 cons: SEQUENCE
1060:d=9 hl=2 l= 3 prim: OBJECT :organizationName
1065:d=9 hl=2 l= 7 prim: UTF8STRING :BASEWIN
1074:d=7 hl=2 l= 36 cons: SET
1076:d=8 hl=2 l= 34 cons: SEQUENCE
1078:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1083:d=9 hl=2 l= 27 prim: UTF8STRING :Shanghai Basewin Technology
1112:d=7 hl=2 l= 21 cons: SET
1114:d=8 hl=2 l= 19 cons: SEQUENCE
1116:d=9 hl=2 l= 3 prim: OBJECT :commonName
1121:d=9 hl=2 l= 12 prim: UTF8STRING :Android Team
1135:d=6 hl=2 l= 9 prim: INTEGER :8B9E3C007FCAEFAB
1146:d=5 hl=2 l= 13 cons: SEQUENCE
1148:d=6 hl=2 l= 9 prim: OBJECT :sha256
1159:d=6 hl=2 l= 0 prim: NULL
1161:d=5 hl=2 l= 13 cons: SEQUENCE
1163:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
1174:d=6 hl=2 l= 0 prim: NULL
1176:d=5 hl=4 l= 256 prim: OCTET STRING
0000 - 31 bf fd 61 88 01 3f d8-d6 e6 16 b7 94 c0 5e f9 1..a..?.......^.
0010 - b4 f0 a9 29 e6 62 ad 68-ef 82 95 f4 f8 07 8b d0 ...).b.h........
0020 - 16 c6 cb 55 22 66 ac 50-fe f8 9c d3 f0 8d 61 9d ...U"f.P......a.
0030 - 7b ec 80 20 04 7a a7 ff-42 07 b8 19 d5 99 9c c1 {.. .z..B.......
0040 - 35 0b 09 ca d6 26 50 5c-7b 95 84 38 45 ac da d2 5....&P{..8E...
0050 - 2b 6b ad 87 61 6c 39 1d-2e 3b b1 6a 36 b1 9c 44 k..al9..;.j6..D
0060 - 9d 7b de 1d 8b d1 80 38-f3 95 57 40 08 21 12 5c .{.....8..W@.!.
0070 - 06 f2 49 b2 f4 ec 4e b9-4a 00 c5 91 27 05 5b 55 ..I...N.J...'.[U
0080 - 51 71 94 2a c9 e0 bf 0e-4c 5d d4 08 14 f2 cf 4d Qq.*....L].....M
0090 - 8c f1 4e 35 e0 83 2b a9-56 dd c4 5a 93 c8 6f 7f ..N5.. .V..Z..o.
00a0 - b3 b2 aa 2a 36 85 b1 ef-f6 b6 59 42 7b b4 bd 78 ...*6.....YB{..x
00b0 - a8 88 af 3f c6 82 2d 29-7b 72 d5 0c 00 64 ee 16 ...?..-){r...d..
00c0 - 9f 39 0d 27 1a c2 ba 42-13 76 d5 05 b5 14 5e d9 .9.'...B.v....^.
00d0 - a1 26 fb 5b ca 73 b1 a0-3c b1 40 47 8a af da d8 .&.[.s..<.@G....
00e0 - 0a e1 2d 4e ad c8 6d c4-e5 fa 51 cb b2 9c 1f d9 ..-N..m...Q.....
00f0 - 61 d1 3a 8f d3 d0 e3 0a-0c 97 7c 54 f6 84 41 61 a.:.......|T..Aa
可以看出这个CERT.RSA中实际主要包含了:
– HASH算法
– 公钥证书
– 数字签名
这3个部分内容。
我们将公钥证书的ASN1数据解析出来:
openssl asn1parse -inform PEM -in platform.x509.pem -dump > publickey_asn1.txt
代码语言:javascript复制 0:d=0 hl=4 l= 945 cons: SEQUENCE
4:d=1 hl=4 l= 665 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 9 prim: INTEGER :8B9E3C007FCAEFAB
24:d=2 hl=2 l= 13 cons: SEQUENCE
26:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
37:d=3 hl=2 l= 0 prim: NULL
39:d=2 hl=2 l= 111 cons: SEQUENCE
41:d=3 hl=2 l= 11 cons: SET
43:d=4 hl=2 l= 9 cons: SEQUENCE
45:d=5 hl=2 l= 3 prim: OBJECT :countryName
50:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
54:d=3 hl=2 l= 17 cons: SET
56:d=4 hl=2 l= 15 cons: SEQUENCE
58:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
63:d=5 hl=2 l= 8 prim: UTF8STRING :ShangHai
73:d=3 hl=2 l= 16 cons: SET
75:d=4 hl=2 l= 14 cons: SEQUENCE
77:d=5 hl=2 l= 3 prim: OBJECT :organizationName
82:d=5 hl=2 l= 7 prim: UTF8STRING :BASEWIN
91:d=3 hl=2 l= 36 cons: SET
93:d=4 hl=2 l= 34 cons: SEQUENCE
95:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
100:d=5 hl=2 l= 27 prim: UTF8STRING :Shanghai Basewin Technology
129:d=3 hl=2 l= 21 cons: SET
131:d=4 hl=2 l= 19 cons: SEQUENCE
133:d=5 hl=2 l= 3 prim: OBJECT :commonName
138:d=5 hl=2 l= 12 prim: UTF8STRING :Android Team
152:d=2 hl=2 l= 30 cons: SEQUENCE
154:d=3 hl=2 l= 13 prim: UTCTIME :171129070139Z
169:d=3 hl=2 l= 13 prim: UTCTIME :450416070139Z
184:d=2 hl=2 l= 111 cons: SEQUENCE
186:d=3 hl=2 l= 11 cons: SET
188:d=4 hl=2 l= 9 cons: SEQUENCE
190:d=5 hl=2 l= 3 prim: OBJECT :countryName
195:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
199:d=3 hl=2 l= 17 cons: SET
201:d=4 hl=2 l= 15 cons: SEQUENCE
203:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
208:d=5 hl=2 l= 8 prim: UTF8STRING :ShangHai
218:d=3 hl=2 l= 16 cons: SET
220:d=4 hl=2 l= 14 cons: SEQUENCE
222:d=5 hl=2 l= 3 prim: OBJECT :organizationName
227:d=5 hl=2 l= 7 prim: UTF8STRING :BASEWIN
236:d=3 hl=2 l= 36 cons: SET
238:d=4 hl=2 l= 34 cons: SEQUENCE
240:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
245:d=5 hl=2 l= 27 prim: UTF8STRING :Shanghai Basewin Technology
274:d=3 hl=2 l= 21 cons: SET
276:d=4 hl=2 l= 19 cons: SEQUENCE
278:d=5 hl=2 l= 3 prim: OBJECT :commonName
283:d=5 hl=2 l= 12 prim: UTF8STRING :Android Team
297:d=2 hl=4 l= 290 cons: SEQUENCE
301:d=3 hl=2 l= 13 cons: SEQUENCE
303:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
314:d=4 hl=2 l= 0 prim: NULL
316:d=3 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 de f6 1b 53 79 14 .0...........Sy.
0010 - a5 0e bd 3b 0b 91 2d be-1a 6c e9 c6 2e 01 15 75 ...;..-..l.....u
0020 - 4b 6c b6 09 39 e2 48 82-ef 04 59 38 06 da f3 c9 Kl..9.H...Y8....
0030 - 9c 46 89 e2 93 ff f5 13-bd 68 33 95 67 0c e1 ae .F.......h3.g...
0040 - 97 c2 27 cf a4 ee 94 d3-9f 54 62 b3 a7 4c 4a ec ..'......Tb..LJ.
0050 - 70 1f 9e 1b 8d 5f 4c 07-36 91 63 86 a0 b0 65 4f p...._L.6.c...eO
0060 - bf cc 49 04 11 00 47 9e-7d 99 05 d0 ec 5f 31 17 ..I...G.}...._1.
0070 - 56 46 61 69 39 02 6c e8-2d ea 94 c5 66 64 38 32 VFai9.l.-...fd82
0080 - 9a 9e 5d ad a9 d4 61 16-a9 6c 29 21 2e 62 82 78 ..]...a..l)!.b.x
0090 - d3 69 0c 2d ed 72 aa 3f-9e 6f 6a a1 e1 ab 01 e5 .i.-.r.?.oj.....
00a0 - 31 b3 fc ee e5 50 4f f6-8e cc 2f d1 12 be 47 74 1....PO.../...Gt
00b0 - df 04 d8 70 ca bf 5d 01-5b 44 14 83 0e 9d 19 f0 ...p..].[D......
00c0 - 29 8f 7e ff 49 c0 2d 82-24 74 2f 98 2a 2a 6d 78 ).~.I.-.$t/.**mx
00d0 - 7b b5 8c 4d b9 d9 01 35-72 03 f7 ce 0d 18 57 ee {..M...5r.....W.
00e0 - f9 25 66 90 84 cf a5 74-9e b8 7d ca cc 1d 4a 67 .%f....t..}...Jg
00f0 - 61 af e9 1a 9b d7 56 b3-38 30 f7 10 07 61 f1 1e a.....V.80...a..
0100 - 4b 0b bd 1d dc bc 62 22-48 fb 02 03 01 00 01 K.....b"H......
591:d=2 hl=2 l= 80 cons: cont [ 3 ]
593:d=3 hl=2 l= 78 cons: SEQUENCE
595:d=4 hl=2 l= 29 cons: SEQUENCE
597:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
602:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 04 14 45 31 44 f3 b3 28-99 2c a5 3b fb 17 6e 8d ..E1D..(.,.;..n.
