const 发布的文章

“const”

  • 可信根证书列表管理机构(Trusted Root Certificate List Authority,TRCLA):负责签发可信根证书列表。
  • 可信根证书列表(Trusted Root Certificate List,TRCL):由可信的PKI系统的根证书、可信的PKI系统的可信域CA证书列表下载地址和保护可信根证书列表的安全机制构成。保护可信根证书列表的安全机制为数字签名技术。

本文提供一个 CAICT  中国信息通信研究院 trcla.oer 证书。

trcla.oer Hex 内容

80 03 00 81 02 58 81 0f 76 32 78 2e 63 61 69 63 74 2e 61 63 2e 63 6e 00 00 00 00 00 1f 52 63 65 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 e5 81 03 b0 8a b0 75 6f a9 f4 99 f9 eb d9 3d 55 6e 8a 80 b4 8d ff 1d e8 7a f9 8a 71 4e 80 c0 fa 84 40 b9 0d 5a cd 70 c4 0f 1e 93 5d 83 b7 c6 4b 61 9a e1 cf dc ab ef cb 92 57 92 82 05 8f 68 f2 29 c9 c6 b0 5f 6e 03 64 57 93 9f 74 0d ec ae 4a c7 6a 6f 41 2a a0 67 5c 79 73 b2 b9 74 f4 49 6b 0d 39

trcla.oer XML 格式内容

<?xml version="1.0"?>
<Certificate>
    <version>3</version>
    <type>
        <explicit/>
    </type>
    <issuer>
        <self>
            <sm3/>
        </self>
    </issuer>
    <toBeSigned>
        <id>
            <name>v2x.caict.ac.cn</name>
        </id>
        <cracaId>00 00 00</cracaId>
        <crlSeries>0</crlSeries>
        <validityPeriod>
            <start>525493093</start>
            <duration>
                <years>30</years>
            </duration>
        </validityPeriod>
        <region>
            <identifiedRegion>
                <countryOnly>156</countryOnly>
            </identifiedRegion>
        </region>
        <appPermissions>
            <AidSsp>
                <aid>3627</aid>
                <ssp>
                    <opaque>80 00 01</opaque>
                </ssp>
            </AidSsp>
            <AidSsp>
                <aid>3628</aid>
                <ssp>
                    <opaque>00 01 00 01 01 00 00</opaque>
                </ssp>
            </AidSsp>
        </appPermissions>
        <certIssuePermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <all/>
                </subjectPermissions>
                <minChainLength>2</minChainLength>
                <chainLengthRange>-1</chainLengthRange>
                <eeType>
                    11000000
                </eeType>
            </AidGroupPermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <explicit>
                        <AidSspRange>
                            <aid>3627</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3628</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3629</aid>
                        </AidSspRange>
                    </explicit>
                </subjectPermissions>
                <minChainLength>1</minChainLength>
                <chainLengthRange>-1</chainLengthRange>
                <eeType>
                    11000000
                </eeType>
            </AidGroupPermissions>
        </certIssuePermissions>
        <verifyKeyIndicator>
            <verificationKey>
                <ecsigSm2>
                    <compressed-y-0>
                        E5 81 03 B0 8A B0 75 6F A9 F4 99 F9 EB D9 3D 55 
                        6E 8A 80 B4 8D FF 1D E8 7A F9 8A 71 4E 80 C0 FA
                    </compressed-y-0>
                </ecsigSm2>
            </verificationKey>
        </verifyKeyIndicator>
    </toBeSigned>
    <signature>
        <sm2Signature>
            <rSig>
                B9 0D 5A CD 70 C4 0F 1E 93 5D 83 B7 C6 4B 61 9A 
                E1 CF DC AB EF CB 92 57 92 82 05 8F 68 F2 29 C9
            </rSig>
            <sSig>
                C6 B0 5F 6E 03 64 57 93 9F 74 0D EC AE 4A C7 6A 
                6F 41 2A A0 67 5C 79 73 B2 B9 74 F4 49 6B 0D 39
            </sSig>
        </sm2Signature>
    </signature>
</Certificate>

trcla.oer 公钥

04 e5 81 03 b0 8a b0 75 6f a9 f4 99 f9 eb d9 3d 55 6e 8a 80 b4 8d ff 1d e8 7a f9 8a 71 4e 80 c0 fa 6d 06 45 66 83 74 ba eb 82 ba 79 1c 90 24 ee 1d c8 9a 46 10 eb 18 28 cc e6 09 33 40 f3 33 42 1e

trcla.oer SM3 hashid32

f8 7a 5e 87 67 2a 67 c7 e3 33 64 40 af f5 64 32 0c 99 47 25 e7 fa be be 0b 2c 85 a0 f3 b2 62 2c

trcla.oer Start Time

2020-08-26 10:18:13

trcla.oer End Time

2050-08-26 08:54:13

trcla.oer SM2 Signature

b9 0d 5a cd 70 c4 0f 1e 93 5d 83 b7 c6 4b 61 9a e1 cf dc ab ef cb 92 57 92 82 05 8f 68 f2 29 c9 c6 b0 5f 6e 03 64 57 93 9f 74 0d ec ae 4a c7 6a 6f 41 2a a0 67 5c 79 73 b2 b9 74 f4 49 6b 0d 39

trcla.oer 验签
trcla.oer是自签名根证书,要验证签名,当签发的证书为自签名证书时,IDA为16进制整数

31 32 33 34 35 36 37 38 31 32 33 34 35 36 37 38

trcla.oer tbsData

58 81 0f 76 32 78 2e 63 61 69 63 74 2e 61 63 2e 63 6e 00 00 00 00 00 1f 52 63 65 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 e5 81 03 b0 8a b0 75 6f a9 f4 99 f9 eb d9 3d 55 6e 8a 80 b4 8d ff 1d e8 7a f9 8a 71 4e 80 c0 fa 

  • TRCL 可信根证书列表 Trusted Root Certificate List
    相关概念
  • TDCL 可信域CA证书列表 Trusted Domain CA Certificates List 
  • TRCLA 可信根证书列表管理机构 Trusted Root Certificate List Authority
    v2x trcla.oer详细介绍(链接地址:https://const.net.cn/25.html

多个车联网PKI系统之间的可信关系是通过一个“可信根证书列表(Trusted Root Certificate List,TRCL)”实现的。该可信列表由可信根证书列表管理机构(Trusted Root Certificate List Authority,TRCLA)签发。
可信根证书列表的存在与否不会影响各个独立PKI系统的运行,但会影响不同PKI系统证书之间是否能够互认。
车联网跨CA证书系统安全认证就是通过TRCL来实现的。
trcl.coer hex 内容

hexdump -C trcl.coer 
00000000  01 83 08 0b 2c 85 a0 f3  b2 62 2c 00 02 1f 79 ed  |....,....b,...y.|
00000010  3d 32 48 93 3d 01 05 80  80 03 00 81 02 79 81 15  |=2H.=........y..|
00000020  72 63 61 2e 76 32 78 63  61 2e 63 61 74 61 72 63  |rca.v2xca.catarc|
00000030  2e 69 6e 66 6f 00 00 00  00 00 1f 78 a9 c3 86 00  |.info......x....|
00000040  1e 83 01 01 80 00 9c 03  01 02 80 02 0e 2b 80 03  |.............+..|
00000050  80 00 01 00 02 0e 2c 01  02 e0 81 01 03 01 ff c0  |......,.........|
00000060  e0 80 01 03 00 02 0e 2b  00 02 0e 2c 00 02 0e 2d  |.......+...,...-|
00000070  01 03 01 ff c0 01 82 21  83 6a b7 70 34 f5 7b d0  |.......!.j.p4.{.|
00000080  56 05 6e 12 58 8b 0e 6a  9d 5f 0d f5 5f aa 18 ff  |V.n.X..j._.._...|
00000090  b3 86 11 e0 4a 71 8b a2  5b 80 84 21 82 5e f4 92  |....Jq..[..!.^..|
000000a0  df ad da 00 f0 39 bf 50  24 85 b0 ed b9 3a 92 6e  |.....9.P$....:.n|
000000b0  f4 78 13 35 f4 c2 1c 53  d2 3d 73 26 c8 84 40 ba  |.x.5...S.=s&..@.|
000000c0  69 c3 42 6a b8 bb 61 ae  80 7e 11 bc 79 94 ba 05  |i.Bj..a..~..y...|
000000d0  0d 70 09 42 59 86 0d 5b  0b f8 ba 5c de 9f e9 66  |.p.BY..[...\...f|
000000e0  63 d0 8a af 06 e8 e5 c0  4f af 4c 89 f0 ce 3f fe  |c.......O.L...?.|
000000f0  7a 11 d5 43 e4 7a f1 77  12 cd ab d1 73 82 2c 2c  |z..C.z.w....s.,,|
00000100  68 74 74 70 3a 2f 2f 36  30 2e 32 34 37 2e 35 38  |http://60.247.58|
00000110  2e 31 31 37 3a 38 30 39  39 2f 63 61 2f 63 61 74  |.117:8099/ca/cat|
00000120  61 72 63 74 64 63 6c 2e  63 6f 65 72 80 80 03 00  |arctdcl.coer....|
00000130  81 02 58 81 13 72 6f 6f  74 63 61 2e 63 68 69 6e  |..X..rootca.chin|
00000140  61 2d 69 63 76 2e 63 6e  00 00 00 00 00 1f 47 46  |a-icv.cn......GF|
00000150  85 86 00 1e 83 01 01 80  00 9c 01 01 80 02 0e 2b  |...............+|
00000160  80 03 80 00 01 01 04 e0  81 01 03 01 ff c0 e0 80  |................|
00000170  01 01 80 02 0e 2b 81 01  03 01 ff c0 e0 80 01 01  |.....+..........|
00000180  80 02 0e 2c 81 01 03 01  ff c0 e0 80 01 01 80 02  |...,............|
00000190  0e 2d 81 01 03 01 ff c0  80 84 21 83 37 f1 33 b1  |.-........!.7.3.|
000001a0  a0 8d 99 df 06 f7 d6 dd  2a cd 3b f6 7d 6b db fc  |........*.;.}k..|
000001b0  be 32 5d f3 0c ff 1a bf  ad 91 a2 f2 84 40 50 db  |.2]..........@P.|
000001c0  c7 27 f8 76 49 68 ef 61  3e 77 09 7d 4d ff 81 d5  |.'.vIh.a>w.}M...|
000001d0  35 44 70 b9 74 83 ba f4  b5 d3 52 71 55 53 5d a4  |5Dp.t.....RqUS].|
000001e0  c5 75 1f d2 cc b0 f2 c6  72 c1 37 95 af 5d d8 2d  |.u......r.7..].-|
000001f0  f9 6a 38 41 90 fa c5 a7  c3 d2 a5 16 26 57 22 68  |.j8A........&W"h|
00000200  74 74 70 3a 2f 2f 31 30  36 2e 33 37 2e 36 39 2e  |ttp://106.37.69.|
00000210  32 32 3a 36 30 36 30 2f  63 69 63 76 2e 70 63 74  |22:6060/cicv.pct|
00000220  6c 80 80 03 00 81 02 58  81 16 72 6f 6f 74 63 61  |l......X..rootca|
00000230  2e 64 61 74 61 6e 67 6d  6f 62 69 6c 65 2e 63 6e  |.datangmobile.cn|
00000240  00 00 00 00 00 1f 52 53  d5 86 00 1e 83 01 01 80  |......RS........|
00000250  00 9c 01 02 80 02 0e 2b  80 03 80 00 01 80 02 0e  |.......+........|
00000260  2c 80 07 00 01 00 01 01  00 00 01 02 e0 81 01 02  |,...............|
00000270  01 ff c0 60 80 01 03 00  02 0e 2b 00 02 0e 2c 00  |...`......+...,.|
00000280  02 0e 2d 01 ff c0 80 84  21 82 fb 20 48 16 85 dd  |..-.....!.. H...|
00000290  84 80 ed be b4 66 4a f9  a4 76 2c 07 12 0e fe fe  |.....fJ..v,.....|
000002a0  16 6c 17 d9 41 3e 3e 5e  3d d3 84 40 68 25 12 b9  |.l..A>>^=..@h%..|
000002b0  fd f8 98 cb b9 d2 9b e0  a2 38 68 ba d5 dc 3d ed  |.........8h...=.|
000002c0  74 23 f9 8e 64 4a 66 96  b1 2f dd 51 58 72 17 6a  |t#..dJf../.QXr.j|
000002d0  51 76 fc 28 b3 1e 19 2e  04 f2 06 55 f1 18 cb 28  |Qv.(.......U...(|
000002e0  f0 dd 36 3d 5e d3 45 23  d0 f4 94 4e 39 68 74 74  |..6=^.E#...N9htt|
000002f0  70 73 3a 2f 2f 73 6d 61  72 74 63 61 72 2e 64 61  |ps://smartcar.da|
00000300  74 61 6e 67 6d 6f 62 69  6c 65 2e 63 6e 2f 61 70  |tangmobile.cn/ap|
00000310  69 2f 63 61 2f 76 31 2f  63 74 6c 2f 44 54 43 54  |i/ca/v1/ctl/DTCT|
00000320  4c 2e 63 6f 65 72 80 80  03 00 81 02 58 81 17 72  |L.coer......X..r|
00000330  6f 6f 74 63 61 2e 74 65  73 74 2e 76 32 78 2e 74  |ootca.test.v2x.t|
00000340  6b 63 61 2e 63 6e 00 00  00 00 00 1f 5b a9 05 86  |kca.cn......[...|
00000350  00 1e 83 01 01 80 00 9c  01 02 80 02 0e 2b 80 03  |.............+..|
00000360  80 00 01 00 02 0e 2c 01  04 e0 81 01 02 01 ff c0  |......,.........|
00000370  60 80 01 01 00 02 0e 2b  01 ff c0 60 80 01 01 00  |`......+...`....|
00000380  02 0e 2c 01 ff c0 60 80  01 01 00 02 0e 2d 01 ff  |..,...`......-..|
00000390  c0 80 84 21 82 fb 7c 6a  4d 53 d7 42 e2 2e c1 b3  |...!..|jMS.B....|
000003a0  ed 0c 55 93 96 83 90 9e  67 7c e1 97 47 46 52 a0  |..U.....g|..GFR.|
000003b0  18 52 b9 67 d6 84 40 6c  f6 0f 29 bd d9 2d db b4  |.R.g..@l..)..-..|
000003c0  c5 1c a6 55 5a b8 94 b4  30 a6 f6 cf 1c 47 e1 99  |...UZ...0....G..|
000003d0  a3 e5 d9 80 2a 2e 8c 46  83 63 82 05 88 32 af 99  |....*..F.c...2..|
000003e0  c6 0e 54 69 c6 0b 69 ff  32 6b 8c c5 e0 14 65 2f  |..Ti..i.2k....e/|
000003f0  78 52 84 82 40 84 0d 33  68 74 74 70 3a 2f 2f 33  |xR..@..3http://3|
00000400  36 2e 31 31 32 2e 38 38  2e 32 30 34 3a 38 30 39  |6.112.88.204:809|
00000410  33 2f 64 63 2d 61 70 69  2f 67 65 74 63 74 6c 2f  |3/dc-api/getctl/|
00000420  54 4b 43 41 43 54 4c 2e  6f 65 72 80 80 03 00 81  |TKCACTL.oer.....|
00000430  02 58 81 17 72 6f 6f 74  63 61 2e 76 32 78 2e 6a  |.X..rootca.v2x.j|
00000440  73 69 74 73 2e 6f 72 67  2e 63 6e 00 00 00 00 00  |sits.org.cn.....|
00000450  1f 55 09 9a 86 00 1e 83  01 01 80 00 9c 01 02 80  |.U..............|
00000460  02 0e 2b 80 03 80 00 01  00 02 0e 2c 01 04 e0 81  |..+........,....|
00000470  01 02 01 ff c0 60 80 01  01 00 02 0e 2b 01 ff c0  |.....`......+...|
00000480  60 80 01 01 00 02 0e 2c  01 ff c0 60 80 01 01 00  |`......,...`....|
00000490  02 0e 2d 01 ff c0 80 84  21 83 9e ce 5d 51 f6 06  |..-.....!...]Q..|
000004a0  88 65 cb 97 d4 61 03 2c  86 28 d2 9e 9b f0 44 0f  |.e...a.,.(....D.|
000004b0  f8 0e bd cf 89 e1 96 1f  51 19 84 40 1e 16 6e 9f  |........Q..@..n.|
000004c0  4f 21 4a 2b 87 8a 74 85  e6 68 d8 ba 19 aa d2 a1  |O!J+..t..h......|
000004d0  78 47 d0 7b 2c 3d 23 8d  d7 e8 82 22 1e 93 6c a7  |xG.{,=#...."..l.|
000004e0  8e 02 62 4b 18 21 39 88  9c af 60 91 05 73 7b 5a  |..bK.!9...`..s{Z|
000004f0  6c aa ea b8 2a c0 a7 71  ef 5f 00 ab 26 68 74 74  |l...*..q._..&htt|
00000500  70 3a 2f 2f 64 63 2e 76  32 78 2e 6a 73 69 74 73  |p://dc.v2x.jsits|
00000510  2e 6f 72 67 2e 63 6e 3a  38 30 39 33 2f 67 65 74  |.org.cn:8093/get|
00000520  63 74 6c 84 40 91 4e e2  e1 79 cf 8d 2e 8a c5 ea  |ctl.@.N..y......|
00000530  26 c2 fa fb 44 e4 6d bf  97 9b 4d ff f0 59 79 43  |&...D.m...M..YyC|
00000540  b0 fa 13 c3 af 71 91 06  71 26 8e a4 0f f2 22 2f  |.....q..q&...."/|
00000550  1c f8 08 63 ca 00 55 dc  c2 6f cd 83 38 a8 37 9a  |...c..U..o..8.7.|
00000560  84 8c 47 a1 21                                    |..G.!|
00000565

