openssl asn1parse 使用相关
asn1parse 帮助
openssl asn1parse -help
openssl help asn1parse
Usage: asn1parse [options]
Valid options are:
-help Display this summary
-inform PEM|DER input format - one of DER PEM
-in infile input file
-out outfile output file (output format is always DER)
-i indents the output
-noout do not produce any output
-offset +int offset into file
-length +int length of section in file
-oid infile file of extra oid definitions
-dump unknown data in hex form
-dlimit +int dump the first arg bytes of unknown data in hex form
-strparse +int offset; a series of these can be used to 'dig' into multiple ASN1 blob wrappings
-genstr val string to generate ASN1 structure from
-genconf val file to generate ASN1 structure from (-inform will be ignored)
-strictpem do not attempt base64 decode outside PEM markers
-item val item to parse and print
asn1parse genconf 生成der文件
文件test_asn1.conf内容如下: 来自(https://zhuanlan.zhihu.com/p/25488879)
asn1 = SEQUENCE:seq_section
[seq_section]
field1 = BOOLEAN:TRUE
field2 = INTEGER:0x01
field3 = SEQUENCE:seq_child
[seq_child]
field1 = INTEGER:0x02
field2 = INTEGER:0x03
上面内容中定义了一个名字为seq_section的SEQUENCE,里面包含了BOOLEAN的元素field1,值为TRUE,INTEGER的元素field2,值为1,同时也包含了seq_child的子SEQUENCE。
根据test_asn1.conf生成test.der
openssl asn1parse -genconf test_asn1.conf -out test_asn1.der
test_asn1.der内容如下:
hexdump -C test_asn1.der
00000000 30 0e 01 01 ff 02 01 01 30 06 02 01 02 02 01 03 |0.......0.......|
openssl asn1parse -in test_asn1.der -inform der
0:d=0 hl=2 l= 14 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: BOOLEAN :255
5:d=1 hl=2 l= 1 prim: INTEGER :01
8:d=1 hl=2 l= 6 cons: SEQUENCE
10:d=2 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 1 prim: INTEGER :03
SM2私钥文件解码示例
私钥文件内容如下(密码为111111):
cat test.pfx
MIIIJgIBAzCCB+AGCSqGSIb3DQEHAaCCB9EEggfNMIIHyTCCArYGCSqGSIb3DQEHAaCCAqcEggKjMIICnzCCApsGCyqGSIb3DQEMCgECoIICQjCCAj4wKAYKKoZIhvcNAQwBAzAaBBREDAPbdO94uB3FzdlZ2dRDuZliuAICBAAEggIQ92ZQTuoVmTBT/7ylAr1yah+u8CxWvHccIgW3lbrHVR7zvUkucci1/sIhMhhUtMNR+HRT/E7W4bGP+tT/rGVX1KUIc3Gzb+Om5vo/3IxHDLAsIyJ2KIiCd7r8JItXXpexXQBI56byxQEZx1Za7THwYFmhybS25IP2p0H+n5h51C1Ii2e6S2NZTCLgPfw2Xip+0TejcoDMj32Av29Bak4qsnLcpD7wu/6Oge04TPoChiHATLnF6lwkkQ64lqMFVhRh/t0QVY9WKaZZD4vyBZTOxz6LQST4BNLBgLFsTW0+cFlAhVSM4LThTmTGxUAgMS/3SR/mBvQATfLOAy9xd9nQrBCfR7aB1uV0q2+B1UusZhGygDJkRUkeAN3dstn3p4wiSkq/G6bJzg441zSl7MU7RmZZtFS5bHmWsk8r3IZ88QaWYecEX1rf4rqh7OKjKSFlOVTLeT4v6CJcaNcq1Z93nAJaAgDdjmepqvnJz4FlPnw8LddBLPQJ/yY0qLe8pspaexuNCRyn9dxCnNMwG8kVkTqlujlNVkwx5TUQ/FCMYCWedyYpPmMdweOzsiu7rKcJDb/pqE9vPHewBz74+yHntPefB3M8CDUen6HgeH8XabTwPkUp69iEpZ4l7Czg6547