0010 - 96 48 53 a7 91 41 .HS..A
626:d=4 hl=2 l= 31 cons: SEQUENCE
628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
633:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 80 14 45 31 44 f3-b3 28 99 2c a5 3b fb 17 0...E1D..(.,.;..
0010 - 6e 8d 96 48 53 a7 91 41- n..HS..A
659:d=4 hl=2 l= 12 cons: SEQUENCE
661:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
666:d=5 hl=2 l= 5 prim: OCTET STRING
0000 - 30 03 01 01 ff 0....
673:d=1 hl=2 l= 13 cons: SEQUENCE
675:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
686:d=2 hl=2 l= 0 prim: NULL
688:d=1 hl=4 l= 257 prim: BIT STRING
0000 - 00 5e a0 ef 2f ff e8 0b-6f d0 c9 c5 00 03 74 88 .^../...o.....t.
0010 - 20 de d3 ab 6c 33 a1 20-1c 6c c6 94 11 c0 58 a3 ...l3. .l....X.
0020 - 2e 7b 2a 50 34 3e fd 3f-4c 42 f7 48 e8 fb 43 4c .{*P4>.?LB.H..CL
0030 - 48 ed cd 2b 22 cb 6d 11-69 cc 41 ff d5 42 f9 d2 H.. ".m.i.A..B..
0040 - 8b 7f 5a 43 38 f3 6d f3-a3 66 94 be 7f f0 39 57 ..ZC8.m..f....9W
0050 - 6c 9c e6 a3 4f a8 6f 43-ea 10 60 61 96 e2 0b 88 l...O.oC..`a....
0060 - 1c 30 99 be 19 4d 92 4a-d4 a4 74 e6 89 16 dc 96 .0...M.J..t.....
0070 - 69 62 e5 76 ab 5e 59 7a-f0 16 b0 e2 5d f3 04 50 ib.v.^Yz....]..P
0080 - a2 40 4e c9 b0 ed 21 0e-5f 85 44 5b 1d c9 eb e9 .@N...!._.D[....
0090 - 7e a1 13 37 92 e1 b4 1d-54 78 c5 75 7f cf 73 ff ~..7....Tx.u..s.
00a0 - 6e f0 57 b9 9f 58 83 37-2f bc 0c 02 64 39 ec a6 n.W..X.7/...d9..
00b0 - 64 38 10 95 3f 7e d5 de-51 76 fc 27 86 16 31 a1 d8..?~..Qv.'..1.
00c0 - 72 ed 41 dc 32 fb 09 9b-2e 88 68 52 24 b9 f4 60 r.A.2.....hR$..`
00d0 - f0 7e c2 67 20 64 2f 27-c1 58 b6 f5 eb 44 96 2e .~.g d/'.X...D..
00e0 - 08 0c b3 c7 79 5f b6 7f-df 30 bd f0 fe f2 89 2d ....y_...0.....-
00f0 - b7 22 6d cc 79 80 fd c8-42 9a 33 3a 00 fb 43 e0 ."m.y...B.3:..C.
0100 - 4d M
对比可以发现,在CERT.RSA中,原封不动的包含了公钥证书的内容。
然后我们尝试将CERT.RSA末尾的RSA加密数据,如下:
代码语言:javascript复制31bffd6188013fd8d6e616b794c05ef9
b4f0a929e662ad68ef8295f4f8078bd0
16c6cb552266ac50fef89cd3f08d619d
7bec8020047aa7ff4207b819d5999cc1
350b09cad626505c7b95843845acdad2
2b6bad87616c391d2e3bb16a36b19c44
9d7bde1d8bd18038f39557400821125c
06f249b2f4ec4eb94a00c59127055b55
5171942ac9e0bf0e4c5dd40814f2cf4d
8cf14e35e0832ba956ddc45a93c86f7f
b3b2aa2a3685b1eff6b659427bb4bd78
a888af3fc6822d297b72d50c0064ee16
9f390d271ac2ba421376d505b5145ed9
a126fb5bca73b1a03cb140478aafdad8
0ae12d4eadc86dc4e5fa51cbb29c1fd9
61d13a8fd3d0e30a0c977c54f6844161
使用公钥解密得到:
代码语言:javascript复制3031300D06096086480165030402010500042002B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872
将这个内容按二进制保存为 sign.bin,使用openssl将其按照DER编码进行ASN1解析:
openssl asn1parse -inform DER -in sign.bin
得到如下内容:
代码语言:javascript复制 0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:02B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872
可以看出,这是一个ASN1描述的签名结构,其中包含:
– 算法描述: SHA256
– HASH值: 02B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872
我们使用SHA256对文件CERT.SF计算HASH,可以得到:
SHA256(CERT.SF) = 02B42BA59860E069D19E079DEE7209F45B38B45F49082AD58427C80405A82872
说明:签名是使用私钥对CERT.SF来签名的,与其他内容无关。
发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/143992.html原文链接:https://javaforall.cn