trcl.coer xml 内容

<?xml version="1.0"?>
<RootCtl>
    <toBeSignedRootCtl>
        <version>1</version>
        <issuer>
            <sm3AndDigest>0B 2C 85 A0 F3 B2 62 2C</sm3AndDigest>
        </issuer>
        <series>2</series>
        <issueDate>528084285</issueDate>
        <nextRootCtl>843617085</nextRootCtl>
        <pkiCtlInfoList>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rca.v2xca.catarc.info</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>528001475</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <assuranceLevel>03</assuranceLevel>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <encryptionKey>
                            <supportedSymmAlg>
                                <sm4Ccm/>
                            </supportedSymmAlg>
                            <publicKey>
                                <ecencSm2>
                                    <compressed-y-1>
                                        6A B7 70 34 F5 7B D0 56 05 6E 12 58 8B 0E 6A 9D 
                                        5F 0D F5 5F AA 18 FF B3 86 11 E0 4A 71 8B A2 5B
                                    </compressed-y-1>
                                </ecencSm2>
                            </publicKey>
                        </encryptionKey>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        5E F4 92 DF AD DA 00 F0 39 BF 50 24 85 B0 ED B9 
                                        3A 92 6E F4 78 13 35 F4 C2 1C 53 D2 3D 73 26 C8
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                BA 69 C3 42 6A B8 BB 61 AE 80 7E 11 BC 79 94 BA 
                                05 0D 70 09 42 59 86 0D 5B 0B F8 BA 5C DE 9F E9
                            </rSig>
                            <sSig>
                                66 63 D0 8A AF 06 E8 E5 C0 4F AF 4C 89 F0 CE 3F 
                                FE 7A 11 D5 43 E4 7A F1 77 12 CD AB D1 73 82 2C
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://60.247.58.117:8099/ca/catarctdcl.coer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.china-icv.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>524764805</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-1>
                                        37 F1 33 B1 A0 8D 99 DF 06 F7 D6 DD 2A CD 3B F6 
                                        7D 6B DB FC BE 32 5D F3 0C FF 1A BF AD 91 A2 F2
                                    </compressed-y-1>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                50 DB C7 27 F8 76 49 68 EF 61 3E 77 09 7D 4D FF 
                                81 D5 35 44 70 B9 74 83 BA F4 B5 D3 52 71 55 53
                            </rSig>
                            <sSig>
                                5D A4 C5 75 1F D2 CC B0 F2 C6 72 C1 37 95 AF 5D 
                                D8 2D F9 6A 38 41 90 FA C5 A7 C3 D2 A5 16 26 57
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://106.37.69.22:6060/cicv.pctl</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.datangmobile.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>525489109</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                                <ssp>
                                    <opaque>00 01 00 01 01 00 00</opaque>
                                </ssp>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        FB 20 48 16 85 DD 84 80 ED BE B4 66 4A F9 A4 76 
                                        2C 07 12 0E FE FE 16 6C 17 D9 41 3E 3E 5E 3D D3
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                68 25 12 B9 FD F8 98 CB B9 D2 9B E0 A2 38 68 BA 
                                D5 DC 3D ED 74 23 F9 8E 64 4A 66 96 B1 2F DD 51
                            </rSig>
                            <sSig>
                                58 72 17 6A 51 76 FC 28 B3 1E 19 2E 04 F2 06 55 
                                F1 18 CB 28 F0 DD 36 3D 5E D3 45 23 D0 F4 94 4E
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>https://smartcar.datangmobile.cn/api/ca/v1/ctl/DTCTL.coer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.test.v2x.tkca.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>526100741</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        FB 7C 6A 4D 53 D7 42 E2 2E C1 B3 ED 0C 55 93 96 
                                        83 90 9E 67 7C E1 97 47 46 52 A0 18 52 B9 67 D6
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                6C F6 0F 29 BD D9 2D DB B4 C5 1C A6 55 5A B8 94 
                                B4 30 A6 F6 CF 1C 47 E1 99 A3 E5 D9 80 2A 2E 8C
                            </rSig>
                            <sSig>
                                46 83 63 82 05 88 32 AF 99 C6 0E 54 69 C6 0B 69 
                                FF 32 6B 8C C5 E0 14 65 2F 78 52 84 82 40 84 0D
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://36.112.88.204:8093/dc-api/getctl/TKCACTL.oer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.v2x.jsits.org.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>525666714</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-1>
                                        9E CE 5D 51 F6 06 88 65 CB 97 D4 61 03 2C 86 28 
                                        D2 9E 9B F0 44 0F F8 0E BD CF 89 E1 96 1F 51 19
                                    </compressed-y-1>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                1E 16 6E 9F 4F 21 4A 2B 87 8A 74 85 E6 68 D8 BA 
                                19 AA D2 A1 78 47 D0 7B 2C 3D 23 8D D7 E8 82 22
                            </rSig>
                            <sSig>
                                1E 93 6C A7 8E 02 62 4B 18 21 39 88 9C AF 60 91 
                                05 73 7B 5A 6C AA EA B8 2A C0 A7 71 EF 5F 00 AB
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://dc.v2x.jsits.org.cn:8093/getctl</caListUrl>
            </PkiCtlInfo>
        </pkiCtlInfoList>
    </toBeSignedRootCtl>
    <signature>
        <sm2Signature>
            <rSig>
                91 4E E2 E1 79 CF 8D 2E 8A C5 EA 26 C2 FA FB 44 
                E4 6D BF 97 9B 4D FF F0 59 79 43 B0 FA 13 C3 AF
            </rSig>
            <sSig>
                71 91 06 71 26 8E A4 0F F2 22 2F 1C F8 08 63 CA 
                00 55 DC C2 6F CD 83 38 A8 37 9A 84 8C 47 A1 21
            </sSig>
        </sm2Signature>
    </signature>
</RootCtl>

trcl.coer包含各个厂家的根证书,我们要做的是将根证书解析出来并保存
通过解析得到五个厂家的根证书,分别为

  • rca.v2xca.catarc.info
  • rootca.china-icv.cn
  • rootca.datangmobile.cn
  • rootca.test.v2x.tkca.cn
  • rootca.v2x.jsits.org.cn

rca.v2xca.catarc.info 内容

hex = 80 03 00 81 02 79 81 15 72 63 61 2e 76 32 78 63 61 2e 63 61 74 61 72 63 2e 69 6e 66 6f 00 00 00 00 00 1f 78 a9 c3 86 00 1e 83 01 01 80 00 9c 03 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 02 e0 81 01 03 01 ff c0 e0 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 03 01 ff c0 01 82 21 83 6a b7 70 34 f5 7b d0 56 05 6e 12 58 8b 0e 6a 9d 5f 0d f5 5f aa 18 ff b3 86 11 e0 4a 71 8b a2 5b 80 84 21 82 5e f4 92 df ad da 00 f0 39 bf 50 24 85 b0 ed b9 3a 92 6e f4 78 13 35 f4 c2 1c 53 d2 3d 73 26 c8 84 40 ba 69 c3 42 6a b8 bb 61 ae 80 7e 11 bc 79 94 ba 05 0d 70 09 42 59 86 0d 5b 0b f8 ba 5c de 9f e9 66 63 d0 8a af 06 e8 e5 c0 4f af 4c 89 f0 ce 3f fe 7a 11 d5 43 e4 7a f1 77 12 cd ab d1 73 82 2c 
sm3 hashid32 = f8 43 4e 66 2f f5 61 12 d4 12 3a 29 89 88 ff 65 ee 25 20 fa 0b 47 42 14 0b 89 cb 67 a9 3c a5 8c
sm3 hashid8 = 0b 89 cb 67 a9 3c a5 8c

rootca.china-icv.cn 内容

hex = 80 03 00 81 02 58 81 13 72 6f 6f 74 63 61 2e 63 68 69 6e 61 2d 69 63 76 2e 63 6e 00 00 00 00 00 1f 47 46 85 86 00 1e 83 01 01 80 00 9c 01 01 80 02 0e 2b 80 03 80 00 01 01 04 e0 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2b 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2c 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2d 81 01 03 01 ff c0 80 84 21 83 37 f1 33 b1 a0 8d 99 df 06 f7 d6 dd 2a cd 3b f6 7d 6b db fc be 32 5d f3 0c ff 1a bf ad 91 a2 f2 84 40 50 db c7 27 f8 76 49 68 ef 61 3e 77 09 7d 4d ff 81 d5 35 44 70 b9 74 83 ba f4 b5 d3 52 71 55 53 5d a4 c5 75 1f d2 cc b0 f2 c6 72 c1 37 95 af 5d d8 2d f9 6a 38 41 90 fa c5 a7 c3 d2 a5 16 26 57 
sm3 hashid32 = 80 0a 70 9a fa bf 11 bb 27 36 7c b5 a4 eb 4d 5f 7c 7f dd 89 79 7b 50 f5 46 82 80 66 9c a1 f5 4e 
sm3 hashid8 = 46 82 80 66 9c a1 f5 4e 

rootca.datangmobile.cn 内容

hex = 80 03 00 81 02 58 81 16 72 6f 6f 74 63 61 2e 64 61 74 61 6e 67 6d 6f 62 69 6c 65 2e 63 6e 00 00 00 00 00 1f 52 53 d5 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 fb 20 48 16 85 dd 84 80 ed be b4 66 4a f9 a4 76 2c 07 12 0e fe fe 16 6c 17 d9 41 3e 3e 5e 3d d3 84 40 68 25 12 b9 fd f8 98 cb b9 d2 9b e0 a2 38 68 ba d5 dc 3d ed 74 23 f9 8e 64 4a 66 96 b1 2f dd 51 58 72 17 6a 51 76 fc 28 b3 1e 19 2e 04 f2 06 55 f1 18 cb 28 f0 dd 36 3d 5e d3 45 23 d0 f4 94 4e 

sm3 hashid32 = f2 55 82 a5 5a a2 51 b1 a4 01 0c 38 7b e5 13 15 14 0e bb df 27 97 e7 0d 26 de ec 8e eb 3f 5f fb 
sm3 hashid8 = 26 de ec 8e eb 3f 5f fb 

rootca.test.v2x.tkca.cn 内容

hex = 80 03 00 81 02 58 81 17 72 6f 6f 74 63 61 2e 74 65 73 74 2e 76 32 78 2e 74 6b 63 61 2e 63 6e 00 00 00 00 00 1f 5b a9 05 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 04 e0 81 01 02 01 ff c0 60 80 01 01 00 02 0e 2b 01 ff c0 60 80 01 01 00 02 0e 2c 01 ff c0 60 80 01 01 00 02 0e 2d 01 ff c0 80 84 21 82 fb 7c 6a 4d 53 d7 42 e2 2e c1 b3 ed 0c 55 93 96 83 90 9e 67 7c e1 97 47 46 52 a0 18 52 b9 67 d6 84 40 6c f6 0f 29 bd d9 2d db b4 c5 1c a6 55 5a b8 94 b4 30 a6 f6 cf 1c 47 e1 99 a3 e5 d9 80 2a 2e 8c 46 83 63 82 05 88 32 af 99 c6 0e 54 69 c6 0b 69 ff 32 6b 8c c5 e0 14 65 2f 78 52 84 82 40 84 0d 

sm3 hashid32 = a7 c2 cf 36 d3 2c e6 fb 99 f1 53 85 2b 37 6d 8d b3 d3 88 e9 0c 4a e4 4c eb 03 52 f8 9c e6 9f 39 
sm3 hashid8 = eb 03 52 f8 9c e6 9f 39 

rootca.v2x.jsits.org.cn 内容

hex = 80 03 00 81 02 58 81 17 72 6f 6f 74 63 61 2e 76 32 78 2e 6a 73 69 74 73 2e 6f 72 67 2e 63 6e 00 00 00 00 00 1f 55 09 9a 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 04 e0 81 01 02 01 ff c0 60 80 01 01 00 02 0e 2b 01 ff c0 60 80 01 01 00 02 0e 2c 01 ff c0 60 80 01 01 00 02 0e 2d 01 ff c0 80 84 21 83 9e ce 5d 51 f6 06 88 65 cb 97 d4 61 03 2c 86 28 d2 9e 9b f0 44 0f f8 0e bd cf 89 e1 96 1f 51 19 84 40 1e 16 6e 9f 4f 21 4a 2b 87 8a 74 85 e6 68 d8 ba 19 aa d2 a1 78 47 d0 7b 2c 3d 23 8d d7 e8 82 22 1e 93 6c a7 8e 02 62 4b 18 21 39 88 9c af 60 91 05 73 7b 5a 6c aa ea b8 2a c0 a7 71 ef 5f 00 ab 

sm3 hashid32 = 48 6d 43 34 ef c7 b5 77 8a 18 13 ba 4e f3 4a b4 2b e5 22 6a c5 e4 f9 26 56 6b ed 42 32 5c 48 a7
sm3 hashid8 =  56 6b ed 42 32 5c 48 a7

