证书上的“签名算法”到底是啥意思?使用哪种签名算法来签署我的证书?
Posted
技术标签:
【中文标题】证书上的“签名算法”到底是啥意思?使用哪种签名算法来签署我的证书?【英文标题】:What exactly is meant by "Signature Algorithm" on a certificate? Which signature algorithm is being used to sign my certificate?证书上的“签名算法”到底是什么意思?使用哪种签名算法来签署我的证书? 【发布时间】:2021-12-04 04:03:35 【问题描述】:我刚开始学习证书及其在网络安全中的用途。我正在尝试使用 GTS 颁发的浏览器证书,这是谷歌信任服务。 现在,我对签名算法字段的含义感到困惑。我尝试谷歌搜索,发现签名算法是指用于签署证书的算法。如果是这种情况,我不明白为什么在我的证书中看到 3 个不同的签名算法字段。此外,其中 2 个具有与其关联的密钥大小,而第一个字段现在具有。 第一个签名算法属于“颁发者”类别,所以我想这可能是用于签署证书的算法。第二个和第三个字段,如第二张图片所示,属于公钥类别。那么他们被用来签署什么? 另外,我没有看到任何与第一个签名算法相关的密钥,所以我对此有点困惑。任何帮助深表感谢!谢谢!
【问题讨论】:
【参考方案1】:Meta:这不是编程问题,但我无法在评论中对此进行评论。我不会投票关闭,因为在回答后这样做是不合适的,但如果我被通知问题已关闭,我将删除(或我授权模组这样做)以确保 Q 可以被删除或 roombad。
我不知道您使用什么程序来获得该解码,或者您是否在停电之后对其进行了修改,但这似乎具有严重的误导性。这是来自 OpenSSL 的更好解码,它遵循 ASN.1 结构,我添加了<<#
标记:
(redacted)>openssl s_client -connect www.google.com:443 <NUL 2>NUL | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:48:e6:58:30:39:c0:ad:0a:00:00:00:00:ff:65:fa
Signature Algorithm: sha256WithRSAEncryption <<#1A
Issuer: C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
Validity
Not Before: Sep 13 04:06:57 2021 GMT
Not After : Nov 20 04:06:56 2021 GMT
Subject: CN = www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:27:92:c3:bb:e0:95:f4:20:46:a4:1a:5f:96:
78:a7:58:9d:cb:7c:2a:9c:7c:cb:2d:be:30:e9:c1:
71:80:11:da:c3:57:c4:c1:74:5c:a6:26:64:c3:49:
53:7c:44:19:f2:b3:c4:b3:5f:fc:90:30:b3:d4:31:
d1:16:09:b2:97:44:43:99:d6:13:19:20:ef:92:9e:
6e:41:44:56:32:c8:1c:5b:54:48:38:6b:5d:c5:00:
a4:62:be:7e:51:76:26:f6:5b:9c:e0:ed:b3:b8:dd:
16:eb:c6:9d:fc:b6:16:c0:60:1a:84:d8:b1:a5:d1:
5d:1f:35:eb:40:08:f0:2b:a1:a8:e8:d0:93:8f:85:
c6:25:a3:63:d0:d8:09:2e:fa:d2:6f:12:73:4e:aa:
ad:6f:c6:cb:b0:24:b4:65:e3:e3:fd:03:f9:d4:64:
07:2a:4b:6b:df:6b:ae:b2:90:eb:7e:57:f0:a8:3e:
08:d1:07:06:e8:04:dc:a6:bd:02:ee:07:97:1f:cf:
41:2c:8a:b0:15:bc:de:c9:13:b9:0a:8f:38:78:4c:
03:d1:46:36:e6:54:e4:3b:5f:eb:f4:02:14:82:09:
d9:0e:60:ea:29:b4:e3:7e:81:8d:4c:81:ee:4b:6d:
6e:a8:7f:f5:79:39:21:20:01:eb:77:4d:ea:22:d8:
15:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C0:43:06:E9:20:B5:1E:51:86:CF:27:BB:3B:91:D5:0B:AE:F8:99:A6
X509v3 Authority Key Identifier:
keyid:8A:74:7F:AF:85:CD:EE:95:CD:3D:9C:D0:E2:46:14:F3:71:35:1D:27
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/gts1c3
CA Issuers - URI:http://pki.goog/repo/certs/gts1c3.der
X509v3 Subject Alternative Name:
DNS:www.google.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
