如何将签名的OCSP RESPONSE参数添加到ASN1 PKCS7
[英]How to add a signed OCSP RESPONSE parameter to an ASN1 PKCS7
问题描述
Engaged in the signing of the string. 
参与字符串的签名。 The usual signature passes. 通常的签名通过。 Now it was necessary to add signed parameters. 现在必须添加签名的参数。
There are no problems with adding rows: 添加行没有问题:
void add_signed_printable_string(PKCS7_SIGNER_INFO *si, char *oid, char *str)
{
ASN1_PRINTABLESTRING *os;
signed_string_nid = OBJ_create(oid, str, str);
os=ASN1_PRINTABLESTRING_new();
M_ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
PKCS7_add_signed_attribute(si,signed_string_nid, V_ASN1_PRINTABLESTRING,(char *)os);
}
With the addition of the content type, everything is also clear: 通过添加内容类型,一切也变得很清楚:
PKCS7_add_attrib_content_type(si, OBJ_nid2obj(OID_SIGNED_CONTENT_TYPE));
But now you need to add an object X509_NAME and OCSP response. 但是现在您需要添加一个对象X509_NAME和OCSP响应。
How generally such objects are correctly added? 通常如何正确添加此类对象?
I tried to add X509_NAME by manually recording all the parameters, but it takes a very long time. 我试图通过手动记录所有参数来添加X509_NAME ,但这需要很长时间。
You should get something like this (add the same as 1.3.6.1.4.1.6801.2.8 and 1.3.6.1.5.5.7.48.1.1): 您应该得到类似以下内容(与1.3.6.1.4.1.6801.2.8和1.3.6.1.5.5.7.48.1.1相同):
[0] (7 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.13 signingDescription (PKCS #9)
SET (1 elem)
PrintableString ESEDO
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.1 data (PKCS #7)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2018-11-13 12:08:20 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) 166182C25D404360359A8961F9A861F4A11567C9BC0D01BF81EC647E1CA59331
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.77
SET (1 elem)
UTF8String Как дебажить ошибки.docx
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.6801.2.8
SET (1 elem)
SEQUENCE (10 elem)
SET (1 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.4 surname (X.520 DN component)
UTF8String ТЕСТ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN123128350133
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String ТОВАРИЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ "777"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN123840007123
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.42 givenName (X.520 DN component)
UTF8String ТЕСТ
SET (1 elem)
SEQUENCE (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.1 emailAddress (PKCS #9. Deprecated, use an altName extension instead)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1 ocspBasic (OCSP)
SET (1 elem)
OCTET STRING (1 elem)
SEQUENCE (2 elem)
ENUMERATED
[0] (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1 ocspBasic (OCSP)
OCTET STRING (1 elem)
SEQUENCE (4 elem)
SEQUENCE (4 elem)
[1] (1 elem)
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String OCSP RESPONDER
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN761231300313
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String АКЦИОНЕРНОЕ ОБЩЕСТВО "НАЦИОНАЛЬНЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN000740000728
GeneralizedTime 2018-11-13 12:08:12 UTC
SEQUENCE (1 elem)
SEQUENCE (3 elem)
SEQUENCE (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.3.1
NULL
OCTET STRING (32 byte) CB71EA9140B5F7D0A761D820E5FBE12C8FFB771B954165D8FC7387758D424F9A
OCTET STRING (32 byte) 640A1103E2579C4AFDBC3306E07AC6AA1473FA0E2E7DD005F3E6254195D828AA
INTEGER (159 bit) 616944972507369995033056199378545336054600461801
[0]
GeneralizedTime 2018-11-13 12:08:12 UTC
[1] (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.2 ocspNonce (OCSP)
OCTET STRING (1 elem)
OCTET STRING ¤}Z
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.9
OCTET STRING (1 elem)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
BIT STRING (512 bit) 1011010110100000001011110110010101000001111111110100110110001111100011…
[0] (1 elem)
SEQUENCE (1 elem)
SEQUENCE (3 elem)
SEQUENCE (8 elem)
[0] (1 elem)
INTEGER 2
INTEGER (158 bit) 272744986983533272580483628423012745646484689418
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
SEQUENCE (2 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String ҰЛТТЫҚ КУӘЛАНДЫРУШЫ ОРТАЛЫҚ (GOST)
SEQUENCE (2 elem)
UTCTime 2018-08-11 18:00:55 UTC
UTCTime 2019-08-11 18:00:55 UTC
SEQUENCE (7 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String OCSP RESPONDER
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString IIN761231300313
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.6 countryName (X.520 DN component)
PrintableString KZ
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.7 localityName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.8 stateOrProvinceName (X.520 DN component)
UTF8String АСТАНА
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
UTF8String АКЦИОНЕРНОЕ ОБЩЕСТВО "НАЦИОНАЛЬНЫЕ ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ"
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String BIN000740000728
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.1
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.1.1
OBJECT IDENTIFIER 1.2.398.3.10.1.3.1.1.0
BIT STRING (1 elem)
OCTET STRING (64 byte) D20F80BBB987C85D946C54C3AB994F7887BDA2FE5C9C392A30AB615B407765CD8D3D78…
[3] (1 elem)
SEQUENCE (7 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.37 extKeyUsage (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.9 ocspSigning (PKIX key purpose)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.35 authorityKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
[0] (4 byte) 5B6A73E9
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (1 elem)
OCTET STRING (20 byte) 042ECC160C088D0915A0F66BDD9F8205D9F56A0E
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.31 cRLDistributionPoints (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
[0] (1 elem)
[0] (2 elem)
[6] http://crl.pki.gov.kz/nca_gost.crl
[6] http://crl1.pki.gov.kz/nca_gost.crl
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.46 freshestCRL (X.509 extension)
OCTET STRING (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
[0] (1 elem)
[0] (2 elem)
[6] http://crl.pki.gov.kz/nca_d_gost.crl
[6] http://crl1.pki.gov.kz/nca_d_gost.crl
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 authorityInfoAccess (PKIX private extension)
OCTET STRING (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 caIssuers (PKIX subject/authority info access descriptor)
[6] http://pki.gov.kz/cert/nca_gost.cer
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 ocsp (PKIX)
[6] http://ocsp.pki.gov.kz
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.5 ocspNoCheck (OCSP)
OCTET STRING (0 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.398.3.10.1.1.1.2
NULL
BIT STRING (512 bit) 1001000111110101000101110111000111010000111111101010101010010100110110…
0 个解决方案
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何从pkcs7文件获取证书 - How to get certificate from pkcs7 file
如何解码非关键ASN1数据? - How to decode non-key ASN1 data?
如何将ASN1 NumericString类型设置为SubjectDN OID? - How to set the ASN1 NumericString type to SubjectDN OID?
如何在C ++中使用多个签名者实体验证PKCS7签名 - How to verify PKCS7 signature with multiple signers entities in C++
ASN1对象标识符名称 - ASN1 object identifier name
如何以 PKCS #1、ASN.1 DER 形式加载 RSA 公钥 - How to load RSA public key in PKCS #1, ASN.1 DER form
从DER获取ASN1声明 - Get ASN1 Declarations from DER
如何使用openssl或任何其他具有智能卡签名的库创建PKCS7 signedData结构? - how to create PKCS7 signedData structure with openssl or any other library with signing on smart card?
如何在C ++中将数据和签名与pkcs7分开? - How I can separate data and signature from pkcs7 in C++?
如何以编程方式从PKCS7中提取CA,多个CA和公共证书/密钥? - How to extract CA, multiple CAs and public certificate/key from PKCS7 programmatically?
相关标签