根据上述5个根证书的sm3 hashid8,可以将对应的根证书文件保存为对应的名字,类似:

  • 0B89CB67A93CA58C.rca
  • 26DEEC8EEB3F5FFB.rca
  • 468280669CA1F54E.rca
  • 566BED42325C48A7.rca
  • EB0352F89CE69F39.rca

而每一个根证书所对应的PKI体系证书信息可以包含在下述文件中,列表中的CA证书应为从相关CA至该PKI根证书的证书链

  • 0B89CB67A93CA58C.tdcl
  • 26DEEC8EEB3F5FFB.tdcl
  • 468280669CA1F54E.tdcl
  • 566BED42325C48A7.tdcl
  • EB0352F89CE69F39.tdcl

OpenSSL 生成 SM2 密钥

openssl ecparam -name SM2 -genkey -out sm2_ec.key 
cat sm2_ec.key 
-----BEGIN EC PARAMETERS-----
BggqgRzPVQGCLQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIB9dGHE5+6AD9DGmA8g/cEqn8HYTMBhbM+g2XJ16RqZ1oAoGCCqBHM9V
AYItoUQDQgAEJg19rra1BeuYx9ZU1GbfD0ceE9X67/c2hdb6XZLQor5oNVa+o9HZ
WBioc1hNCC2avO1Dpg5ZAb2YsS71TT7Bsw==
-----END EC PRIVATE KEY-----

OpenSSL 根据SM2私钥生成公钥

openssl ec -in sm2_ec.key -pubout -out sm2_ec.pubkey 
read EC key
writing EC key
cat sm2_ec.pubkey 
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEJg19rra1BeuYx9ZU1GbfD0ceE9X6
7/c2hdb6XZLQor5oNVa+o9HZWBioc1hNCC2avO1Dpg5ZAb2YsS71TT7Bsw==
-----END PUBLIC KEY-----

OpenSSL SM3 计算文件Hash

echo "https://const.net.cn" > sign.data 
openssl dgst -SM3 sign.data 
SM3(sign.data)= 8c13610aeb3040b2899ac224ae7db0710030803c424f776e7241340c66a6d553

OpenSSL 使用 SM2 签名文件

openssl dgst -SM3 -sign sm2_ec.key -out sm2_ec.sig sign.data 
Error setting context
140524048778560:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:../crypto/ec/ec_pmeth.c:331:

在当前版本(OpenSSL 1.1.1f)还不支持命令行使用SM2结合SM3签名。将hash算法换成sha256试试。
OpenSSL 使用 SM2 结合 sha256签名

openssl dgst -sha256 -sign sm2_ec.key -out sm2_ec.sig sign.data 
root@hesy-ThinkPad-P15v-Gen-1:/home/hesy/2021/asn1/src/sm# hexdump -C sm2_ec.sig 
00000000  30 46 02 21 00 d7 52 c2  63 a3 12 ff ef af 69 8e  |0F.!..R.c.....i.|
00000010  8a 35 17 9f f2 0c e2 b1  80 fb dd a1 38 a3 59 14  |.5..........8.Y.|
00000020  5a 18 33 ba 43 02 21 00  9d 10 91 a7 5f a4 cf bb  |Z.3.C.!....._...|
00000030  7b 75 c0 27 17 d5 2d 55  09 cc 10 49 29 f8 bc 0d  |{u.'..-U...I)...|
00000040  10 d6 02 db b1 e4 7c 7a                           |......|z|
00000048

OpenSSL 使用 SM2 结合 sha256 验签

openssl dgst -sha256 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data 
Verified OK

OpenSSL 使用 SM2 结合 SM3 验签

openssl dgst -SM3 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data 
Error setting context
140471948707136:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:../crypto/ec/ec_pmeth.c:331:

同上面一样的原因,官方没实现,命令行用不了。

hexdump 查看二进制文件

echo "https://const.net.cn" > bin.data
hesy@hesy-ThinkPad-P15v-Gen-1:~/2021/linux$ hexdump -C bin.data 
00000000  68 74 74 70 73 3a 2f 2f  63 6f 6e 73 74 2e 6e 65  |https://const.ne|
00000010  74 2e 63 6e 0a                                    |t.cn.|
00000015

hexdump 自定义格式显示二进制文件

hexdump -e '4/1 "%02X " "\n"' bin.data 
68 74 74 70
73 3A 2F 2F
63 6F 6E 73
74 2E 6E 65
74 2E 63 6E
0A         
hexdump -e '8/1 "%02X " "\n"' bin.data 
68 74 74 70 73 3A 2F 2F
63 6F 6E 73 74 2E 6E 65
74 2E 63 6E 0A         
hexdump -e '16/1 "%02X " "\n"' bin.data 
68 74 74 70 73 3A 2F 2F 63 6F 6E 73 74 2E 6E 65
74 2E 63 6E 0A                                 
hexdump -e '16/1 "%_p " "\n"' bin.data 
h t t p s : / / c o n s t . n e
t . c n .           
hexdump -e '16/1 "%03d " "\n"' bin.data 
104 116 116 112 115 058 047 047 099 111 110 115 116 046 110 101
116 046 099 110 010 

hexdump 将二进制文件转为十六进制文件

hexdump -e '16/1 "%02X " "\n"' bin.data > hex.data
xxd -r -p hex.data bin.data.1
md5sum *
84d86c7c482190d90838c5de11d99d06  bin.data
84d86c7c482190d90838c5de11d99d06  bin.data.1
a100e4d2a6bcf2faceb56f106dfb1c6b  hex.data

xxd 查看二进制文件

xxd -c 4 -p bin.data 
68747470
733a2f2f
636f6e73
742e6e65
742e636e
0a
xxd -c 8 -p bin.data 
68747470733a2f2f
636f6e73742e6e65
742e636e0a
xxd -c 16 -p bin.data 
68747470733a2f2f636f6e73742e6e65
742e636e0a

xxd 将十六进制文件转为二进制文件

xxd -r -p input.txt output.bin    
xxd -c 16 -p bin.data > hex.data
xxd -r -p hex.data bin.data.1
md5sum *
84d86c7c482190d90838c5de11d99d06  bin.data
84d86c7c482190d90838c5de11d99d06  bin.data.1
2d8c913c2685ef14e39fa97a28c3ad79  hex.data

                        

  • TDCL 可信域CA证书列表 Trusted Domain CA Certificates List

可信根证书列表(TRCL)和可信域CA证书列表(TDCL)的发布可以分为集中式和分布式两种。
集中式发布方式是指可信根证书列表管理机构(TRCLA)将TRCL和各个安全域的TDCL发送给各个安全域,然后由各个安全域确定如何分发给域内的车联网设备。
分布式发布方式是指向车联网设备提供下载TRCL和各个安全域的TDCL的地址,然后由车联网设备自行下载交叉认证时需要的各个认证域的CA证书。
车联网设备可内置TRCLA签名证书,通过对TRCL的验证建立对其它域根证书的信任,通过使用TRCL中的各个根证书验证TDCL,建立对其它域内各个CA的信任,进而具备验证其它域内实体证书的能力。若TRCL和TDCL由各个安全域分发,各安全域分发的内容应与从TRCLA获得的内容一致。

在TRCL中,包含了五个根证书,这个作为我们验证TDCL(可信根证书列表)使用。
tdcl.oer使用0B89CB67A93CA58C.tdcl,0B89CB67A93CA58C.tdcl看签发机构是catarc,这个机构查询了一下,应该是 中国汽车技术研究中心 。
0B89CB67A93CA58C.tdcl hex 内容

hexdump -C 0B89CB67A93CA58C.tdcl 
00000000  01 83 08 dd d7 e5 63 6c  eb 16 d0 00 02 1f 78 ea  |......cl......x.|
00000010  0e 1f 78 f8 1e 01 02 c0  01 02 80 03 00 83 08 0b  |..x.............|
00000020  89 cb 67 a9 3c a5 8c 79  81 15 69 63 61 2e 76 32  |..g.<..y..ica.v2|
00000030  78 63 61 2e 63 61 74 61  72 63 2e 69 6e 66 6f 00  |xca.catarc.info.|
00000040  00 00 00 00 1f 78 b4 a4  86 00 19 83 01 01 80 00  |.....x..........|
00000050  9c 03 01 02 80 02 0e 2b  80 03 83 00 01 80 02 0e  |.......+........|
00000060  2c 80 07 00 01 00 01 01  00 00 01 01 a0 80 01 03  |,...............|
00000070  00 02 0e 2b 00 02 0e 2c  00 02 0e 2d 01 02 c0 01  |...+...,...-....|
00000080  82 21 83 70 38 4f d8 04  10 15 a0 5f fd 5b 99 aa  |.!.p8O....._.[..|
00000090  67 6a db ee 61 cb 77 b1  c0 d2 52 09 3c 87 35 bf  |gj..a.w...R.<.5.|
000000a0  46 63 e6 80 84 21 83 9f  da 6d 5b a8 a6 5e d7 c7  |Fc...!...m[..^..|
000000b0  f4 ca 4c f1 ea 54 51 78  11 bf 18 fb 58 b0 0e bc  |..L..TQx....X...|
000000c0  de b7 81 09 27 dd 62 84  40 ea 0b 6f e7 34 ee c5  |....'.b.@..o.4..|
000000d0  4b 47 6d 4b 46 0a 68 f1  0a 27 6f 7b 0b f9 5b 8c  |KGmKF.h..'o{..[.|
000000e0  d2 14 97 bc 6f b0 25 c9  1c 36 3a 59 54 8c 42 3b  |....o.%..6:YT.B;|
000000f0  b6 88 22 0c b8 2c 05 f4  76 e2 c2 05 17 8c c1 82  |.."..,..v.......|
00000100  e9 94 d5 f4 77 62 58 60  0b 80 03 00 83 08 56 e9  |....wbX`......V.|
00000110  52 03 b2 14 99 38 79 81  15 70 63 61 2e 76 32 78  |R....8y..pca.v2x|
00000120  63 61 2e 63 61 74 61 72  63 2e 69 6e 66 6f 00 00  |ca.catarc.info..|
00000130  00 00 00 1f 78 e3 cb 86  00 14 83 01 01 80 00 9c  |....x...........|
00000140  03 01 02 80 02 0e 2b 80  03 87 00 01 80 02 0e 2c  |......+........,|
00000150  80 07 00 01 00 01 01 00  00 01 01 80 80 01 08 00  |................|
00000160  01 6f 00 01 70 00 01 71  00 01 72 00 02 0e 28 00  |.o..p..q..r...(.|
00000170  02 0e 2b 00 02 0e 2c 00  02 0e 2d 01 02 01 82 21  |..+...,...-....!|
00000180  82 20 27 49 ad 5d 8e a3  3f a8 51 7e 78 76 0f 0b  |. 'I.]..?.Q~xv..|
00000190  f5 0a cd fa d6 40 57 1b  0e ad f8 90 88 0d e8 6e  |.....@W........n|
000001a0  fc 80 84 21 83 0a 04 a2  9a 9f db 55 81 67 cb 0c  |...!.......U.g..|
000001b0  a3 63 bd c7 d9 18 a5 d6  5a 29 b5 84 66 70 ee f3  |.c......Z)..fp..|
000001c0  42 7d bc 44 2c 84 40 1d  ae 8a 7c 94 fa 69 25 13  |B}.D,.@...|..i%.|
000001d0  fe 66 ec 36 6c 9c f5 8d  7f 74 34 24 4f 48 6c f2  |.f.6l....t4$OHl.|
000001e0  05 17 7e a0 87 7b 56 c5  1c a6 56 20 11 a4 7a 42  |..~..{V...V ..zB|
000001f0  9b 81 cb 51 f7 1a f8 ab  04 4b be e1 fd 72 22 02  |...Q.....K...r".|
00000200  63 93 c1 26 1c 23 3e 00  00 c0 01 02 80 03 00 83  |c..&.#>.........|
00000210  08 0b 89 cb 67 a9 3c a5  8c 79 81 15 69 63 61 2e  |....g.<..y..ica.|
00000220  76 32 78 63 61 2e 63 61  74 61 72 63 2e 69 6e 66  |v2xca.catarc.inf|
00000230  6f 00 00 00 00 00 1f 78  b4 a4 86 00 19 83 01 01  |o......x........|
00000240  80 00 9c 03 01 02 80 02  0e 2b 80 03 83 00 01 80  |.........+......|
00000250  02 0e 2c 80 07 00 01 00  01 01 00 00 01 01 a0 80  |..,.............|
00000260  01 03 00 02 0e 2b 00 02  0e 2c 00 02 0e 2d 01 02  |.....+...,...-..|
00000270  c0 01 82 21 83 70 38 4f  d8 04 10 15 a0 5f fd 5b  |...!.p8O....._.[|
00000280  99 aa 67 6a db ee 61 cb  77 b1 c0 d2 52 09 3c 87  |..gj..a.w...R.<.|
00000290  35 bf 46 63 e6 80 84 21  83 9f da 6d 5b a8 a6 5e  |5.Fc...!...m[..^|
000002a0  d7 c7 f4 ca 4c f1 ea 54  51 78 11 bf 18 fb 58 b0  |....L..TQx....X.|
000002b0  0e bc de b7 81 09 27 dd  62 84 40 ea 0b 6f e7 34  |......'.b.@..o.4|
000002c0  ee c5 4b 47 6d 4b 46 0a  68 f1 0a 27 6f 7b 0b f9  |..KGmKF.h..'o{..|
000002d0  5b 8c d2 14 97 bc 6f b0  25 c9 1c 36 3a 59 54 8c  |[.....o.%..6:YT.|
000002e0  42 3b b6 88 22 0c b8 2c  05 f4 76 e2 c2 05 17 8c  |B;.."..,..v.....|
000002f0  c1 82 e9 94 d5 f4 77 62  58 60 0b 80 03 00 83 08  |......wbX`......|
00000300  56 e9 52 03 b2 14 99 38  79 81 15 65 63 61 2e 76  |V.R....8y..eca.v|
00000310  32 78 63 61 2e 63 61 74  61 72 63 2e 69 6e 66 6f  |2xca.catarc.info|
00000320  00 00 00 00 00 1f 78 da  3a 86 00 14 83 01 01 80  |......x.:.......|
00000330  00 9c 03 01 02 80 02 0e  2b 80 03 84 00 01 80 02  |........+.......|
00000340  0e 2c 80 07 00 01 00 01  01 00 00 01 01 a0 80 01  |.,..............|
00000350  03 00 02 0e 2b 00 02 0e  2c 00 02 0e 2d 01 02 40  |....+...,...-..@|
00000360  01 82 21 82 95 62 51 c1  23 14 c5 60 c2 f6 0c 25  |..!..bQ.#..`...%|
00000370  21 86 64 72 a6 91 f7 bd  40 b3 2b c4 64 da 1b 45  |!.dr....@.+.d..E|
00000380  3b d0 74 4d 80 84 21 83  2a a8 83 46 7d 24 77 39  |;.tM..!.*..F}$w9|
00000390  5c 09 ad 5f 20 d4 9b 7b  e1 b9 f3 49 2d 22 aa 9b  |\.._ ..{...I-"..|
000003a0  3f 80 f1 58 6e 17 e3 65  84 40 19 4f b3 25 1b 0d  |?..Xn..e.@.O.%..|
000003b0  ab 01 f4 8b bf 99 03 f1  8c f4 97 e2 57 07 7f 8f  |............W...|
000003c0  2f 28 d0 58 ca 92 ae 5a  4a 0c 0e 39 24 88 69 09  |/(.X...ZJ..9$.i.|
000003d0  34 95 c6 e6 a2 9a f0 ed  7c 7c d5 42 59 81 49 e4  |4.......||.BY.I.|
000003e0  48 f4 02 f1 0f 87 eb 07  6e fe 00 00 84 40 31 51  |H.......n....@1Q|
000003f0  be 75 da 09 df 23 49 39  82 f0 5f 9f 8c 40 10 da  |.u...#I9.._..@..|
00000400  59 2c fa db 37 ca aa ce  eb 45 71 d7 66 47 88 85  |Y,..7....Eq.fG..|
00000410  4c 6b 23 49 8c fb c0 ea  e5 6c 00 be 35 3e 2e 2b  |Lk#I.....l..5>.+|
00000420  3b 42 47 6e ed cf 74 07  8c d7 a1 56 26 f6        |;BGn..t....V&.|
0000042e

