How to convert OpenSSL digital signature to ASN1?

2019-09-11 00:47发布

问题:

Using the openssl library I have created a digital signature of a file.

I can see that if I use the openssl command:

openssl rsautl -verify -inkey pubkey.pem -pubin -asn1parse -in sigfile

I get a nice output of something like:

0:d=0  hl=2 l=  49 cons: SEQUENCE          
2:d=1  hl=2 l=  13 cons:  SEQUENCE          
4:d=2  hl=2 l=   9 prim:   OBJECT            :sha256
15:d=2  hl=2 l=   0 prim:   NULL              
17:d=1  hl=2 l=  32 prim:  OCTET STRING      
  0000 - c9 8c 24 b6 77 ef f4 48-60 af ea 6f 49 3b ba ec   ..$.w..H`..oI;..
  0010 - 5b b1 c4 cb b2 09 c6 fc-2b bb 47 f6 6f f2 ad 31   [.......+.G.o..1

How can I programmatically convert my signature file into some ASN1 that I can then parse?

回答1:

OpenSSL -verify command outputs the recovered data of the RSA signature

-verify verify the input data and output the recovered data.

It means that is returning the PKCS#1 message. A digital signature following the RFC2313 is composed of the digest algorithm identifier and the encrypted digest of the content with the RSA private key in PKCS#7 format, described in section 9.1 of RFC2315.

signedData ::= SEQUENCE {
 version Version,
 digestAlgorithms DigestAlgorithmIdentifiers,
 contentInfo ContentInfo,
 certificates
    [0] IMPLICIT ExtendedCertificatesAndCertificates
      OPTIONAL,
 crls
   [1] IMPLICIT CertificateRevocationLists OPTIONAL,
 signerInfos SignerInfos }

So (if I understood correctly...), the output of openssl is an ASN.1 sequence of digest algoritm + decrypted digest (the original digest of your content)

To decode it you can use Bouncycastle

public class ASN1Decoder {
    private static String opensslOutputB64= "MDEwDQYJYIZIAWUDBAIBBQAEIGGbJmsmf9lg/jeaXjm0XsUZ4ZS7xv0Da/NvPoNiRzRO";

    public final static void main(String argv[]) throws IOException{
        ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(Base64.getDecoder().decode(opensslOutputB64)));
         ASN1Primitive obj = bIn.readObject();
         System.out.println(ASN1Dump.dumpAsString(obj));

    }
}

Check Parsing ASN.1 binary data with Java for more examples



回答2:

With some help from @pedrofb I managed to come up with the following solution:

// Get key from cert
CertificateFactory fact = CertificateFactory.getInstance("X.509", new org.bouncycastle.jce.provider.BouncyCastleProvider());
X509Certificate cer = (X509Certificate) fact.generateCertificate(new FileInputStream("/home/administrator/Downloads/cert_1.txt"));
PublicKey key = cer.getPublicKey();

// or read key in from pem file
PublicKey publicKey = ManifestUtils.publicKeyFromPemFile(new FileReader("/home/administrator/Downloads/publickey.txt"));

// Decrypt the signature
Cipher asymmetricCipher
            = Cipher.getInstance("RSA/ECB/PKCS1Padding", new org.bouncycastle.jce.provider.BouncyCastleProvider());
asymmetricCipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] plainText = asymmetricCipher.doFinal(
            IOUtils.toByteArray(new FileInputStream("/home/administrator/Downloads/signature.sign")));

// print as hex
System.out.println(Hex.encodeHexString(plainText));

// Print the ans1 nicely - ish
ASN1InputStream input = new ASN1InputStream(plainText);
ASN1Primitive p;
while ((p = input.readObject()) != null) {
    System.out.println(ASN1Dump.dumpAsString(p));
}