时间戳

首页 > 解决方案 > 带有 RSA 加密的 SHA-256

c++ - 带有 RSA 加密的 SHA-256

问题描述

我正在尝试手动验证自签名证书的数字签名。SHA-256 RSA 认证。

据我了解,数字签名是使用公式验证的s^e mod m。在输出中,我得到一个 2048 位的数字,而哈希本身是 256 位的。我读到它需要完成到 2048 位。这是怎么做到的?

PS据我了解,我需要在哈希和上使用I2OSP函数或在解码后的数字上使用OS2IP。我无法理解这些函数的算法。我的数字存储为字节数组:数字:0x123456789A 数据:[0] = 9A | [1] = 78 | [2] = 56 ... 你能写 C 代码或者至少是伪代码吗?

证书链接: https://拉波。it/asn1js/#MIIDwTCCAqmgAwIBAgIQGhQKhwNj5Z5IvU4kiPIzqjANBgkqhkiG9w0BAQsFADBVMVMwUQYDVQQDHkoARwBvAGwAbwB2AGwAZQB2ACAAVABpAG0AbwBmAGUAeQAgACgAVABpAG0AXwBkAGUAdgApACAAMQA1AC4AMAA1AC4AMgAwADAAMDAeFw0yMTAzMDMwMjEzNTJaFw0zOTEyMzEyMzU5NTlaMFUxUzBRBgNVBAMeSgBHAG8AbABvAHYAbABlAHYAIABUAGkAbQBvAGYAZQB5ACAAKABUAGkAbQBfAGQAZQB2ACkAIAAxADUALgAwADUALgAyADAAMAAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdIyw8JcPlDHM1fQGiBKmpWRYRhrOe31xwvYTYaQ02Uc-g0pIGzCu3Q-o6MS0i-2efIKs5shX0HFkLjMy1zgZc2F-PTx8f8HySRxroi5QVngQWLxu638sB9uYdVqBwWyNd7scZx-Z9Fd-kS0rFRIPlyuLCg8UOGtR5KbZ4V7dSNm8myHFTtVqD79n42oJEe2vkmUXQ266B2rHUdHDXJPTiXKwoZg4wAjeTkJUlgJwHeZUvpOkQfoo27C9dh8-4BRR4dHJOtwA1RDyuaVYl1tiQmBAAOcqjKf1bl9u3JLvxldIM8jura2k9oWLA3cxzx7Gr6DlIlGhD7EkyLww3n6VQIDAQABo4GMMIGJMIGGBgNVHQEEfzB9gBBOBdKqObwJh3JpHeW1T741oVcwVTFTMFEGA1UEAx5KAEcAbwBsAG8AdgBsAGUAdgAgAFQAaQBtAG8AZgBlAHkAIAAoAFQAaQBtAF8AZABlAHYAKQAgADEANQAuADAANQAuADIAMAAwADCCEBoUCocDY-WeSL1OJIjyM6owDQYJKoZIhvcNAQELBQADggEBAJeNUpwyUVqKSYGXPj6ibGfs4xxYaHf4obEJ3pgnWFblVgPahzQTutVJ5Ny-TSp0Ger8fTtu9soal35Zz9dpUE9aTYp-YWtEpaaqx5IC-OnH9Cao7ZJ_zM8fwiP9PtHNMuYCBiO24PmHF6oyB0gwcNYh0oa0YaVKJcmtHAVSH6WSzbdea3j9sdlBPVA6FeNchHCCiatesoM75IAUCvKYuBQ9JLenPvCXoKhXBDsiVb5tMKdZD8Vbvoj7b1JzKuv6NkICV99rLWW5MwfRMB-HG-BoML9E2mNJ-kqaVLFbJOZHCaNNIxejR70fY-ijexPNwvr_rI4VW01uYkdmSMlzRLEVW01uYkdmSMlzRLEVW01uYkdmSMlzRLE

标签: c++certificatersadecodesha256

解决方案

X.509 在进行模幂运算之前签名员工填充。https://www.rfc-editor.org/rfc/rfc8017#section-8.2.2描述了流程,但最相关的部分可能是:

   Steps:

      1.  Apply the hash function to the message M to produce a hash
          value H:

             H = Hash(M).

          If the hash function outputs "message too long", output
          "message too long" and stop.

      2.  Encode the algorithm ID for the hash function and the hash
          value into an ASN.1 value of type DigestInfo (see
          Appendix A.2.4) with the DER, where the type DigestInfo has
          the syntax

               DigestInfo ::= SEQUENCE {
                   digestAlgorithm AlgorithmIdentifier,
                   digest OCTET STRING
               }

          The first field identifies the hash function and the second
          contains the hash value.  Let T be the DER encoding of the
          DigestInfo value (see the notes below), and let tLen be the
          length in octets of T.

      3.  If emLen < tLen + 11, output "intended encoded message length
          too short" and stop.

      4.  Generate an octet string PS consisting of emLen - tLen - 3
          octets with hexadecimal value 0xff.  The length of PS will be
          at least 8 octets.

      5.  Concatenate PS, the DER encoding T, and other padding to form
          the encoded message EM as

             EM = 0x00 || 0x01 || PS || 0x00 || T.

      6.  Output EM.

从 X.509 证书中提取相关位也不是最简单的事情。

推荐阅读