0B89CB67A93CA58C.tdcl XML 格式内容

<?xml version="1.0"?>
<PkiCtl>
    <toBeSignedPkiCtl>
        <version>1</version>
        <issuer>
            <sm3AndDigest>DD D7 E5 63 6C EB 16 D0</sm3AndDigest>
        </issuer>
        <series>2</series>
        <issueDate>528017934</issueDate>
        <nextPkiCtl>528021534</nextPkiCtl>
        <pkiCertInfoList>
            <PkiCertInfo>
                <certificate>
                    <Certificate>
                        <version>3</version>
                        <type>
                            <explicit/>
                        </type>
                        <issuer>
                            <sm3AndDigest>0B 89 CB 67 A9 3C A5 8C</sm3AndDigest>
                        </issuer>
                        <toBeSigned>
                            <id>
                                <name>ica.v2xca.catarc.info</name>
                            </id>
                            <cracaId>00 00 00</cracaId>
                            <crlSeries>0</crlSeries>
                            <validityPeriod>
                                <start>528004260</start>
                                <duration>
                                    <years>25</years>
                                </duration>
                            </validityPeriod>
                            <region>
                                <identifiedRegion>
                                    <countryOnly>156</countryOnly>
                                </identifiedRegion>
                            </region>
                            <assuranceLevel>03</assuranceLevel>
                            <appPermissions>
                                <AidSsp>
                                    <aid>3627</aid>
                                    <ssp>
                                        <opaque>83 00 01</opaque>
                                    </ssp>
                                </AidSsp>
                                <AidSsp>
                                    <aid>3628</aid>
                                    <ssp>
                                        <opaque>00 01 00 01 01 00 00</opaque>
                                    </ssp>
                                </AidSsp>
                            </appPermissions>
                            <certIssuePermissions>
                                <AidGroupPermissions>
                                    <subjectPermissions>
                                        <explicit>
                                            <AidSspRange>
                                                <aid>3627</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3628</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3629</aid>
                                            </AidSspRange>
                                        </explicit>
                                    </subjectPermissions>
                                    <minChainLength>2</minChainLength>
                                    <chainLengthRange>0</chainLengthRange>
                                    <eeType>
                                        11000000
                                    </eeType>
                                </AidGroupPermissions>
                            </certIssuePermissions>
                            <encryptionKey>
                                <supportedSymmAlg>
                                    <sm4Ccm/>
                                </supportedSymmAlg>
                                <publicKey>
                                    <ecencSm2>
                                        <compressed-y-1>
                                            70 38 4F D8 04 10 15 A0 5F FD 5B 99 AA 67 6A DB 
                                            EE 61 CB 77 B1 C0 D2 52 09 3C 87 35 BF 46 63 E6
                                        </compressed-y-1>
                                    </ecencSm2>
                                </publicKey>
                            </encryptionKey>
                            <verifyKeyIndicator>
                                <verificationKey>
                                    <ecsigSm2>
                                        <compressed-y-1>
                                            9F DA 6D 5B A8 A6 5E D7 C7 F4 CA 4C F1 EA 54 51 
                                            78 11 BF 18 FB 58 B0 0E BC DE B7 81 09 27 DD 62
                                        </compressed-y-1>
                                    </ecsigSm2>
                                </verificationKey>
                            </verifyKeyIndicator>
                        </toBeSigned>
                        <signature>
                            <sm2Signature>
                                <rSig>
                                    EA 0B 6F E7 34 EE C5 4B 47 6D 4B 46 0A 68 F1 0A 
                                    27 6F 7B 0B F9 5B 8C D2 14 97 BC 6F B0 25 C9 1C
                                </rSig>
                                <sSig>
                                    36 3A 59 54 8C 42 3B B6 88 22 0C B8 2C 05 F4 76 
                                    E2 C2 05 17 8C C1 82 E9 94 D5 F4 77 62 58 60 0B
                                </sSig>
                            </sm2Signature>
                        </signature>
                    </Certificate>
                    <Certificate>
                        <version>3</version>
                        <type>
                            <explicit/>
                        </type>
                        <issuer>
                            <sm3AndDigest>56 E9 52 03 B2 14 99 38</sm3AndDigest>
                        </issuer>
                        <toBeSigned>
                            <id>
                                <name>pca.v2xca.catarc.info</name>
                            </id>
                            <cracaId>00 00 00</cracaId>
                            <crlSeries>0</crlSeries>
                            <validityPeriod>
                                <start>528016331</start>
                                <duration>
                                    <years>20</years>
                                </duration>
                            </validityPeriod>
                            <region>
                                <identifiedRegion>
                                    <countryOnly>156</countryOnly>
                                </identifiedRegion>
                            </region>
                            <assuranceLevel>03</assuranceLevel>
                            <appPermissions>
                                <AidSsp>
                                    <aid>3627</aid>
                                    <ssp>
                                        <opaque>87 00 01</opaque>
                                    </ssp>
                                </AidSsp>
                                <AidSsp>
                                    <aid>3628</aid>
                                    <ssp>
                                        <opaque>00 01 00 01 01 00 00</opaque>
                                    </ssp>
                                </AidSsp>
                            </appPermissions>
                            <certIssuePermissions>
                                <AidGroupPermissions>
                                    <subjectPermissions>
                                        <explicit>
                                            <AidSspRange>
                                                <aid>111</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>112</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>113</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>114</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3624</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3627</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3628</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3629</aid>
                                            </AidSspRange>
                                        </explicit>
                                    </subjectPermissions>
                                    <minChainLength>2</minChainLength>
                                    <chainLengthRange>0</chainLengthRange>
                                </AidGroupPermissions>
                            </certIssuePermissions>
                            <encryptionKey>
                                <supportedSymmAlg>
                                    <sm4Ccm/>
                                </supportedSymmAlg>
                                <publicKey>
                                    <ecencSm2>
                                        <compressed-y-0>
                                            20 27 49 AD 5D 8E A3 3F A8 51 7E 78 76 0F 0B F5 
                                            0A CD FA D6 40 57 1B 0E AD F8 90 88 0D E8 6E FC
                                        </compressed-y-0>
                                    </ecencSm2>
                                </publicKey>
                            </encryptionKey>
                            <verifyKeyIndicator>
                                <verificationKey>
                                    <ecsigSm2>
                                        <compressed-y-1>
                                            0A 04 A2 9A 9F DB 55 81 67 CB 0C A3 63 BD C7 D9 
                                            18 A5 D6 5A 29 B5 84 66 70 EE F3 42 7D BC 44 2C
                                        </compressed-y-1>
                                    </ecsigSm2>
                                </verificationKey>
                            </verifyKeyIndicator>
                        </toBeSigned>
                        <signature>
                            <sm2Signature>
                                <rSig>
                                    1D AE 8A 7C 94 FA 69 25 13 FE 66 EC 36 6C 9C F5 
                                    8D 7F 74 34 24 4F 48 6C F2 05 17 7E A0 87 7B 56
                                </rSig>
                                <sSig>
                                    C5 1C A6 56 20 11 A4 7A 42 9B 81 CB 51 F7 1A F8 
                                    AB 04 4B BE E1 FD 72 22 02 63 93 C1 26 1C 23 3E
                                </sSig>
                            </sm2Signature>
                        </signature>
                    </Certificate>
                </certificate>
                <crlUrl/>
                <maUrl/>
            </PkiCertInfo>
            <PkiCertInfo>
                <certificate>
                    <Certificate>
                        <version>3</version>
                        <type>
                            <explicit/>
                        </type>
                        <issuer>
                            <sm3AndDigest>0B 89 CB 67 A9 3C A5 8C</sm3AndDigest>
                        </issuer>
                        <toBeSigned>
                            <id>
                                <name>ica.v2xca.catarc.info</name>
                            </id>
                            <cracaId>00 00 00</cracaId>
                            <crlSeries>0</crlSeries>
                            <validityPeriod>
                                <start>528004260</start>
                                <duration>
                                    <years>25</years>
                                </duration>
                            </validityPeriod>
                            <region>
                                <identifiedRegion>
                                    <countryOnly>156</countryOnly>
                                </identifiedRegion>
                            </region>
                            <assuranceLevel>03</assuranceLevel>
                            <appPermissions>
                                <AidSsp>
                                    <aid>3627</aid>
                                    <ssp>
                                        <opaque>83 00 01</opaque>
                                    </ssp>
                                </AidSsp>
                                <AidSsp>
                                    <aid>3628</aid>
                                    <ssp>
                                        <opaque>00 01 00 01 01 00 00</opaque>
                                    </ssp>
                                </AidSsp>
                            </appPermissions>
                            <certIssuePermissions>
                                <AidGroupPermissions>
                                    <subjectPermissions>
                                        <explicit>
                                            <AidSspRange>
                                                <aid>3627</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3628</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3629</aid>
                                            </AidSspRange>
                                        </explicit>
                                    </subjectPermissions>
                                    <minChainLength>2</minChainLength>
                                    <chainLengthRange>0</chainLengthRange>
                                    <eeType>
                                        11000000
                                    </eeType>
                                </AidGroupPermissions>
                            </certIssuePermissions>
                            <encryptionKey>
                                <supportedSymmAlg>
                                    <sm4Ccm/>
                                </supportedSymmAlg>
                                <publicKey>
                                    <ecencSm2>
                                        <compressed-y-1>
                                            70 38 4F D8 04 10 15 A0 5F FD 5B 99 AA 67 6A DB 
                                            EE 61 CB 77 B1 C0 D2 52 09 3C 87 35 BF 46 63 E6
                                        </compressed-y-1>
                                    </ecencSm2>
                                </publicKey>
                            </encryptionKey>
                            <verifyKeyIndicator>
                                <verificationKey>
                                    <ecsigSm2>
                                        <compressed-y-1>
                                            9F DA 6D 5B A8 A6 5E D7 C7 F4 CA 4C F1 EA 54 51 
                                            78 11 BF 18 FB 58 B0 0E BC DE B7 81 09 27 DD 62
                                        </compressed-y-1>
                                    </ecsigSm2>
                                </verificationKey>
                            </verifyKeyIndicator>
                        </toBeSigned>
                        <signature>
                            <sm2Signature>
                                <rSig>
                                    EA 0B 6F E7 34 EE C5 4B 47 6D 4B 46 0A 68 F1 0A 
                                    27 6F 7B 0B F9 5B 8C D2 14 97 BC 6F B0 25 C9 1C
                                </rSig>
                                <sSig>
                                    36 3A 59 54 8C 42 3B B6 88 22 0C B8 2C 05 F4 76 
                                    E2 C2 05 17 8C C1 82 E9 94 D5 F4 77 62 58 60 0B
                                </sSig>
                            </sm2Signature>
                        </signature>
                    </Certificate>
                    <Certificate>
                        <version>3</version>
                        <type>
                            <explicit/>
                        </type>
                        <issuer>
                            <sm3AndDigest>56 E9 52 03 B2 14 99 38</sm3AndDigest>
                        </issuer>
                        <toBeSigned>
                            <id>
                                <name>eca.v2xca.catarc.info</name>
                            </id>
                            <cracaId>00 00 00</cracaId>
                            <crlSeries>0</crlSeries>
                            <validityPeriod>
                                <start>528013882</start>
                                <duration>
                                    <years>20</years>
                                </duration>
                            </validityPeriod>
                            <region>
                                <identifiedRegion>
                                    <countryOnly>156</countryOnly>
                                </identifiedRegion>
                            </region>
                            <assuranceLevel>03</assuranceLevel>
                            <appPermissions>
                                <AidSsp>
                                    <aid>3627</aid>
                                    <ssp>
                                        <opaque>84 00 01</opaque>
                                    </ssp>
                                </AidSsp>
                                <AidSsp>
                                    <aid>3628</aid>
                                    <ssp>
                                        <opaque>00 01 00 01 01 00 00</opaque>
                                    </ssp>
                                </AidSsp>
                            </appPermissions>
                            <certIssuePermissions>
                                <AidGroupPermissions>
                                    <subjectPermissions>
                                        <explicit>
                                            <AidSspRange>
                                                <aid>3627</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3628</aid>
                                            </AidSspRange>
                                            <AidSspRange>
                                                <aid>3629</aid>
                                            </AidSspRange>
                                        </explicit>
                                    </subjectPermissions>
                                    <minChainLength>2</minChainLength>
                                    <chainLengthRange>0</chainLengthRange>
                                    <eeType>
                                        01000000
                                    </eeType>
                                </AidGroupPermissions>
                            </certIssuePermissions>
                            <encryptionKey>
                                <supportedSymmAlg>
                                    <sm4Ccm/>
                                </supportedSymmAlg>
                                <publicKey>
                                    <ecencSm2>
                                        <compressed-y-0>
                                            95 62 51 C1 23 14 C5 60 C2 F6 0C 25 21 86 64 72 
                                            A6 91 F7 BD 40 B3 2B C4 64 DA 1B 45 3B D0 74 4D
                                        </compressed-y-0>
                                    </ecencSm2>
                                </publicKey>
                            </encryptionKey>
                            <verifyKeyIndicator>
                                <verificationKey>
                                    <ecsigSm2>
                                        <compressed-y-1>
                                            2A A8 83 46 7D 24 77 39 5C 09 AD 5F 20 D4 9B 7B 
                                            E1 B9 F3 49 2D 22 AA 9B 3F 80 F1 58 6E 17 E3 65
                                        </compressed-y-1>
                                    </ecsigSm2>
                                </verificationKey>
                            </verifyKeyIndicator>
                        </toBeSigned>
                        <signature>
                            <sm2Signature>
                                <rSig>
                                    19 4F B3 25 1B 0D AB 01 F4 8B BF 99 03 F1 8C F4 
                                    97 E2 57 07 7F 8F 2F 28 D0 58 CA 92 AE 5A 4A 0C
                                </rSig>
                                <sSig>
                                    0E 39 24 88 69 09 34 95 C6 E6 A2 9A F0 ED 7C 7C 
                                    D5 42 59 81 49 E4 48 F4 02 F1 0F 87 EB 07 6E FE
                                </sSig>
                            </sm2Signature>
                        </signature>
                    </Certificate>
                </certificate>
                <crlUrl/>
                <maUrl/>
            </PkiCertInfo>
        </pkiCertInfoList>
    </toBeSignedPkiCtl>
    <signature>
        <sm2Signature>
            <rSig>
                31 51 BE 75 DA 09 DF 23 49 39 82 F0 5F 9F 8C 40 
                10 DA 59 2C FA DB 37 CA AA CE EB 45 71 D7 66 47
            </rSig>
            <sSig>
                88 85 4C 6B 23 49 8C FB C0 EA E5 6C 00 BE 35 3E 
                2E 2B 3B 42 47 6E ED CF 74 07 8C D7 A1 56 26 F6
            </sSig>
        </sm2Signature>
    </signature>
</PkiCtl>

