• 可信根证书列表管理机构(Trusted Root Certificate List Authority,TRCLA):负责签发可信根证书列表。
  • 可信根证书列表(Trusted Root Certificate List,TRCL):由可信的PKI系统的根证书、可信的PKI系统的可信域CA证书列表下载地址和保护可信根证书列表的安全机制构成。保护可信根证书列表的安全机制为数字签名技术。

本文提供一个 CAICT  中国信息通信研究院 trcla.oer 证书。

trcla.oer Hex 内容

80 03 00 81 02 58 81 0f 76 32 78 2e 63 61 69 63 74 2e 61 63 2e 63 6e 00 00 00 00 00 1f 52 63 65 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 e5 81 03 b0 8a b0 75 6f a9 f4 99 f9 eb d9 3d 55 6e 8a 80 b4 8d ff 1d e8 7a f9 8a 71 4e 80 c0 fa 84 40 b9 0d 5a cd 70 c4 0f 1e 93 5d 83 b7 c6 4b 61 9a e1 cf dc ab ef cb 92 57 92 82 05 8f 68 f2 29 c9 c6 b0 5f 6e 03 64 57 93 9f 74 0d ec ae 4a c7 6a 6f 41 2a a0 67 5c 79 73 b2 b9 74 f4 49 6b 0d 39

trcla.oer XML 格式内容

<?xml version="1.0"?>
<Certificate>
    <version>3</version>
    <type>
        <explicit/>
    </type>
    <issuer>
        <self>
            <sm3/>
        </self>
    </issuer>
    <toBeSigned>
        <id>
            <name>v2x.caict.ac.cn</name>
        </id>
        <cracaId>00 00 00</cracaId>
        <crlSeries>0</crlSeries>
        <validityPeriod>
            <start>525493093</start>
            <duration>
                <years>30</years>
            </duration>
        </validityPeriod>
        <region>
            <identifiedRegion>
                <countryOnly>156</countryOnly>
            </identifiedRegion>
        </region>
        <appPermissions>
            <AidSsp>
                <aid>3627</aid>
                <ssp>
                    <opaque>80 00 01</opaque>
                </ssp>
            </AidSsp>
            <AidSsp>
                <aid>3628</aid>
                <ssp>
                    <opaque>00 01 00 01 01 00 00</opaque>
                </ssp>
            </AidSsp>
        </appPermissions>
        <certIssuePermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <all/>
                </subjectPermissions>
                <minChainLength>2</minChainLength>
                <chainLengthRange>-1</chainLengthRange>
                <eeType>
                    11000000
                </eeType>
            </AidGroupPermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <explicit>
                        <AidSspRange>
                            <aid>3627</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3628</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3629</aid>
                        </AidSspRange>
                    </explicit>
                </subjectPermissions>
                <minChainLength>1</minChainLength>
                <chainLengthRange>-1</chainLengthRange>
                <eeType>
                    11000000
                </eeType>
            </AidGroupPermissions>
        </certIssuePermissions>
        <verifyKeyIndicator>
            <verificationKey>
                <ecsigSm2>
                    <compressed-y-0>
                        E5 81 03 B0 8A B0 75 6F A9 F4 99 F9 EB D9 3D 55 
                        6E 8A 80 B4 8D FF 1D E8 7A F9 8A 71 4E 80 C0 FA
                    </compressed-y-0>
                </ecsigSm2>
            </verificationKey>
        </verifyKeyIndicator>
    </toBeSigned>
    <signature>
        <sm2Signature>
            <rSig>
                B9 0D 5A CD 70 C4 0F 1E 93 5D 83 B7 C6 4B 61 9A 
                E1 CF DC AB EF CB 92 57 92 82 05 8F 68 F2 29 C9
            </rSig>
            <sSig>
                C6 B0 5F 6E 03 64 57 93 9F 74 0D EC AE 4A C7 6A 
                6F 41 2A A0 67 5C 79 73 B2 B9 74 F4 49 6B 0D 39
            </sSig>
        </sm2Signature>
    </signature>
</Certificate>

trcla.oer 公钥

04 e5 81 03 b0 8a b0 75 6f a9 f4 99 f9 eb d9 3d 55 6e 8a 80 b4 8d ff 1d e8 7a f9 8a 71 4e 80 c0 fa 6d 06 45 66 83 74 ba eb 82 ba 79 1c 90 24 ee 1d c8 9a 46 10 eb 18 28 cc e6 09 33 40 f3 33 42 1e

trcla.oer SM3 hashid32

f8 7a 5e 87 67 2a 67 c7 e3 33 64 40 af f5 64 32 0c 99 47 25 e7 fa be be 0b 2c 85 a0 f3 b2 62 2c

trcla.oer Start Time

2020-08-26 10:18:13

trcla.oer End Time

2050-08-26 08:54:13

trcla.oer SM2 Signature

b9 0d 5a cd 70 c4 0f 1e 93 5d 83 b7 c6 4b 61 9a e1 cf dc ab ef cb 92 57 92 82 05 8f 68 f2 29 c9 c6 b0 5f 6e 03 64 57 93 9f 74 0d ec ae 4a c7 6a 6f 41 2a a0 67 5c 79 73 b2 b9 74 f4 49 6b 0d 39

trcla.oer 验签
trcla.oer是自签名根证书,要验证签名,当签发的证书为自签名证书时,IDA为16进制整数

31 32 33 34 35 36 37 38 31 32 33 34 35 36 37 38

trcla.oer tbsData

58 81 0f 76 32 78 2e 63 61 69 63 74 2e 61 63 2e 63 6e 00 00 00 00 00 1f 52 63 65 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 e5 81 03 b0 8a b0 75 6f a9 f4 99 f9 eb d9 3d 55 6e 8a 80 b4 8d ff 1d e8 7a f9 8a 71 4e 80 c0 fa 
本文链接地址:https://const.net.cn/25.html

标签: none

添加新评论