云班课作业-数字证书编码ASN.1
实验内容
DER编码证书
序列号=1174(0x0496),证书签发者 DN="CN=Virtual CA,C=CN",证书持有者DN="CN=你的名字拼音, OU=Person,C=CN",证书有效期=20200222000000-20220222000000。
先解析一下指导书里面的 der 文件
perl -e 'print "\x30\x82\x02\xEC\x30\x82\x01\xD4\xA0\x03\x02\x01\x02\x02\x02\x04\x96\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x22\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x56\x69\x72\x74\x75\x61\x6C\x20\x43\x41\x30\x1E\x17\x0D\x31\x34\x30\x32\x32\x31\x31\x36\x30\x30\x30\x30\x5A\x17\x0D\x31\x36\x30\x32\x32\x31\x31\x36\x30\x30\x30\x30\x5A\x30\x32\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x0F\x30\x0D\x06\x03\x55\x04\x0B\x13\x06\x50\x65\x72\x73\x6F\x6E\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x5A\x48\x41\x4E\x47\x20\x53\x61\x6E\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xB4\xF6\xCF\x18\x3D\x5E\x8E\x1D\x46\x7A\x90\x7D\x8E\x41\xD2\xE3\xC8\xF1\xA3\xAE\xF3\x6D\x8A\x24\xFF\x55\x23\x25\xBD\xEB\x0C\xD0\x7B\x87\x36\x5D\x1F\x73\x98\x65\x3E\x57\x97\xF6\x65\x7D\x13\xE0\xE1\xB5\xFC\xBC\x38\x6F\x56\x3E\x57\x4E\xD6\x51\x1D\x13\x12\x7C\x33\xB3\x60\x31\x79\x32\x07\x97\xF3\x3C\x8B\x29\x0D\xB5\x78\x38\x93\xCE\x84\xE4\xA3\xDD\xFB\xF9\x25\x47\x1C\x72\xA6\x5E\x78\x02\xCF\xF3\x48\x9D\xCA\xD9\x00\x73\xDE\x4B\x16\x07\x52\x48\x20\x06\xF3\x4F\xCA\xA5\x2D\x66\x88\x95\xC6\x6C\xD6\x3F\x61\x34\xF7\xE3\x02\x03\x01\x00\x01\xA3\x81\x9F\x30\x81\x9c\x30\x0C\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x02\x30\x00\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x2C\x04\x87\x10\x60\xFC\x61\xF6\x2B\x64\x81\x3D\xFB\x66\x30\xDA\xF0\x73\xBC\x08\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x03\xF8\x30\x29\x06\x03\x55\x1D\x25\x04\x22\x30\x20\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x04\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x05\xA0\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x96\xF0\x94\xF8\x49\x8D\x23\x05\x86\xB0\xCA\xB5\x2D\x7A\x9A\x60\x32\xFB\xB0\xF9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8D\x42\xAD\x5C\xDF\xC7\xC7\x90\xFA\x58\xC0\x74\x15\xC6\x4F\x20\x9B\xF1\x49\x9C\xB8\x3C\x22\x98\x45\x75\xA6\x0D\x7C\x02\x9D\x83\x1D\xC4\x5D\xCF\x4F\x8E\x57\xE7\x0A\x9B\x67\x02\x33\x23\x59\x76\xB4\xB5\xB7\xF3\x27\x36\x6F\xF4\x32\x6C\x1C\xE9\xB3\x4B\x81\xDC\xD0\xCF\x2E\xCF\x07\x4C\x65\x75\x74\xDF\x23\x9D\x7D\x2B\xE4\xF1\x15\x0C\x84\x61\x41\x5F\xDC\x67\x92\xA9\x7C\x39\xA0\xCA\xA9\x58\x6B\xED\x7D\x94\x08\xF7\x83\x42\x61\xF8\x62\xD8\xDC\x3B\x5D\xB7\x69\x5C\xD0\x36\xF2\x99\xA8\x0C\x99\x6E\xB0\x0C\x21\xE3\x98\x9F\x12\x6D\xD1\x76\x4E\x0C\x31\xCB\x7F\x54\x73\xFE\x96\x83\x76\x35\x22\x2F\xBF\xF6\x2B\x11\x04\x3A\xA7\xBE\x33\x3C\xD5\xDA\xEE\x56\x7A\xC4\x1A\x67\x3B\x77\xDE\x52\xC0\xDA\x09\xCA\x45\x71\x11\xB2\xD5\x35\xBF\x44\x54\x08\xC2\xFA\x0C\x5C\xEF\xC0\xEF\x82\x63\x37\x3C\x4C\xAB\x59\x4C\xFD\x6C\x2A\x9D\x64\x27\x35\x4E\x4F\xD8\x2E\x2C\x5C\xEB\xA1\x99\xDB\xFA\x3A\x53\x54\x13\x92\x91\x5D\x8F\x38\xDD\x1C\xD8\xAB\x34\x22\x9A\xEF\x8A\xE4\x62\xC2\x23\x9D\x06\xA5\xD7\xD8\x58\xB7\xF4\x98\xCA\x61\x29\x9D\xDE\xA8\xF6\xDA\xCC\x81"' > a.der