根据XML内容,初步解读,该TDCL包含二条证书链rca->ica->pca以及rca->ica->eca,共以下三种证书:
<name>ica.v2xca.catarc.info</name>
<name>pca.v2xca.catarc.info</name>
<name>eca.v2xca.catarc.info</name>
将证书解析出来
四个证书xml如下
ica.v2xca.catarc.info

<Certificate>
    <version>3</version>
    <type><explicit/></type>
    <issuer>
        <sm3AndDigest>0B 89 CB 67 A9 3C A5 8C</sm3AndDigest>
    </issuer>
    <toBeSigned>
        <id>
            <name>ica.v2xca.catarc.info</name>
        </id>
        <cracaId>00 00 00</cracaId>
        <crlSeries>0</crlSeries>
        <validityPeriod>
            <start>528004260</start>
            <duration>
                <years>25</years>
            </duration>
        </validityPeriod>
        <region>
            <identifiedRegion>
                    <countryOnly>156</countryOnly>
                
            </identifiedRegion>
        </region>
        <assuranceLevel>03</assuranceLevel>
        <appPermissions>
            <AidSsp>
                <aid>3627</aid>
                <ssp>
                    <opaque>83 00 01</opaque>
                </ssp>
            </AidSsp>
            <AidSsp>
                <aid>3628</aid>
                <ssp>
                    <opaque>00 01 00 01 01 00 00</opaque>
                </ssp>
            </AidSsp>
        </appPermissions>
        <certIssuePermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <explicit>
                        <AidSspRange>
                            <aid>3627</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3628</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3629</aid>
                        </AidSspRange>
                    </explicit>
                </subjectPermissions>
                <minChainLength>2</minChainLength>
                <chainLengthRange>0</chainLengthRange>
                <eeType>
                    11000000
                </eeType>
            </AidGroupPermissions>
        </certIssuePermissions>
        <encryptionKey>
            <supportedSymmAlg><sm4Ccm/></supportedSymmAlg>
            <publicKey>
                <ecencSm2>
                    <compressed-y-1>
                        70 38 4F D8 04 10 15 A0 5F FD 5B 99 AA 67 6A DB 
                        EE 61 CB 77 B1 C0 D2 52 09 3C 87 35 BF 46 63 E6
                    </compressed-y-1>
                </ecencSm2>
            </publicKey>
        </encryptionKey>
        <verifyKeyIndicator>
            <verificationKey>
                <ecsigSm2>
                    <compressed-y-1>
                        9F DA 6D 5B A8 A6 5E D7 C7 F4 CA 4C F1 EA 54 51 
                        78 11 BF 18 FB 58 B0 0E BC DE B7 81 09 27 DD 62
                    </compressed-y-1>
                </ecsigSm2>
            </verificationKey>
        </verifyKeyIndicator>
    </toBeSigned>
    <signature>
        <sm2Signature>
            <rSig>
                EA 0B 6F E7 34 EE C5 4B 47 6D 4B 46 0A 68 F1 0A 
                27 6F 7B 0B F9 5B 8C D2 14 97 BC 6F B0 25 C9 1C
            </rSig>
            <sSig>
                36 3A 59 54 8C 42 3B B6 88 22 0C B8 2C 05 F4 76 
                E2 C2 05 17 8C C1 82 E9 94 D5 F4 77 62 58 60 0B
            </sSig>
        </sm2Signature>
    </signature>
</Certificate>

可以看到证书的签发者为:0B 89 CB 67 A9 3C A5 8C,这个是根证书的hashid8,可以知道这个ica是rca签发的。我们计算一下ica证书的hashid值
81 aa 4d 94 ed 82 73 ef 46 ca eb 9d 3e c6 92 ed 75 06 d0 16 50 ed b7 9f 56 e9 52 03 b2 14 99 38
接下来第二个证书 pca.v2xca.catarc.info

<Certificate>
    <version>3</version>
    <type><explicit/></type>
    <issuer>
        <sm3AndDigest>56 E9 52 03 B2 14 99 38</sm3AndDigest>
    </issuer>
    <toBeSigned>
        <id>
            <name>pca.v2xca.catarc.info</name>
        </id>
        <cracaId>00 00 00</cracaId>
        <crlSeries>0</crlSeries>
        <validityPeriod>
            <start>528016331</start>
            <duration>
                <years>20</years>
            </duration>
        </validityPeriod>
        <region>
            <identifiedRegion>
                    <countryOnly>156</countryOnly>
                
            </identifiedRegion>
        </region>
        <assuranceLevel>03</assuranceLevel>
        <appPermissions>
            <AidSsp>
                <aid>3627</aid>
                <ssp>
                    <opaque>87 00 01</opaque>
                </ssp>
            </AidSsp>
            <AidSsp>
                <aid>3628</aid>
                <ssp>
                    <opaque>00 01 00 01 01 00 00</opaque>
                </ssp>
            </AidSsp>
        </appPermissions>
        <certIssuePermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <explicit>
                        <AidSspRange>
                            <aid>111</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>112</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>113</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>114</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3624</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3627</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3628</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3629</aid>
                        </AidSspRange>
                    </explicit>
                </subjectPermissions>
                <minChainLength>2</minChainLength>
                <chainLengthRange>0</chainLengthRange>
            </AidGroupPermissions>
        </certIssuePermissions>
        <encryptionKey>
            <supportedSymmAlg><sm4Ccm/></supportedSymmAlg>
            <publicKey>
                <ecencSm2>
                    <compressed-y-0>
                        20 27 49 AD 5D 8E A3 3F A8 51 7E 78 76 0F 0B F5 
                        0A CD FA D6 40 57 1B 0E AD F8 90 88 0D E8 6E FC
                    </compressed-y-0>
                </ecencSm2>
            </publicKey>
        </encryptionKey>
        <verifyKeyIndicator>
            <verificationKey>
                <ecsigSm2>
                    <compressed-y-1>
                        0A 04 A2 9A 9F DB 55 81 67 CB 0C A3 63 BD C7 D9 
                        18 A5 D6 5A 29 B5 84 66 70 EE F3 42 7D BC 44 2C
                    </compressed-y-1>
                </ecsigSm2>
            </verificationKey>
        </verifyKeyIndicator>
    </toBeSigned>
    <signature>
        <sm2Signature>
            <rSig>
                1D AE 8A 7C 94 FA 69 25 13 FE 66 EC 36 6C 9C F5 
                8D 7F 74 34 24 4F 48 6C F2 05 17 7E A0 87 7B 56
            </rSig>
            <sSig>
                C5 1C A6 56 20 11 A4 7A 42 9B 81 CB 51 F7 1A F8 
                AB 04 4B BE E1 FD 72 22 02 63 93 C1 26 1C 23 3E
            </sSig>
        </sm2Signature>
    </signature>
</Certificate>

计算pca的hashid为 a2 2b ad 7b 3b 6d 56 65 a6 4f ab 01 b4 69 85 68 24 ef 55 09 70 21 68 c1 aa 87 40 65 7b 89 17 3b

第三个证书 eca.v2xca.catarc.info

<Certificate>
    <version>3</version>
    <type><explicit/></type>
    <issuer>
        <sm3AndDigest>56 E9 52 03 B2 14 99 38</sm3AndDigest>
    </issuer>
    <toBeSigned>
        <id>
            <name>eca.v2xca.catarc.info</name>
        </id>
        <cracaId>00 00 00</cracaId>
        <crlSeries>0</crlSeries>
        <validityPeriod>
            <start>528013882</start>
            <duration>
                <years>20</years>
            </duration>
        </validityPeriod>
        <region>
            <identifiedRegion>
                    <countryOnly>156</countryOnly>
                
            </identifiedRegion>
        </region>
        <assuranceLevel>03</assuranceLevel>
        <appPermissions>
            <AidSsp>
                <aid>3627</aid>
                <ssp>
                    <opaque>84 00 01</opaque>
                </ssp>
            </AidSsp>
            <AidSsp>
                <aid>3628</aid>
                <ssp>
                    <opaque>00 01 00 01 01 00 00</opaque>
                </ssp>
            </AidSsp>
        </appPermissions>
        <certIssuePermissions>
            <AidGroupPermissions>
                <subjectPermissions>
                    <explicit>
                        <AidSspRange>
                            <aid>3627</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3628</aid>
                        </AidSspRange>
                        <AidSspRange>
                            <aid>3629</aid>
                        </AidSspRange>
                    </explicit>
                </subjectPermissions>
                <minChainLength>2</minChainLength>
                <chainLengthRange>0</chainLengthRange>
                <eeType>
                    01000000
                </eeType>
            </AidGroupPermissions>
        </certIssuePermissions>
        <encryptionKey>
            <supportedSymmAlg><sm4Ccm/></supportedSymmAlg>
            <publicKey>
                <ecencSm2>
                    <compressed-y-0>
                        95 62 51 C1 23 14 C5 60 C2 F6 0C 25 21 86 64 72 
                        A6 91 F7 BD 40 B3 2B C4 64 DA 1B 45 3B D0 74 4D
                    </compressed-y-0>
                </ecencSm2>
            </publicKey>
        </encryptionKey>
        <verifyKeyIndicator>
            <verificationKey>
                <ecsigSm2>
                    <compressed-y-1>
                        2A A8 83 46 7D 24 77 39 5C 09 AD 5F 20 D4 9B 7B 
                        E1 B9 F3 49 2D 22 AA 9B 3F 80 F1 58 6E 17 E3 65
                    </compressed-y-1>
                </ecsigSm2>
            </verificationKey>
        </verifyKeyIndicator>
    </toBeSigned>
    <signature>
        <sm2Signature>
            <rSig>
                19 4F B3 25 1B 0D AB 01 F4 8B BF 99 03 F1 8C F4 
                97 E2 57 07 7F 8F 2F 28 D0 58 CA 92 AE 5A 4A 0C
            </rSig>
            <sSig>
                0E 39 24 88 69 09 34 95 C6 E6 A2 9A F0 ED 7C 7C 
                D5 42 59 81 49 E4 48 F4 02 F1 0F 87 EB 07 6E FE
            </sSig>
        </sm2Signature>
    </signature>
</Certificate>

SM3 hashid = 48 56 0b 75 07 ec 6a 4d 7a 3d c9 fb cd 28 23 c9 32 8d a4 35 7c f8 e9 d4 9e ff 0c c5 da 67 90 64

catarc的证书链如下所示

rca
    └── ica
        ├── eca
        └── pca 

通过分析,我们得到一条完整的证书链信息,当接收到OBU使用PC签发的安全信息时,可以使用上面的PCA证书进行验证。

将所有证书汇总,我们得到下面四个证书

├── catarc_eca.oer
├── catarc_ica.oer
├── catarc_pca.oer
├── catarc_rca.oer

其他的tdcl.oer文件,都是类似原理,只是各个CA厂商实现的证书体系可能不同。
26DEEC8EEB3F5FFB.tdcl 是一个混合了多个厂家的列表,这应该只是一个混乱过程阶段的产物。看各家的CA实现,看他们签发者与命名就可以了。
解析如下:

PkiCertInfo count = 7
PkiCertInfo 0:
Certificate 0.0:
name = eca.datang.v2x.xdja.com
issuer = de c7 78 b2 09 56 03 03 
0.0.hash = b7 a9 5d bb f4 22 76 86 5e 6b 32 e9 f8 05 6b bd 34 c7 1f c0 b5 69 3a 9f 7d 62 d8 f4 9a 68 b9 e4 
Certificate 0.1:
name = ica.datang.v2x.xdja.com
issuer = 26 de ec 8e eb 3f 5f fb 
0.1.hash = c8 36 41 8d c1 9b 24 58 23 ff 3c f8 62 26 9a 3b c7 00 58 fa dd b8 eb dd de c7 78 b2 09 56 03 03 
Certificate 0.2:
name = pca.datang.v2x.xdja.com
issuer = de c7 78 b2 09 56 03 03 
0.2.hash = d4 23 87 82 92 68 c6 a2 88 fc ba 7d c0 f0 72 47 0a f9 eb a3 68 20 e1 63 4b fa 0e 90 c0 30 51 79 
Certificate 0.3:
name = pra.datang.v2x.xdja.com
issuer = de c7 78 b2 09 56 03 03 
0.3.hash = d5 5d 8d e2 05 28 fe b0 5c 2f ac 4d a0 40 2f 14 b6 f2 8d 5c 29 49 c5 df 0d 7e 9f 69 04 0c 47 fa 
PkiCertInfo 1:
Certificate 1.0:
name = www.aca.infosec.com.cn
issuer = 24 b0 a5 e9 d0 b7 6a 85 
1.0.hash = 42 28 2d a1 0d 8b 05 5d 4f 12 c3 ef 1f 2c 88 9d a8 44 57 ce 62 bb 1f 6e ba 22 27 9d a4 f9 b0 a8 
Certificate 1.1:
name = www.eca.infosec.com.cn
issuer = 24 b0 a5 e9 d0 b7 6a 85 
1.1.hash = 20 b6 3f 80 30 3a cc ed d8 4d 5f 4a 2a 69 7d da 55 49 62 f0 33 49 a2 e3 af 7d ce 55 a4 78 b2 23 
Certificate 1.2:
name = www.ica.infosec.com.cn
issuer = 26 de ec 8e eb 3f 5f fb 
1.2.hash = 3f 4a 40 bb 0c 1f 6d ff f4 78 2a 14 ad 71 d1 8b b4 5b b5 c5 be e0 99 7e 24 b0 a5 e9 d0 b7 6a 85 
Certificate 1.3:
name = www.pca.infosec.com.cn
issuer = 24 b0 a5 e9 d0 b7 6a 85 
1.3.hash = 37 a4 bf c5 36 3b 08 b3 fa c9 0d 7e 26 a2 74 39 02 e6 40 06 41 e0 e5 6a 36 c3 04 21 b7 35 35 6a 
Certificate 1.4:
name = www.pra.infosec.com.cn
issuer = 24 b0 a5 e9 d0 b7 6a 85 
1.4.hash = 7d e4 b0 5d ba f9 60 ce e8 44 01 05 f9 e2 26 ef a3 bd 91 58 ee db 38 28 b4 63 0c 73 28 12 87 0b 
PkiCertInfo 2:
Certificate 2.0:
name = aca.i-wall.cn
issuer = ca a9 ea 81 eb 77 b7 b1 
2.0.hash = 30 94 18 88 fe e4 38 eb 7b da 85 f4 11 7f 1b c4 8e 27 61 b4 0d 82 9f b6 97 31 54 2c 33 de 2a 6a 
Certificate 2.1:
name = ara.i-wall.cn
issuer = ca a9 ea 81 eb 77 b7 b1 
2.1.hash = a9 bd 17 f1 a0 2e 8b 4a 0e 76 46 cd 93 28 ce 4a 5f d1 49 07 bc 1e 36 ec 0b 7d 62 48 49 c1 3d 2e 
Certificate 2.2:
name = eca.i-wall.cn
issuer = ca a9 ea 81 eb 77 b7 b1 
2.2.hash = 28 93 98 d5 5a 36 ba 5a f8 96 23 53 5f 0c 0c b3 7c 1e 74 ae 44 6f b0 06 e5 c3 e3 6f 0c e5 a3 58 
Certificate 2.3:
name = www.i-wall.cn
issuer = 26 de ec 8e eb 3f 5f fb 
2.3.hash = a2 c1 7e 1d c5 8c 20 fa 86 0f 1f b3 28 f7 63 f8 6f 58 01 55 3b 90 7b 4e ca a9 ea 81 eb 77 b7 b1 
Certificate 2.4:
name = pca.i-wall.cn
issuer = ca a9 ea 81 eb 77 b7 b1 
2.4.hash = 5d 73 ef 63 d7 96 37 38 88 c7 89 51 57 42 36 81 ff c4 a2 cb 3d 24 28 89 f9 e2 39 40 ef 99 53 3f 
Certificate 2.5:
name = pra.i-wall.cn
issuer = ca a9 ea 81 eb 77 b7 b1 
2.5.hash = 95 29 d0 d4 d3 25 4e 60 60 cb a8 65 5a 0b 62 4c 2f 16 b0 b3 2b 68 42 89 2e b9 0c 52 ad 4d 0a 80 
PkiCertInfo 3:
Certificate 3.0:
name = rootca.datangmobile.cn
issuer = self
3.0.hash = f2 55 82 a5 5a a2 51 b1 a4 01 0c 38 7b e5 13 15 14 0e bb df 27 97 e7 0d 26 de ec 8e eb 3f 5f fb 
Certificate 3.1:
name = 
issuer = self
3.1.hash = 9e 6d c6 9a 3b 58 f7 70 a6 6d b6 0f 9f 70 f6 a0 81 58 b8 f6 9f 7a ae 58 fc 41 a6 19 66 e0 29 fb 
Certificate 3.2:
name = www.westone.cn.eca
issuer = 26 de ec 8e eb 3f 5f fb 
3.2.hash = 02 d6 cc f6 c7 2a 31 98 cb 78 fe ed 2c e8 47 8c 5e 78 8c 4a 7a 31 52 a6 c9 69 ea 6b f9 a1 0f bf 
Certificate 3.3:
name = www.westone.cn.pca
issuer = 26 de ec 8e eb 3f 5f fb 
3.3.hash = a2 01 ee 7b f5 0c 25 b5 67 3d 62 61 0d 45 d7 43 96 25 08 fb 12 03 1e 75 8f a8 be ff 25 12 be d7 
PkiCertInfo 4:
Certificate 4.0:
name = aca.datangmobile.cn
issuer = 26 de ec 8e eb 3f 5f fb 
4.0.hash = 63 11 20 c3 93 78 dc 64 bd 63 0d 1c a7 b5 67 21 00 7d c8 30 1c e2 c0 22 cb 8d 4c 01 ed a5 bc 7e 
Certificate 4.1:
name = eca.datangmobile.cn
issuer = 26 de ec 8e eb 3f 5f fb 
4.1.hash = 2b 82 17 11 63 40 62 98 89 90 bd bd e7 35 43 fb 47 43 91 d7 f0 d0 4f a7 82 7f ac e3 c1 b2 33 ab 
Certificate 4.2:
name = pca.datangmobile.cn
issuer = 26 de ec 8e eb 3f 5f fb 
4.2.hash = 67 15 f3 0a ae 19 86 01 d3 03 45 c0 6c b2 a1 ff 0c a9 6b c1 fe f6 4c 8d 6e 7a 54 68 41 df 5e 3d 
Certificate 4.3:
name = pra.datangmobile.cn
issuer = 26 de ec 8e eb 3f 5f fb 
4.3.hash = 90 00 0b 55 a4 52 b0 ff db 55 7d 91 11 c7 50 52 af 25 10 71 dd 8f b0 c2 07 18 a6 19 3e 44 7d 69 
Certificate 4.4:
name = rootca.datangmobile.cn
issuer = self
4.4.hash = f2 55 82 a5 5a a2 51 b1 a4 01 0c 38 7b e5 13 15 14 0e bb df 27 97 e7 0d 26 de ec 8e eb 3f 5f fb 
PkiCertInfo 5:
Certificate 5.0:
name = www.aca.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.0.hash = 03 06 d1 62 4c 9e 5c a7 9a 13 96 cf b0 98 63 1d 95 7d 5a 50 d6 d5 36 cf 60 7f 9c 10 9a 5a 77 8a 
Certificate 5.1:
name = www.cra.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.1.hash = d4 50 66 60 3c a2 52 a7 50 46 d6 50 7d 03 25 f3 f0 a7 8f 9a 19 b9 a5 18 e8 5c 6d e4 47 80 cc fe 
Certificate 5.2:
name = www.eca.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.2.hash = 4c 05 f8 36 ee bc 57 42 be 95 5d d8 55 8d 89 f9 20 5b c4 19 48 e0 11 b3 e4 5d 1d 4f 47 82 7b 4d 
Certificate 5.3:
name = www.ica.koal.com
issuer = 26 de ec 8e eb 3f 5f fb 
5.3.hash = a9 90 a3 46 21 ac e7 da 9a 44 32 63 e8 70 e7 bc bf c8 d2 b7 d4 38 76 47 51 43 61 94 1f 12 11 ae 
Certificate 5.4:
name = www.la.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.4.hash = b4 84 fa 25 8b 6c 94 7b bc f8 18 ff c5 e8 3d 53 0a 01 10 55 ba d9 46 7d 9e 09 05 fb d7 c8 22 c3 
Certificate 5.5:
name = www.ma.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.5.hash = 5b f0 e0 27 36 d6 f2 72 5f cd 83 af 73 ed 15 8b 39 61 3a 4f 4d c7 3e 83 cf 26 b9 96 ad 5c 61 48 
Certificate 5.6:
name = www.pca.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.6.hash = 81 97 95 f1 7c b7 04 a1 78 11 8e 8d 8b 26 7b 4b 19 a2 af 93 44 e9 62 04 25 18 fa 6f 5f 48 2d 03 
Certificate 5.7:
name = www.pg.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.7.hash = a4 ff e0 5c 4d 9c 01 8a 7b 12 8d 30 c4 e2 22 52 5c 77 17 a9 df ec 90 d5 f2 cf b7 38 7a 59 c6 72 
Certificate 5.8:
name = www.ra.koal.com
issuer = 51 43 61 94 1f 12 11 ae 
5.8.hash = 6f 74 63 9a 3b b8 92 df 22 ff a0 9b 5a e3 1e 21 c6 4a 41 be 34 dc a4 e4 79 8a 45 51 9f db 33 91 
PkiCertInfo 6:
Certificate 6.0:
name = eca.ccit.com.cn
issuer = 26 de ec 8e eb 3f 5f fb 
6.0.hash = 84 1c 7a d9 57 54 ee 7d 04 24 35 9c 44 de 0f 78 43 74 26 0e 7e 17 b4 f4 62 0e cc f0 59 de f6 93 
Certificate 6.1:
name = pca.ccit.com.cn
issuer = 26 de ec 8e eb 3f 5f fb 
6.1.hash = 30 6f ed 21 8a e2 5d 67 50 44 60 50 19 39 c5 b6 60 49 98 54 df d9 0b c6 91 07 a8 79 0b a3 33 7f 
Certificate 6.2:
name = rootca.datangmobile.cn
issuer = self
6.2.hash = f2 55 82 a5 5a a2 51 b1 a4 01 0c 38 7b e5 13 15 14 0e bb df 27 97 e7 0d 26 de ec 8e eb 3f 5f fb 

566BED42325C48A7.tdcl
这是两家CA,基于同一个根证书的实现,二家看名字是jsits[江苏智能交通及智能驾驶研究院]与itsac[国家ITS中心智能驾驶及智能交通产业研究院]
PkiCertInfo count = 2
PkiCertInfo 0:
Certificate 0.0:
name = ica.v2x.jsits.org.cn
issuer = 56 6b ed 42 32 5c 48 a7
0.0.hash = 9c c8 2d b8 2e 90 56 a3 c4 a7 9b 9e fb 77 28 2f db bd a8 37 6f 8e 04 47 a4 66 29 9a bf 62 08 a8
Certificate 0.1:
name = eca.v2x.jsits.org.cn
issuer = a4 66 29 9a bf 62 08 a8
0.1.hash = c2 78 58 3f e9 7c 59 fc fb 27 57 ed 0d 0f a3 b8 98 de 19 85 47 16 06 1e 76 de da fe b6 28 d5 7f
Certificate 0.2:
name = aca.v2x.jsits.org.cn
issuer = a4 66 29 9a bf 62 08 a8
0.2.hash = 59 a4 92 29 93 14 52 15 e5 95 a3 0a 63 4a a6 ed b8 dc e8 73 0a b1 05 53 42 cf 2f b2 84 b1 5d cf
Certificate 0.3:
name = pca.v2x.jsits.org.cn
issuer = a4 66 29 9a bf 62 08 a8
0.3.hash = 6f a7 52 d9 0b 93 a3 46 53 dd c1 46 6d e4 1d 17 e8 b8 3d 5d 35 64 0b 59 e0 a2 2a d1 ce f1 7e ed
Certificate 0.4:
name = la.v2x.jsits.org.cn
issuer = a4 66 29 9a bf 62 08 a8
0.4.hash = 7c 54 92 35 72 1b 47 7f 36 f3 4f 0a 30 68 49 84 88 75 af 44 0f ad 96 15 1e 41 4e de a5 89 0d b1
Certificate 0.5:
name = pra.v2x.jsits.org.cn
issuer = a4 66 29 9a bf 62 08 a8
0.5.hash = ff 37 4a 85 2f 72 51 98 c8 f9 b0 fd 8b b7 e4 e8 4c a9 fa 41 88 85 f1 ce ad 74 77 7d 8a b5 bf 3d
Certificate 0.6:
name = ma.v2x.jsits.org.cn
issuer = 56 6b ed 42 32 5c 48 a7
0.6.hash = ff 00 a7 e0 b1 8d d9 3e 74 68 02 1a 24 7c de 41 66 ef 45 ca a3 6d 62 82 ef 71 ed 52 0b 6a c8 c6
PkiCertInfo 1:
Certificate 1.0:
name = ica.v2x.itsac.cn
issuer = 56 6b ed 42 32 5c 48 a7
1.0.hash = 51 29 0d 33 f6 b1 19 a6 96 0a 98 92 56 fa f3 e9 4f 12 2d 5f 6c a3 80 16 d7 20 85 5f c0 e8 0e ca
Certificate 1.1:
name = eca.v2x.itsac.cn
issuer = d7 20 85 5f c0 e8 0e ca
1.1.hash = 3b 3d c5 41 02 18 05 da 27 1d 45 59 34 2d e2 c3 49 a3 1f bf ed d1 32 44 92 b8 f2 c5 f3 e9 1d 52
Certificate 1.2:
name = aca.v2x.itsac.cn
issuer = d7 20 85 5f c0 e8 0e ca
1.2.hash = 2c 3a cc 45 d1 0d 0c c8 a6 62 e4 b2 5a 4f 35 63 c0 01 f3 4b fe 2f 20 38 59 7b 29 e4 b8 96 d6 4e
Certificate 1.3:
name = ara.v2x.itsac.cn
issuer = d7 20 85 5f c0 e8 0e ca
1.3.hash = a7 8f e7 85 dd 9a 31 74 a8 cc f9 9c e0 7e 64 34 69 36 47 29 9f a5 7e 0c 46 01 f4 3a 20 8c a6 ba
Certificate 1.4:
name = pca.v2x.itsac.cn
issuer = d7 20 85 5f c0 e8 0e ca
1.4.hash = bb fd 78 bb 0b 35 14 30 19 fc f9 5c d4 41 97 7a cf dc 60 df 81 fa 16 e9 06 6d 16 b0 19 a1 b0 b6
Certificate 1.5:
name = pra.v2x.itsac.cn
issuer = d7 20 85 5f c0 e8 0e ca
1.5.hash = 68 c4 95 e1 e8 7a 0b 9e 5d 1f bc 96 4f 2a e6 f4 50 88 9c 41 4a d8 54 b2 63 37 16 63 22 b3 65 f3
Certificate 1.6:
name = cra.v2x.itsac.cn
issuer = d7 20 85 5f c0 e8 0e ca
1.6.hash = f2 45 8b 28 6e b3 72 26 19 ed f4 33 31 87 66 37 f6 65 c1 a2 b1 1f c5 ca 9d b6 50 14 2a 23 d8 44