+L4DsWr07RONVhR2VercqjzIR0MI1a9IN8Tnu+Y8D7A8Qjo07YcWnGp6SYEy0G/TMUYwHwYJKoZIhvcNAQkUMRIeEAB1AHMAZQByACAAawBlAHkwIwYJKoZIhvcNAQkVMRYEFOhTryibpsBDZhWrYZC75hiCaEFNMIIFCwYJKoZIhvcNAQcGoIIE/DCCBPgCAQAwggTxBgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwBBjAaBBQF6r64t6q79ugJUThgxqhlKY7rGQICBACAggS40QjpkFRTMaqjPX/T7K1+x4LAuToay8FijhJoapeAyp9FYR65eEPNeJWVLuKsmlvE87WuB/UG2UbyPW0l/cEwvqPj7A8jOGAhMNhFSgUtx+7MjBbFCja4pcO4Vz35qtDJrCwNN7ZdhWrrG1v5PyBs4VnpHyJCBlpHmy5bDr6Tdkxj9jSXWxxioiMV6Ay0M7N6gPgxtbApFfKTmTxiBOexrsJAdBaILL/39fDUG/5kjGuq5t5qkO4w+/gpjGp8aeecGtRCle2j59DkMSpUHyK8TnYo2aA+m972Ef06DqSyv1+ni6dPtWA/+6Z9RfvumMJcmZHjqrVaf9VoWGcjO37JZ0w8HPX9qKu9neBXCW0qe7Xd25MtTR7Zvbg9cumKpqFfjF+ni3ML8uFzG61AQx5l3bKxtFDY5Y99G8wfAE4gpFU5gybs3v+eJf+hCPBjaMWz9kEZ9cbFFXgRnf1Wo8uWt5kfF2ClR+4RvGx+TKopd3psDFLX4JpbCdcq5/7r4qKmM5Hk92blOBD3kOFcJf0BJaFj6USrosUdgkALBywKENp5Fyjusx5h8fhleBJ56ZFxbdLkdzhkLFeAHu6XHeJRMCj1pF++1yF8AAzzZaC7exgu5u/Jfs5xPRwFrCyrvopQCZdW2v9YpSp6bUue08P0GBB3MN8L36MakhMoYSVcTzRtX63DSlfBjjUGcU7Tq1X4xNfHc40kxny1y8oeIij/P9WEB95V38TIvJhQyshYTsEyhuKcKhSIMhVy3ayzQNOq2b6yuXUSd75kc6fe2vSEk935ShPmcMWQhMJmguTU4D8SEDej6399m3KuvEbjXZuS2qyS4F9O8IhL3tynTGWJOrMXKfr4F5BpEVoCUABHOtVbgoWoTOxHCCUkPCKELcJ0tBJvUk3jXnxCezXmeYhDpuhIEgE4Z9VJLHaysxdRQIQebMzM2oHgGz88r7SE9n90LHWV4rc5jhCA5neiOBAa/pViJo03AcddvRajjDS0KIgaIDUI8Dhz/Oofj5sqThgggGFw6UCoucf8jGu28m++pvP5z3zNaloTO/1rQyD9cWdRC8oxrG9y1NB5FAi+F0/ULV9g1IwbJfGM3c7wiXdY36IEikjZXpLE76J06Po/cPxMyZoKMLCEkISJ2vzonA5y56KyIV66AclxWzboGqzK/I2PLG+9Bk9+1J5BiwL5Gm8X5tmck7JYrz469iQfyWN25qv9z4uf4SxuJ199DGq0GroMxO4Q7O+CK8YdURZZuOCZ5wGjRNj0cfNEDQu/N0yHBSfY+iXPD1HxOkQgVZRstubld9+PCQAYgNvr6o4lbIUdCMKeMqVBEx01F5ARlGpkhyZZAUO/GW0QmkcrY4JPJv9q2QoYI6T4Wx6EGKHls1CGZ+cNDxEI19qurW1zcS86K0lY2E+84TcutkpfHiiuO68T7dRg/eO3hXq07LVql3RXiX89BRQmy2IJIyFzpv46wS3HVJeK517aYnBxKM63leyzV6YDSI4L2mePF3zLnsmb8fwHeC2Lk+x3dtLMHYQi9fKkGINKfLKrXA+Qht/ijhvU1GX+WDG97OShiFU0OhMCD/mfItWZG7J1WxNEmb+Is2t4AAf1wf8wPTAhMAkGBSsOAwIaBQAEFJklMUR1BaO3CmVltCh07+rKpXfrBBR3hTx3xARflWgNV7WZ5ks5Pjdg0wICBAA=
将test.pfx转码为der
base64 -d test.pfx > test.pfx.der
使用openssl pkcs12 解码
openssl pkcs12 -in test.pfx.der -passin pass:"111111" -nodes -nocerts
Bag Attributes
friendlyName: user key
localKeyID: E8 53 AF 28 9B A6 C0 43 66 15 AB 61 90 BB E6 18 82 68 41 4D
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIBGwIBADCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////v//////
//////////////8AAAAA//////////8wRAQg/////v////////////////////8A
AAAA//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFNlA6TBEEE
MsSuLB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9zuNraSFT
0KmHfMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYFK1O79Ak5
1UEjAgEBBCcwJQIBAQQg5+Xxqb6y/gH/RStGmwc9tATHf6MuVpTu+VrB4TVnn5s=
-----END PRIVATE KEY-----
保存私钥为test.pfx.key.pem
cat test.pfx.key.pem
-----BEGIN PRIVATE KEY-----
MIIBGwIBADCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////v//////
//////////////8AAAAA//////////8wRAQg/////v////////////////////8A
AAAA//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFNlA6TBEEE
MsSuLB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9zuNraSFT
0KmHfMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYFK1O79Ak5
1UEjAgEBBCcwJQIBAQQg5+Xxqb6y/gH/RStGmwc9tATHf6MuVpTu+VrB4TVnn5s=
-----END PRIVATE KEY-----
查看SM2的私钥
openssl ec -in test.pfx.key.pem -text -noout
read EC key
Private-Key: (256 bit)
priv:
e7:e5:f1:a9:be:b2:fe:01:ff:45:2b:46:9b:07:3d:
b4:04:c7:7f:a3:2e:56:94:ee:f9:5a:c1:e1:35:67:
9f:9b
pub:
04:98:e2:4b:18:21:7b:b8:95:b4:07:aa:a2:fa:bb:
4e:2c:64:70:2a:c5:b7:1c:b5:9b:77:c5:6a:f5:e4:
76:89:91:e2:36:1b:3c:bc:1b:80:5f:5b:6f:ee:46:
c8:f4:70:20:c6:ed:04:f8:50:75:23:7e:4c:8f:9a:
ac:d0:75:10:f5
Field Type: prime-field
Prime:
00:ff:ff:ff:fe:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:
ff:ff:ff
A:
00:ff:ff:ff:fe:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:
ff:ff:fc
B:
28:e9:fa:9e:9d:9f:5e:34:4d:5a:9e:4b:cf:65:09:
a7:f3:97:89:f5:15:ab:8f:92:dd:bc:bd:41:4d:94:
0e:93
Generator (uncompressed):
04:32:c4:ae:2c:1f:19:81:19:5f:99:04:46:6a:39:
c9:94:8f:e3:0b:bf:f2:66:0b:e1:71:5a:45:89:33:
4c:74:c7:bc:37:36:a2:f4:f6:77:9c:59:bd:ce:e3:
6b:69:21:53:d0:a9:87:7c:c6:2a:47:40:02:df:32:
e5:21:39:f0:a0
Order:
00:ff:ff:ff:fe:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:72:03:df:6b:21:c6:05:2b:53:bb:f4:09:39:
d5:41:23
Cofactor: 1 (0x1)
openssl asn1parse打印证书信息
openssl asn1parse -in test.pfx.key.pem
0:d=0 hl=4 l= 283 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=3 l= 236 cons: SEQUENCE
10:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
19:d=2 hl=3 l= 224 cons: SEQUENCE
22:d=3 hl=2 l= 1 prim: INTEGER :01
25:d=3 hl=2 l= 44 cons: SEQUENCE
27:d=4 hl=2 l= 7 prim: OBJECT :prime-field
36:d=4 hl=2 l= 33 prim: INTEGER :FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF
71:d=3 hl=2 l= 68 cons: SEQUENCE
73:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC
107:d=4 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93
141:d=3 hl=2 l= 65 prim: OCTET STRING [HEX DUMP]:0432C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0
208:d=3 hl=2 l= 33 prim: INTEGER :FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123
243:d=3 hl=2 l= 1 prim: INTEGER :01