openssl asn1parse -i -inform der -in a.der
0:d=0 hl=4 l= 748 cons: SEQUENCE
4:d=1 hl=4 l= 468 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 2 prim: INTEGER :0496
17:d=2 hl=2 l= 13 cons: SEQUENCE
19:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
30:d=3 hl=2 l= 0 prim: NULL
32:d=2 hl=2 l= 34 cons: SEQUENCE
34:d=3 hl=2 l= 11 cons: SET
36:d=4 hl=2 l= 9 cons: SEQUENCE
38:d=5 hl=2 l= 3 prim: OBJECT :countryName
43:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
47:d=3 hl=2 l= 19 cons: SET
49:d=4 hl=2 l= 17 cons: SEQUENCE
51:d=5 hl=2 l= 3 prim: OBJECT :commonName
56:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Virtual CA
68:d=2 hl=2 l= 30 cons: SEQUENCE
70:d=3 hl=2 l= 13 prim: UTCTIME :140221160000Z
85:d=3 hl=2 l= 13 prim: UTCTIME :160221160000Z
100:d=2 hl=2 l= 50 cons: SEQUENCE
102:d=3 hl=2 l= 11 cons: SET
104:d=4 hl=2 l= 9 cons: SEQUENCE
106:d=5 hl=2 l= 3 prim: OBJECT :countryName
111:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
115:d=3 hl=2 l= 15 cons: SET
117:d=4 hl=2 l= 13 cons: SEQUENCE
119:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
124:d=5 hl=2 l= 6 prim: PRINTABLESTRING :Person
132:d=3 hl=2 l= 18 cons: SET
134:d=4 hl=2 l= 16 cons: SEQUENCE
136:d=5 hl=2 l= 3 prim: OBJECT :commonName
141:d=5 hl=2 l= 9 prim: PRINTABLESTRING :ZHANG San
152:d=2 hl=3 l= 159 cons: SEQUENCE
155:d=3 hl=2 l= 13 cons: SEQUENCE
157:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
168:d=4 hl=2 l= 0 prim: NULL
170:d=3 hl=3 l= 141 prim: BIT STRING
314:d=2 hl=3 l= 159 cons: cont [ 3 ]
317:d=3 hl=3 l= 156 cons: SEQUENCE
320:d=4 hl=2 l= 12 cons: SEQUENCE
322:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
327:d=5 hl=2 l= 1 prim: BOOLEAN :255
330:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
334:d=4 hl=2 l= 29 cons: SEQUENCE
336:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Ident
341:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04142C04871060
365:d=4 hl=2 l= 14 cons: SEQUENCE
367:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
372:d=5 hl=2 l= 1 prim: BOOLEAN :255
375:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030203F8
381:d=4 hl=2 l= 41 cons: SEQUENCE
383:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usag
388:d=5 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:302006082B0601
424:d=4 hl=2 l= 17 cons: SEQUENCE
