x509证书的一些总结

1.获取/修改 X509 object的各个元素

https://www.cnblogs.com/yunlong-study/p/14537390.html

这篇博文中，X509证书结构，Openssl 库进行解析，拿取各项值。也有示例代码。

2.数字签名，数字证书，交互过程及X.509数字证书的结构

https://www.cnblogs.com/yunlong-study/p/14537023.html

这篇，数字签名，数字证书，如何交互的，讲得非常清楚。

3.pyOpenSSL库讲解

https://pyopenssl.org/en/0.15.1/api/crypto.html

4.x509结构更详细的请看这个，每个字节代表什么

https://wenku.baidu.com/view/988c262aed630b1c59eeb56b.html

5.验证签名

import rsa
rsa.verify(message,sig,public_key)
#message: bytes, signature: bytes, pub_key: key.PublicKey
    """Verifies that the signature matches the message.

    The hash method is detected automatically from the signature.

    :param message: the signed message. Can be an 8-bit string or a file-like
        object. If ``message`` has a ``read()`` method, it is assumed to be a
        file-like object.
    :param signature: the signature block, as created with :py:func:`rsa.sign`.
    :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
    :raise VerificationError: when the signature doesn't match the message.
    :returns: the name of the used hash.

    """

6.获取公钥

from rsa import PublicKey
#获取公钥 public_key类型为<class 'rsa.key.PublicKey'>
publickey = OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_PEM, cert.get_pubkey()).decode('utf-8')
print(publickey)
public_key = PublicKey.load_pkcs1_openssl_pem(publickey)
# print(type(public_key))
# print(public_key.e,public_key.n)

7.从证书中直接获取签名

# openssl x509 -inform DER -in test.cer -out certificate.crt  
#rb，证书是二进制的，r，要用上面的命令行来转一下
with open("c:/证书名称", "rb") as fp:
    crt_data = fp.read()

print(crt_data)

#转换成str，str可以取索引
crt_cert_hex = crt_data.hex()
print(crt_cert_hex)

#获取证书的签名
#匹配固定字段，取到的值再转成bytes
if '03820101005c6a14b1bac86acfdeb0e0e3fabc' in crt_cert_hex:
    print("true")
    index = crt_cert_hex.find('03820101005c6a14b1bac86acfdeb0e0e3fabc')
    #print(index)
    sig_str_hex = crt_cert_hex[index+10:]
    print(type(sig_str_hex))
    sig = bytes.fromhex(sig_str_hex)
    print("签名为：",sig)

8.bytes转成int，转成base64

#bytes转成int
result = 0
for b in sig:
    result = result * 256 + int(b)
#也可以用int.from_bytes()
# aa = int.from_bytes(sig,byteorder='big',signed=False)

#bytes转成base64
import base64
ss = base64.b64encode(sig)
print('ss',ss)

9.获取证书整体，asn.1打开

#计算证书的digest
print(crt_cert_hex[index-31],'test')
aa = crt_cert_hex[8:index-30]
print(len(aa))
message = bytes.fromhex(aa)