246:d=1 hl=2 l= 39 prim: OCTET STRING [HEX DUMP]:30250201010420E7E5F1A9BEB2FE01FF452B469B073DB404C77FA32E5694EEF95AC1E135679F9B
使用openssl asn1parse dump
openssl asn1parse -in test.pfx.key.pem -dump
0:d=0 hl=4 l= 283 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=3 l= 236 cons: SEQUENCE
10:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
19:d=2 hl=3 l= 224 cons: SEQUENCE
22:d=3 hl=2 l= 1 prim: INTEGER :01
25:d=3 hl=2 l= 44 cons: SEQUENCE
27:d=4 hl=2 l= 7 prim: OBJECT :prime-field
36:d=4 hl=2 l= 33 prim: INTEGER :FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF
71:d=3 hl=2 l= 68 cons: SEQUENCE
73:d=4 hl=2 l= 32 prim: OCTET STRING
0000 - ff ff ff fe ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff 00 00 00 00-ff ff ff ff ff ff ff fc ................
107:d=4 hl=2 l= 32 prim: OCTET STRING
0000 - 28 e9 fa 9e 9d 9f 5e 34-4d 5a 9e 4b cf 65 09 a7 (.....^4MZ.K.e..
0010 - f3 97 89 f5 15 ab 8f 92-dd bc bd 41 4d 94 0e 93 ...........AM...
141:d=3 hl=2 l= 65 prim: OCTET STRING
0000 - 04 32 c4 ae 2c 1f 19 81-19 5f 99 04 46 6a 39 c9 .2..,...._..Fj9.
0010 - 94 8f e3 0b bf f2 66 0b-e1 71 5a 45 89 33 4c 74 ......f..qZE.3Lt
0020 - c7 bc 37 36 a2 f4 f6 77-9c 59 bd ce e3 6b 69 21 ..76...w.Y...ki!
0030 - 53 d0 a9 87 7c c6 2a 47-40 02 df 32 e5 21 39 f0 S...|.*G@..2.!9.
0040 - a0 .
208:d=3 hl=2 l= 33 prim: INTEGER :FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123
243:d=3 hl=2 l= 1 prim: INTEGER :01
246:d=1 hl=2 l= 39 prim: OCTET STRING
0000 - 30 25 02 01 01 04 20 e7-e5 f1 a9 be b2 fe 01 ff 0%.... .........
0010 - 45 2b 46 9b 07 3d b4 04-c7 7f a3 2e 56 94 ee f9 E+F..=......V...
0020 - 5a c1 e1 35 67 9f 9b Z..5g..
openssl asn1parse strparse 查看SM2曲线的a, b参数
openssl asn1parse -in test.pfx.key.pem -strparse 71 -dump
openssl asn1parse -in test.pfx.key.pem -strparse 71
0:d=0 hl=2 l= 68 cons: SEQUENCE
2:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC
36:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93
openssl asn1parse strparse 查看SM2的私钥
openssl asn1parse -in test.pfx.key.pem -strparse 246
0:d=0 hl=2 l= 37 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :01
5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:E7E5F1A9BEB2FE01FF452B469B073DB404C77FA32E5694EEF95AC1E135679F9B
openssl asn1parse 结构说明
0:d=0 hl=2 l= 37 cons: SEQUENCE
0 表示节点在整个文件中的偏移长度
d=0 表示节点深度
hl=2 表示节点头字节长度
l=37 表示节点数据字节长度
cons 表示该节点为结构节点,表示包含子节点或者子结构数据
prim 表示该节点为原始节点,包含数据
SEQUENCE、OCTETSTRING等都是ASN.1中定义的数据类型,具体可以参考ASN.1格式说明。
最后一个节点OCTET STRING [HEX DUMP],就是加密后的私钥数据。
参考:
https://www.cnblogs.com/274914765qq/p/4671849.html
本文链接地址:https://const.net.cn/684.html