426:d=5 hl=2 l= 9 prim: OBJECT :Netscape Cert Type
437:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
443:d=4 hl=2 l= 31 cons: SEQUENCE
445:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Ide
450:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:3016801496F094
476:d=1 hl=2 l= 13 cons: SEQUENCE
478:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
489:d=2 hl=2 l= 0 prim: NULL
491:d=1 hl=4 l= 257 prim: BIT STRING
与 x509 证书的各个字段匹配一下
SEQUENCE /*Certificate*/
SEQUENCE /*Data*/
cont [ 0 ] /*Version*/
INTEGER :02
INTEGER :0496 /*Serial Number*/
SEQUENCE /*Signature Algorithm*/
OBJECT :sha1WithRSAEncryption
NULL
SEQUENCE /*Issuer 颁发者信息*/
SET
SEQUENCE /*C*/
OBJECT :countryName
PRINTABLESTRING :CN
SET
SEQUENCE /*CN*/
OBJECT :commonName
PRINTABLESTRING :Virtual CA
SEQUENCE /*Validity 有效期*/
UTCTIME :140221160000Z /*Not Before*/
UTCTIME :160221160000Z /*Not After */
SEQUENCE /*Subject 持有者信息*/
SET
SEQUENCE /*C*/
OBJECT :countryName
PRINTABLESTRING :CN
SET
SEQUENCE /*OU*/
OBJECT :organizationalUnitName
PRINTABLESTRING :Person
SET
SEQUENCE /*CN*/
OBJECT :commonName
PRINTABLESTRING :ZHANG San
SEQUENCE /*持有者公钥信息*/
SEQUENCE /*公钥算法*/
OBJECT :rsaEncryption
NULL
BIT STRING /*公钥值*/
cont [ 3 ]
SEQUENCE /*X509v3拓展字段*/
SEQUENCE
OBJECT :X509v3 Basic Constraints
BOOLEAN :255
OCTET STRING [HEX DUMP]:3000
SEQUENCE
OBJECT :X509v3 Subject Key Ident
OCTET STRING [HEX DUMP]:04142C04871060
SEQUENCE
OBJECT :X509v3 Key Usage
BOOLEAN :255
OCTET STRING [HEX DUMP]:030203F8
SEQUENCE
OBJECT :X509v3 Extended Key Usag
OCTET STRING [HEX DUMP]:302006082B0601
SEQUENCE
OBJECT :Netscape Cert Type
OCTET STRING [HEX DUMP]:030205A0
SEQUENCE
OBJECT :X509v3 Authority Key Ide
OCTET STRING [HEX DUMP]:3016801496F094
SEQUENCE /*颁发者对证书的数字签名信息*/
OBJECT :sha1WithRSAEncryption /*签名算法*/
NULL
BIT STRING /*签名值*/
使用16进制编辑器更改要改动的值
wxhexeditor
需要更改的内容有:
- 证书持有者DN="CN=ChenFaQiang"
- 证书有效期=20200222000000-20220222000000
- 证书持有者字段的,长度域改为 0b(11), 数据域改为 ChenFaQiang 的 ASCII,较原始长度 +2
- 证书有效期的 Not Before 字段 ,长度域改为 0F,数据域改为 20200222000000Z 的 ASCII,较原始长度 +2
- 证书有效期的 Not After 字段 ,长度域改为 0F,数据域改为 20220222000000Z 的 ASCII,较原始长度 +2
由于数据长度发生变化,其他长度域也需要修改
- Certificate 的 长度域 0x02ec + 6 = 0x02F2
- Data 的 长度域 0x01d4 + 6 = 01da
- Validity 的 长度域 0x1E + 4 = 22
- Subject 的 长度域 0x32 + 2 = 0x34
- CN 上级的 set 的 长度域 12 +2 = 14
- CN 上级的 sequence 的 长度域 10 + 2 = 12