468280669CA1F54E.tdcl
这个里面内容就更多了,有15条证书链信息,15个CA厂家证书数据

PkiCertInfo count = 15
PkiCertInfo 0:
Certificate 0.0:
name = rootca.china-icv.cn
issuer = self
0.0.hash = 80 0a 70 9a fa bf 11 bb 27 36 7c b5 a4 eb 4d 5f 7c 7f dd 89 79 7b 50 f5 46 82 80 66 9c a1 f5 4e 
Certificate 0.1:
name = ica.china-icv.cn
issuer = 46 82 80 66 9c a1 f5 4e 
0.1.hash = 9b 4d 2b 4d 3f 5f 53 88 90 47 27 25 bd 0c b0 e8 81 00 5a 4c 72 88 45 b8 fc 79 ba c7 de d6 fa 02 
Certificate 0.2:
name = eca.china-icv.cn
issuer = fc 79 ba c7 de d6 fa 02 
0.2.hash = 17 17 48 bd b8 bb a7 9f 7c 79 f1 15 68 78 90 11 26 0c 6a 78 3c f4 92 aa a3 51 da 7c 1d 40 43 54 
Certificate 0.3:
name = pca.china-icv.cn
issuer = fc 79 ba c7 de d6 fa 02 
0.3.hash = c2 2c 43 f3 2d 3e 04 76 15 46 f7 64 c8 5a 52 df 85 c9 ab 36 c3 c0 9b a9 17 cf c7 61 ec 98 ce 44 
Certificate 0.4:
name = pra.china-icv.cn
issuer = fc 79 ba c7 de d6 fa 02 
0.4.hash = 89 d1 de e5 15 b7 57 16 8e 0a 31 47 d1 e1 fd e9 b6 5b 41 9c 52 00 bd b9 1d 8f a6 2e a0 d3 f7 12 
Certificate 0.5:
name = aca.china-icv.cn
issuer = fc 79 ba c7 de d6 fa 02 
0.5.hash = 01 0b d1 d9 58 0e c8 f1 f4 d3 88 7f 2e 06 08 cc d7 cb a1 58 25 47 8b 2b 29 d5 a2 27 be d3 40 5c 
Certificate 0.6:
name = ara.china-icv.cn
issuer = fc 79 ba c7 de d6 fa 02 
0.6.hash = 91 32 ce 17 02 b7 6f da f2 ee c8 e5 78 b2 16 ee 30 c7 57 0e aa ad e7 00 6a f6 e5 8a 5e ac 5f 2c 
PkiCertInfo 1:
Certificate 1.0:
name = ica.v2x.batc.cn
issuer = 46 82 80 66 9c a1 f5 4e 
1.0.hash = 98 5f 91 7e 52 07 b5 54 04 5f 43 38 97 58 e1 0f 84 05 e7 45 3b 8b 63 39 8e fe 13 31 81 af fb 86 
Certificate 1.1:
name = eca.v2x.batc.cn
issuer = 8e fe 13 31 81 af fb 86 
1.1.hash = e2 01 3f 30 61 63 b9 da 73 96 c3 de 8e 09 87 ab 51 e9 b3 88 73 e3 78 c6 35 06 55 3b b2 4e 0e 3e 
Certificate 1.2:
name = pca.v2x.batc.cn
issuer = 8e fe 13 31 81 af fb 86 
1.2.hash = ca 4b 0d e3 99 9e 25 d6 72 16 ff e8 cb af 28 95 28 d3 36 90 b7 34 0b 19 a8 ab 03 27 57 13 8b f1 
PkiCertInfo 2:
Certificate 2.0:
name = ica.v2x.xdja.cn
issuer = 46 82 80 66 9c a1 f5 4e 
2.0.hash = 6c 86 52 e9 78 46 11 0e 54 87 c0 25 80 f8 f5 0c ae 9d 8c 0c a6 2a 4f c6 bb 27 7d 3c 2b 4e bb ba 
Certificate 2.1:
name = eca.v2x.xdja.cn
issuer = bb 27 7d 3c 2b 4e bb ba 
2.1.hash = 8e ce f7 94 88 af a6 e6 8e c2 71 c7 93 27 93 fc e6 08 60 53 25 84 2a 6e 99 b7 a8 37 22 13 96 f0 
Certificate 2.2:
name = pca.v2x.xdja.cn
issuer = bb 27 7d 3c 2b 4e bb ba 
2.2.hash = a3 a6 70 92 94 82 47 1b fd fb 78 8e c3 d6 16 0c 6f fc 18 c2 ff 92 49 7c f9 bb c9 c5 90 83 c9 6e 
Certificate 2.3:
name = pra.v2x.xdja.cn
issuer = bb 27 7d 3c 2b 4e bb ba 
2.3.hash = f8 3d 27 b8 50 f9 f0 6d 0e c2 46 4d 5a 4a ea 4a e9 d2 98 94 75 4b b0 aa 69 3e d1 14 47 7e 9f 5f 
Certificate 2.4:
name = aca.v2x.xdja.cn
issuer = bb 27 7d 3c 2b 4e bb ba 
2.4.hash = e9 97 81 50 e7 cc 2a ba e2 55 ed 33 83 e9 1a cf 11 e6 8f 90 5d cf 1a e1 12 62 7f ac 04 d4 04 23 
PkiCertInfo 3:
Certificate 3.0:
name = ica.bjca.org.cn
issuer = 46 82 80 66 9c a1 f5 4e 
3.0.hash = 4c 9e cf 7c f5 92 93 8f 23 6a de 7b 26 3a cc 73 c6 86 45 bd 27 85 bb 5b 63 25 45 bb 00 be 6d aa 
Certificate 3.1:
name = eca.bjca.org.cn
issuer = 63 25 45 bb 00 be 6d aa 
3.1.hash = 8b af 54 6b 13 48 c1 16 a4 4f 85 d0 cf 5a 14 98 14 6d f8 a6 89 3a 4e 23 1a 8b 6c eb 09 74 37 72 
Certificate 3.2:
name = pca.bjca.org.cn
issuer = 63 25 45 bb 00 be 6d aa 
3.2.hash = e0 15 a4 42 6d 5f c2 44 e3 ba b1 9e 73 49 1a a5 e3 66 c4 88 a7 a6 57 09 8d 6f e3 c2 32 c4 43 08 
Certificate 3.3:
name = ra.bjca.org.cn
issuer = 63 25 45 bb 00 be 6d aa 
3.3.hash = 81 cf 3c de 08 cc d5 0c e6 30 67 c0 ee af 93 bb eb 77 5e c9 43 b1 d7 ce 1f d3 32 49 c5 33 cc 16 
PkiCertInfo 4:
Certificate 4.0:
name = ica.syan.com.cn
issuer = 46 82 80 66 9c a1 f5 4e 
4.0.hash = fe 64 cd ee 5f a5 16 2d be 63 09 4e 74 81 ad 21 28 93 9a 0b 6c 5e 2b d0 c2 18 63 09 cf 1a 16 68 
Certificate 4.1:
name = eca.syan.com.cn
issuer = c2 18 63 09 cf 1a 16 68 
4.1.hash = 5f a9 1f ca fb 40 01 f5 55 f2 73 c4 8d 7f 12 94 20 64 37 32 74 1f 5f 30 9e 56 07 a8 63 c0 3a 13 
Certificate 4.2:
name = pca.syan.com.cn
issuer = c2 18 63 09 cf 1a 16 68 
4.2.hash = f9 5f ed f1 8b cb 75 1b b6 de 23 a9 d6 1b b0 78 25 fc d2 16 a9 cc 64 ca 4d d2 be 1c 3f 09 66 4e 
Certificate 4.3:
name = ra
issuer = c2 18 63 09 cf 1a 16 68 
4.3.hash = bd 3e 10 f4 41 ab 53 56 08 52 c5 06 83 1d 6a f9 67 1b fe 0c 4e a4 d7 95 6b 0c 1b bb 69 00 a4 53 
Certificate 4.4:
name = aca.syan.com.cn
issuer = c2 18 63 09 cf 1a 16 68 
4.4.hash = 03 9e f8 5b 48 87 ce 7e c5 d2 d6 36 70 24 91 9c c9 57 cd d2 7b ad cf 42 3d f0 0f a7 c8 84 4d 5d 
Certificate 4.5:
name = ara
issuer = c2 18 63 09 cf 1a 16 68 
4.5.hash = f5 c0 0e a8 47 cd b6 06 d5 6e 86 2f 7c 97 57 ce 8e f3 4a 77 58 5f 8d 3b c5 c0 9b 20 37 37 81 12 
PkiCertInfo 5:
Certificate 5.0:
name = ica.panqi.tech
issuer = 46 82 80 66 9c a1 f5 4e 
5.0.hash = f6 3f d4 9d c1 db ae bd 79 d8 88 8a 31 ff 4e a9 ab ce 80 e8 65 96 1a 01 30 fc 22 db 5e ad 80 a7 
Certificate 5.1:
name = eca.panqi.tech
issuer = 30 fc 22 db 5e ad 80 a7 
5.1.hash = 16 44 fb 5e 49 e2 00 a3 47 ef a0 a5 3e 97 e8 64 db 9d 18 2e ba de 3c e1 7e d7 2c 6a 2f f4 1c 0c 
Certificate 5.2:
name = pca.panqi.tech
issuer = 30 fc 22 db 5e ad 80 a7 
5.2.hash = 5a 74 39 f1 bb 61 7b 7c 29 b5 4f ff 22 e1 bf 92 4f 8b 82 ac ed 12 cd 90 0f b3 f5 1f c7 97 1c a4 
Certificate 5.3:
name = pra.panqi.tech
issuer = 30 fc 22 db 5e ad 80 a7 
5.3.hash = 84 9e 1b c3 1f da db 66 f8 e3 8f a3 59 bd 3a 3f 25 f3 f8 bb eb 28 90 bc 2b 9b 8a 34 be af 80 ad 
PkiCertInfo 6:
Certificate 6.0:
name = www.ica.saicmotor.com
issuer = 46 82 80 66 9c a1 f5 4e 
6.0.hash = ef 12 6c 13 09 5a e6 70 42 da 15 f0 30 6b 45 b1 d1 5e e2 b8 a4 5c 91 13 61 89 4a d2 f1 a9 87 eb 
Certificate 6.1:
name = www.pca.saicmotor.com
issuer = 61 89 4a d2 f1 a9 87 eb 
6.1.hash = 5f cd aa c3 ac c4 44 db cb 45 b3 df d6 6e d1 3a b8 db cb b9 1a ec 11 81 2e b3 6e 61 34 a3 3a 25 
PkiCertInfo 7:
Certificate 7.0:
name = www.ica.scms.koal.com
issuer = 46 82 80 66 9c a1 f5 4e 
7.0.hash = 96 56 76 cc ee d0 c9 9a ac 80 80 ef 1e 55 c9 d9 1e ac 98 11 7c e2 93 39 0b 65 d0 66 75 40 c4 2f 
Certificate 7.1:
name = www.eca.scms.koal.com
issuer = 0b 65 d0 66 75 40 c4 2f 
7.1.hash = ed 50 d7 18 71 a8 b0 68 3b 6b d5 92 d2 60 ce 10 6a 5f 72 e5 40 c7 60 9e e6 d1 31 6b e9 4b dd d4 
Certificate 7.2:
name = www.pca.scms.koal.com
issuer = 0b 65 d0 66 75 40 c4 2f 
7.2.hash = 93 91 01 18 1d 6f cd a9 55 45 bf a0 a5 55 f4 87 05 39 cf 2e 3e af 94 89 fc fa 29 fc 47 4b f9 1a 
Certificate 7.3:
name = www.ra.scms.koal.com
issuer = 0b 65 d0 66 75 40 c4 2f 
7.3.hash = 87 8a 46 83 a6 c2 4b 7a e5 23 b8 2a b0 b8 6f 9b 59 66 fa 17 81 d5 fa 72 b6 fc ce 65 b0 a0 45 55 
Certificate 7.4:
name = www.aca.scms.koal.com
issuer = 0b 65 d0 66 75 40 c4 2f 
7.4.hash = 28 67 67 68 98 4a 72 e7 e2 7f 7d 61 c9 52 d9 8a 52 0f 0b 79 71 9a a2 4d 70 88 e4 f4 de 97 dc 59 
PkiCertInfo 8:
Certificate 8.0:
name = ica.saic-gm.com
issuer = 46 82 80 66 9c a1 f5 4e 
8.0.hash = b4 85 1f 6b d2 ce 4e 48 4e 8b b8 f2 48 21 ca 37 91 78 18 fc 58 bf a7 1a 61 dd db da c0 ab ef 26 
Certificate 8.1:
name = eca.saic-gm.com
issuer = 61 dd db da c0 ab ef 26 
8.1.hash = bb c7 d6 0d e8 f7 d6 c7 a4 cc 6e 36 a1 aa 1f 14 81 06 f6 5e 59 67 e3 74 74 87 24 83 f3 ee 6a 7c 
Certificate 8.2:
name = pca.saic-gm.com
issuer = 61 dd db da c0 ab ef 26 
8.2.hash = 78 55 5b b3 78 b8 ca 00 ac 11 3a 80 d3 47 ef ee 59 af 36 1c ae af a8 e7 68 5a 03 68 54 da eb 35 
Certificate 8.3:
name = ra.saic-gm.com
issuer = 61 dd db da c0 ab ef 26 
8.3.hash = c9 a4 47 59 37 f6 28 65 6a e6 15 2b 66 04 fa f7 35 94 7c 43 17 b1 05 5c 1d c3 e0 f5 43 cb 04 85 
Certificate 8.4:
name = aca.saic-gm.com
issuer = 61 dd db da c0 ab ef 26 
8.4.hash = 17 79 46 a6 94 41 6e 1b a8 01 ba eb f6 54 90 06 9e eb 8e 7d 3d 82 ed 36 47 c2 cd 54 0c 3d 85 25 
PkiCertInfo 9:
Certificate 9.0:
name = ica.iov.jit.com.cn
issuer = 46 82 80 66 9c a1 f5 4e 
9.0.hash = 0d ff b7 42 2d 47 fa 89 8a d7 b6 ce 0b 2a eb 7c 0e 4f d0 27 35 17 d7 b4 ab 36 71 a4 75 aa d6 28 
Certificate 9.1:
name = eca.jit.com.cn
issuer = ab 36 71 a4 75 aa d6 28 
9.1.hash = 38 74 28 49 ae ad c8 66 ae 6e 8a 8c a6 2c 8b 4e f6 fa 90 c7 a4 1d 11 01 44 59 b1 b3 33 b5 fa 79 
Certificate 9.2:
name = pca.jit.com.cn
issuer = ab 36 71 a4 75 aa d6 28 
9.2.hash = 6c 3b 1a 31 5a 84 63 7e 81 63 45 d9 1b 81 cf 78 fb 5a f2 23 24 e9 05 dc 7b 57 a8 b2 b0 6e 3f e1 
Certificate 9.3:
name = pra.jit.com.cn
issuer = 7b 57 a8 b2 b0 6e 3f e1 
9.3.hash = 53 48 71 2c df c2 88 50 60 3f ac bf 98 43 d5 d0 d2 8a 3a 7c 74 06 fd fb 6c 8e 78 68 a5 cc f4 74 
Certificate 9.4:
name = aca.jit.com.cn
issuer = ab 36 71 a4 75 aa d6 28 
9.4.hash = 9e 57 ec f9 58 5a cc 05 0b 4a 2f d5 04 6f 4e ec 5a 82 ec b0 2b 5c d5 72 7e 63 a3 09 66 9a 9d 3f 
Certificate 9.5:
name = ara.jit.com.cn
issuer = 7e 63 a3 09 66 9a 9d 3f 
9.5.hash = d6 5d 49 10 f2 f7 06 b4 ae d1 48 44 38 77 25 53 b6 cf da 8e a4 ea b5 a1 e8 5d 4a e3 d6 02 80 93 
PkiCertInfo 10:
Certificate 10.0:
name = ica.Apollo.auto
issuer = 46 82 80 66 9c a1 f5 4e 
10.0.hash = a9 06 5e 4c 78 a8 24 5f b3 8c 69 44 af 1e 6c b4 a6 7b 9a b7 2f a1 8d 23 9c 6c 48 d3 e7 00 70 4e 
Certificate 10.1:
name = eca.Apollo.auto
issuer = 9c 6c 48 d3 e7 00 70 4e 
10.1.hash = ff 2e 73 3e 7d f4 e9 75 0a 0e d4 4f 70 dd 2c dc 1d a3 7b 89 48 c6 56 f5 9f cc d5 08 89 d0 17 fb 
Certificate 10.2:
name = pca.Apollo.auto
issuer = 9c 6c 48 d3 e7 00 70 4e 
10.2.hash = a4 19 3e ba 0c 2f 16 ba 5b 44 a1 97 7a f4 fb 2f 66 0c 80 b9 30 60 e7 9f af 4d 7b 65 14 b9 c1 3e 
Certificate 10.3:
name = pra.Apollo.auto
issuer = 9c 6c 48 d3 e7 00 70 4e 
10.3.hash = 31 34 02 a5 bf 66 f1 48 52 fb 60 ce 09 52 74 a1 58 32 39 4b ee 00 0a 4f cb 09 29 32 81 c0 7e eb 
Certificate 10.4:
name = aca.Apollo.auto
issuer = 9c 6c 48 d3 e7 00 70 4e 
10.4.hash = 06 01 51 06 2b cc 64 fd 79 8e 0b d4 15 35 2f 3e a2 d7 e1 4b 05 bd 2b 04 65 a3 13 38 2c 16 12 8d 
Certificate 10.5:
name = ara.Apollo.auto
issuer = 9c 6c 48 d3 e7 00 70 4e 
10.5.hash = 0e e6 5b 90 8c a8 35 13 66 d4 83 24 ed fb 07 99 59 88 2b ea 52 69 c3 ad 67 7b 57 b4 16 50 23 9e 
PkiCertInfo 11:
Certificate 11.0:
name = ica.itrus.com.cn
issuer = 46 82 80 66 9c a1 f5 4e 
11.0.hash = 50 fe 89 a2 74 cd 2a 30 b2 69 6d 0f 22 b5 5b 39 9e 59 09 e5 82 47 94 e4 34 c0 cd 99 7e a5 ef 7f 
Certificate 11.1:
name = eca.itrus.com.cn
issuer = 34 c0 cd 99 7e a5 ef 7f 
11.1.hash = aa 64 3c 0b 8f 15 0b 4e ec 28 b7 f6 bd 57 17 c5 95 e9 a5 a3 df 53 2e 0e 7d 3f cd 36 09 c6 6f f7 
Certificate 11.2:
name = pca.itrus.com.cn
issuer = 34 c0 cd 99 7e a5 ef 7f 
11.2.hash = 8c c0 0c 3b b0 eb 2f 33 85 a3 37 91 44 4c 92 b8 eb 6e e4 13 43 5d e7 87 84 50 ed 18 1d a1 3c c1 
Certificate 11.3:
name = pra.itrus.com.cn
issuer = 34 c0 cd 99 7e a5 ef 7f 
11.3.hash = d3 0b d1 4a 2a 2a 27 34 d9 d0 26 d5 1c db 11 eb 9a 94 13 5d 98 a1 b7 6e 64 79 5a 74 c2 9a 74 29 
PkiCertInfo 12:
Certificate 12.0:
name = ica.v2x.caeri.beijing
issuer = 46 82 80 66 9c a1 f5 4e 
12.0.hash = 77 3c 75 c8 f2 73 34 25 e6 9e 3f 2a 61 ea f2 ee 69 48 79 de 7f 2b a8 2f c5 4c 28 39 5a 2a 9d d1 
Certificate 12.1:
name = eca.v2x.caeri.beijing
issuer = c5 4c 28 39 5a 2a 9d d1 
12.1.hash = 32 e0 16 e1 74 64 3d 76 69 a6 55 8a 26 11 39 2b 12 4f f6 5b cb ae 64 0f 6c a4 30 d9 ce 9e 56 49 
Certificate 12.2:
name = pca.v2x.caeri.beijing
issuer = c5 4c 28 39 5a 2a 9d d1 
12.2.hash = 8a 64 5a 53 d4 3d f3 e9 69 35 eb d4 f5 8a 8d d0 48 a3 dd d9 36 d6 58 16 c1 81 c4 ad 96 7e a1 3e 
Certificate 12.3:
name = pra.v2x.caeri.beijing
issuer = c5 4c 28 39 5a 2a 9d d1 
12.3.hash = 1e 55 bb f4 bb 40 c4 61 f5 07 15 a1 55 d5 9f 32 37 a1 7d 9b 18 15 62 69 37 32 e0 f3 87 ef 88 0f 
PkiCertInfo 13:
Certificate 13.0:
name = ica.v2xsec.cn
issuer = 46 82 80 66 9c a1 f5 4e 
13.0.hash = 31 d2 ff be a9 f9 85 d2 e7 51 13 24 36 69 4c 2b 23 29 29 df 2e 90 57 01 af 46 02 12 9e fe 82 95 
Certificate 13.1:
name = eca.v2xsec.cn
issuer = af 46 02 12 9e fe 82 95 
13.1.hash = f5 94 3a e0 b0 e3 4c 33 9d 04 f2 9d 4a 66 9f db 84 91 7c 25 f5 41 d5 df 9c 4b 0e e0 34 1e 4e 95 
Certificate 13.2:
name = pca.v2xsec.cn
issuer = af 46 02 12 9e fe 82 95 
13.2.hash = 15 12 48 7d 9d 2b df 70 2d 8a 36 ac 57 28 94 5f e7 a8 70 bc 1c fe a5 70 4e 50 fd 1a a7 6e 3c 87 
Certificate 13.3:
name = pra.v2xsec.cn
issuer = af 46 02 12 9e fe 82 95 
13.3.hash = 97 a2 3d eb fb 60 eb 9c 78 c6 69 a3 84 79 95 90 bd fa 29 f9 e0 f0 51 a3 79 5b ce cc 1a 77 1d ea 
Certificate 13.4:
name = aca.v2xsec.cn
issuer = af 46 02 12 9e fe 82 95 
13.4.hash = a3 41 3e 83 30 9d 36 ff f5 21 d5 4b 45 69 c7 74 f7 50 69 c6 66 59 12 72 87 97 a0 3f 44 9f 5a 96 
Certificate 13.5:
name = ara.v2xsec.cn
issuer = af 46 02 12 9e fe 82 95 
13.5.hash = 13 48 76 18 f9 59 22 1d 6f dc bd 28 7e 43 f9 0a 42 90 34 66 ff 02 cd cc 14 93 ab b9 8c fd 4f 7a 
PkiCertInfo 14:
Certificate 14.0:
name = ica.easysec.com.cn
issuer = 46 82 80 66 9c a1 f5 4e 
14.0.hash = 8e 39 a5 26 0a 7f 90 53 16 9d 81 aa 4a 8c cc 0c 91 6b 6b 5f e7 9b f1 7a 20 a3 7f 33 d1 32 a3 13 
Certificate 14.1:
name = eca.easysec.com.cn
issuer = 20 a3 7f 33 d1 32 a3 13 
14.1.hash = 5f 61 d7 64 0b b5 cc ce 9b 74 a9 83 9f e9 f6 7d 49 b2 40 34 a2 05 7f 41 7f a8 00 6b f2 2a 07 2d 
Certificate 14.2:
name = pca.easysec.com.cn
issuer = 20 a3 7f 33 d1 32 a3 13 
14.2.hash = f5 bc a8 3e 21 6a 01 d6 fe 7d f6 7a 1d 2c 11 21 59 95 6c dd df 7f d4 32 fe 3a 54 be 7b 3f 59 0b 
Certificate 14.3:
name = pra.easysec.com.cn
issuer = 20 a3 7f 33 d1 32 a3 13 
14.3.hash = 3e 9d af b6 fd 58 8a df 76 3b 73 8e 28 e3 85 a1 13 f2 b1 70 ef 92 76 40 e3 3c 18 25 49 77 5a da 
Certificate 14.4:
name = aca.easysec.com.cn
issuer = 20 a3 7f 33 d1 32 a3 13 
14.4.hash = d7 4c 58 fd 1a a2 c1 8b b4 dd a3 b2 d6 4e 45 a1 7a 6b f2 57 d3 0e 3a 35 af fa a2 77 5b b1 56 96 
Certificate 14.5:
name = ara.easysec.com.cn
issuer = 20 a3 7f 33 d1 32 a3 13 
14.5.hash = 04 73 ad 68 ea bf 99 e9 a4 88 cb ed 15 0a b6 33 7b 54 e6 45 53 6e e4 6b 92 5c 41 62 57 47 93 a1 
Certificate 14.6:
name = la.easysec.com.cn
issuer = 20 a3 7f 33 d1 32 a3 13 
14.6.hash = 8d 87 8d 49 7c c3 bf f0 38 4c ba 87 97 1d 29 52 f6 21 de 91 b6 77 e9 b3 71 2c 88 d7 ec 40 13 8d 

