一、任务详情
- 参考附件中图书p223 中13.2的实验指导,完成DER编码
- 序列号=1174(0x0496),证书签发者 DN="CN=Virtual CA,C=CN",证书持有者DN="CN=你的名字拼音, OU=Person,C=CN",证书有效期=20200222000000-20220222000000。
- 用echo -n -e "编码" > 你的学号.der中,用OpenSSL asn1parse 分析编码的正确性
- 提交编码过程文档
二、查看姓名、学号的16进制ASCII码
echo "Yang Chengyu" | od -tx1
echo "20201212" | od -tx1
三、对TBSCertificate进行DER编码
验证:
openssl asn1parse -inform der -in ./20201212.der
1.序列号1174(0x0496)
echo -n -e "\xA0\x03\x02\x01\x02\x02\x02\x04\x96\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00" > 20201212.der
2.证书签发者DN="CN=Virtual CA
echo -n -e "\x30\x22\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x56\x69\x72\x74\x75\x61\x6C\x20\x43\x41" >> 20201212.der
3.证书有效期=20200222000000-20220222000000
echo -n -e "\x17\x0D\x32\x30\x32\x30\x30\x32\x32\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x32\x32\x30\x32\x32\x32\x30\x30\x30\x30\x5A" >> 20201212.der
4.证书持有者DN=CN=Yang Chengyu, OU=Person
echo -n -e "\x30\x33\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4e\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x13\x08\x32\x30\x32\x30\x31\x32\x31\x32\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x13\x08\x59\x61\x6e\x67\x43\x68\x65\x6e\x67\x79\x75" >> 20201212.der
四、ASN.1描述与实例
1.TBSCertificate 的 ASN.1描述与实例
TBSCertificate格式用ASN.1描述如下:
TBSCertificate :=SEQUENCE {
version
[0] EXPLICIT Version DEFAULT v1,
serialNumber
CertificateSerialNumber,
signature
Algorithmldentifier,
issuer
Name,
validity
Validity,
subject
Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID[1] IMPLICIT Uniqueldentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT Uniqueldentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions[3]EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
Extensions ::=SEQUENCE SIZE (1..MAX) OF ExtensionTBSCertificate 中各项内容具体值如表13-3所示。