Timestamp : Sep 13 05:06:59.644 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256 <<#2
30:45:02:21:00:84:00:48:E0:6F:E9:0F:D7:AF:A6:67:
22:C8:D3:D3:A8:E4:FB:38:11:3E:5B:C2:EF:AC:E2:54:
7A:94:AC:1A:47:02:20:1E:84:FB:69:49:C2:1B:2E:0B:
84:8C:AD:CA:13:FF:97:19:3C:57:8A:0A:AC:23:DD:61:
C2:AB:7F:07:46:45:65
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
Timestamp : Sep 13 05:06:59.161 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256 <<#3
30:45:02:21:00:D5:16:13:47:CE:39:C6:60:AF:11:24:
61:A3:D3:B6:50:BF:32:01:0D:6F:5F:5F:2E:37:E4:F8:
1E:60:9E:70:E6:02:20:09:6A:39:F4:15:FC:36:6C:5F:
9B:C7:E1:B5:48:64:7F:BC:FD:36:6E:1D:7B:E5:74:6A:
55:B0:6E:0F:AF:CF:FF
Signature Algorithm: sha256WithRSAEncryption <<#1B
3a:11:f4:ac:db:fe:63:eb:40:ae:09:4e:d2:3a:89:90:37:c2:
bd:f5:bf:8e:69:7b:48:4e:33:6a:35:46:35:50:bc:94:2e:c3:
87:b4:66:e4:d6:bd:2f:98:99:d4:ba:0f:56:04:de:20:44:86:
61:35:50:3f:66:95:fc:4a:2a:69:b7:3b:0c:70:0f:17:cc:60:
a4:fe:1d:b3:f8:90:0c:b9:fa:3d:69:d0:2f:a9:15:91:cd:89:
bb:92:7d:f5:c6:7f:2f:b8:89:0a:95:f3:71:93:1c:52:77:22:
e8:af:54:f1:b2:0f:9c:4f:9b:28:59:c4:de:ed:63:0f:7b:06:
69:ac:af:5d:bd:1c:52:ca:67:3a:db:52:10:f3:16:55:20:dd:
db:4c:e7:93:e5:d1:56:d1:1f:07:12:0c:da:8c:df:c8:d7:91:
98:5c:c2:f7:f4:dc:ff:66:6b:35:95:f8:b9:cc:cd:1d:0b:cf:
d1:99:5e:ce:1a:d9:97:f3:c5:85:65:e0:17:b9:88:c6:1e:5f:
51:01:97:21:4e:49:6b:a6:ed:3d:df:8d:95:b5:be:54:5a:e4:
58:0d:4c:50:64:5f:47:91:48:45:d4:2b:37:50:bf:d5:fb:cd:
54:f3:c5:a2:72:38:fd:44:da:f9:6f:6a:2a:45:2c:ac:c5:a5:
37:3f:e8:fe
#1A 和#1B 是颁发者在证书上签名的算法,在#1B 之后的块中。是的,在 ASN.1 结构中有两个 AlgorithmIdentifier 副本,在所示位置,因为 X.509 是在 1980 年代设计的,当时人们担心基于对称/密钥系统经验的算法替换攻击,结果证明这对于非对称/公钥系统来说不是一个重大问题。它是 SHA256withRSA,因为发行 CA GTS CA 1C3
使用 RSA(2048 位)密钥。编辑:发现 crossdupes https://security.stackexchange.com/questions/24788/signaturealgorithm-vs-tbscertificate-signature 和 https://security.stackexchange.com/questions/114746/why-is-the-signature-algorithm-listed-twice-in-an-x509-certificate 。
#2 和#3 是嵌入在证书中的两个签名证书时间戳 (SCT) 上的签名算法,以支持 Certificate Transparency。您可以看到每一个都是标题Signed Certificate Timestamp:
下缩进块的一部分。 SCT 由各种透明日志系统创建和签名,由它们的 logid 标识,而 GTS CA 1C3 选择使用的两个日志系统恰好都使用了带有 P-256 密钥的 ecdsa-with-sha256 签名。 (我们只能直接看到 R,S 值是 256 位,对应于 256 位顺序的 some 曲线组,但RFC6962 确认唯一可接受的 ECDSA 曲线是 P-256。 )
旁白:我不明白您为什么认为有必要将世界上每个人都可以轻松获取和查看的证书中的某些信息涂黑。证书(至少是 Internet 服务器证书)的全部目的是让所有人都知道。
【讨论】:
以上是关于证书上的“签名算法”到底是啥意思?使用哪种签名算法来签署我的证书?的主要内容,如果未能解决你的问题,请参考以下文章