EB0352F89CE69F39.tdcl
这个只有一个厂商的数据,看tkca应该是 北京中交国通智能交通

PkiCertInfo count = 1
PkiCertInfo 0:
Certificate 0.0:
name = ica.test.v2x.tkca.cn
issuer = eb 03 52 f8 9c e6 9f 39 
0.0.hash = 24 b6 28 9b 10 e4 7b 78 2b 3e 6d 35 39 e3 47 9a 71 0a f1 bd fe fe 39 73 79 0b 50 97 44 3e 2a e4 
Certificate 0.1:
name = ma.test.v2x.tkca.cn
issuer = 79 0b 50 97 44 3e 2a e4 
0.1.hash = ba 20 ef 05 50 fc bb 22 9a fc 9a 0e 99 96 80 ba 45 f2 58 c2 4e 50 51 41 36 d9 70 7b 7e bd 5a 7d 
Certificate 0.2:
name = eca.test.v2x.tkca.cn
issuer = 79 0b 50 97 44 3e 2a e4 
0.2.hash = ac 34 da 00 f3 5d e5 fa e2 d9 65 d3 93 69 c2 56 8f 43 14 6e a7 2f 1b 64 df 54 8e 27 49 30 2a 0d 
Certificate 0.3:
name = pca.test.v2x.tkca.cn
issuer = 79 0b 50 97 44 3e 2a e4 
0.3.hash = 05 a4 23 05 17 4b 53 2a bc 22 2e 98 aa d3 c8 f1 f6 b6 d7 f6 b5 59 62 2d d2 16 a8 88 86 59 32 cf 
Certificate 0.4:
name = pra.test.v2x.tkca.cn
issuer = 79 0b 50 97 44 3e 2a e4 
0.4.hash = 2a 3f 12 75 82 7a 7a df 88 08 08 1f 41 c0 db 23 31 b0 50 4b f8 06 6f 3a 48 4e dd 8f b1 21 26 00 
Certificate 0.5:
name = la.test.v2x.tkca.cn
issuer = 79 0b 50 97 44 3e 2a e4 
0.5.hash = 3d c2 64 72 14 78 4c a7 27 44 2f 2e 96 2b 4e f1 df e9 72 e1 c9 1a be f2 76 e0 03 23 30 11 eb 02 
Certificate 0.6:
name = aca.test.v2x.tkca.cn
issuer = 79 0b 50 97 44 3e 2a e4 
0.6.hash = 30 df 8e 4a e2 80 84 56 84 40 43 53 e0 8e e1 45 36 fd 3e 6c ff 36 9a 58 a3 93 0d ad 64 09 c9 f8