echo -n -e "\x30\x82\x02\xf2\x30\x82\x01\xda\xa0\x03\x02\x01\x02\x02\x02\x04\x96\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x22\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0a\x56\x69\x72\x74\x75\x61\x6c\x20\x43\x41\x30\x22\x17\x0f\x32\x30\x32\x30\x30\x32\x32\x32\x30\x30\x30\x30\x30\x30\x5a\x17\x0f\x32\x30\x32\x32\x30\x32\x32\x32\x30\x30\x30\x30\x30\x30\x5a\x30\x34\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x0f\x30\x0d\x06\x03\x55\x04\x0b\x13\x06\x50\x65\x72\x73\x6f\x6e\x31\x14\x30\x12\x06\x03\x55\x04\x03\x13\x0b\x43\x68\x65\x6e\x46\x61\x51\x69\x61\x6e\x67\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xb4\xf6\xcf\x18\x3d\x5e\x8e\x1d\x46\x7a\x90\x7d\x8e\x41\xd2\xe3\xc8\xf1\xa3\xae\xf3\x6d\x8a\x24\xff\x55\x23\x25\xbd\xeb\x0c\xd0\x7b\x87\x36\x5d\x1f\x73\x98\x65\x3e\x57\x97\xf6\x65\x7d\x13\xe0\xe1\xb5\xfc\xbc\x38\x6f\x56\x3e\x57\x4e\xd6\x51\x1d\x13\x12\x7c\x33\xb3\x60\x31\x79\x32\x07\x97\xf3\x3c\x8b\x29\x0d\xb5\x78\x38\x93\xce\x84\xe4\xa3\xdd\xfb\xf9\x25\x47\x1c\x72\xa6\x5e\x78\x02\xcf\xf3\x48\x9d\xca\xd9\x00\x73\xde\x4b\x16\x07\x52\x48\x20\x06\xf3\x4f\xca\xa5\x2d\x66\x88\x95\xc6\x6c\xd6\x3f\x61\x34\xf7\xe3\x02\x03\x01\x00\x01\xa3\x81\x9f\x30\x81\x9c\x30\x0c\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x02\x30\x00\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x2c\x04\x87\x10\x60\xfc\x61\xf6\x2b\x64\x81\x3d\xfb\x66\x30\xda\xf0\x73\xbc\x08\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x03\xf8\x30\x29\x06\x03\x55\x1d\x25\x04\x22\x30\x20\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x14\x02\x02\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04\x30\x11\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x05\xa0\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x96\xf0\x94\xf8\x49\x8d\x23\x05\x86\xb0\xca\xb5\x2d\x7a\x9a\x60\x32\xfb\xb0\xf9\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8d\x42\xad\x5c\xdf\xc7\xc7\x90\xfa\x58\xc0\x74\x15\xc6\x4f\x20\x9b\xf1\x49\x9c\xb8\x3c\x22\x98\x45\x75\xa6\x0d\x7c\x02\x9d\x83\x1d\xc4\x5d\xcf\x4f\x8e\x57\xe7\x0a\x9b\x67\x02\x33\x23\x59\x76\xb4\xb5\xb7\xf3\x27\x36\x6f\xf4\x32\x6c\x1c\xe9\xb3\x4b\x81\xdc\xd0\xcf\x2e\xcf\x07\x4c\x65\x75\x74\xdf\x23\x9d\x7d\x2b\xe4\xf1\x15\x0c\x84\x61\x41\x5f\xdc\x67\x92\xa9\x7c\x39\xa0\xca\xa9\x58\x6b\xed\x7d\x94\x08\xf7\x83\x42\x61\xf8\x62\xd8\xdc\x3b\x5d\xb7\x69\x5c\xd0\x36\xf2\x99\xa8\x0c\x99\x6e\xb0\x0c\x21\xe3\x98\x9f\x12\x6d\xd1\x76\x4e\x0c\x31\xcb\x7f\x54\x73\xfe\x96\x83\x76\x35\x22\x2f\xbf\xf6\x2b\x11\x04\x3a\xa7\xbe\x33\x3c\xd5\xda\xee\x56\x7a\xc4\x1a\x67\x3b\x77\xde\x52\xc0\xda\x09\xca\x45\x71\x11\xb2\xd5\x35\xbf\x44\x54\x08\xc2\xfa\x0c\x5c\xef\xc0\xef\x82\x63\x37\x3c\x4c\xab\x59\x4c\xfd\x6c\x2a\x9d\x64\x27\x35\x4e\x4f\xd8\x2e\x2c\x5c\xeb\xa1\x99\xdb\xfa\x3a\x53\x54\x13\x92\x91\x5d\x8f\x38\xdd\x1c\xd8\xab\x34\x22\x9a\xef\x8a\xe4\x62\xc2\x23\x9d\x06\xa5\xd7\xd8\x58\xb7\xf4\x98\xca\x61\x29\x9d\xde\xa8\xf6\xda\xcc\x81" > 20191206.der
结果截图
openssl asn1parse -i -inform der -in 20191206.der
