标签 SM3 下的文章

SM3是中华人民共和国政府采用的一种密码散列函数标准,前身为SCH4杂凑算法,由国家密码管理局于2010年12月17日发布,相关标准为“GM/T 0004-2012 《SM3密码杂凑算法》”。2016年,成为中国国家密码标准(GB/T 32905-2016)。
在商用密码体系中,SM3主要用于数字签名及验证、消息认证码生成及验证、随机数生成等,其算法公开,安全性及效率与SHA-256相当。
SM3签名算法收录于ISO/IEC 10118-3:2018《信息安全技术杂凑函数第3部分:专用杂凑函数》
代码:

package main

/*
#cgo CFLAGS: -I ./include
#cgo LDFLAGS: -L ./lib -lcrypto -ldl
#include <stdlib.h>
#include <openssl/evp.h>
*/
import "C"

import (
    "fmt"
    "os"
    "unsafe"
)

func main() {
    strdigestname := "sm3"
    fmt.Printf("go OpenSSL cgo %s demo/example.\n", strdigestname)
    strdata := "https://const.net.cn/"
    digestname := []byte(strdigestname)
    md := C.EVP_get_digestbyname((*C.char)(unsafe.Pointer(&digestname[0])))
    if md == nil {
        fmt.Printf("Unknown message digest %s\n", strdigestname)
        os.Exit(1)
    }
    md_value := make([]byte, 128)
    md_len := 0
    data := []byte(strdata)
    mdctx := C.EVP_MD_CTX_new()
    C.EVP_DigestInit(mdctx, md)
    C.EVP_DigestUpdate(mdctx, unsafe.Pointer(&data[0]), C.size_t(len(data)))
    C.EVP_DigestFinal_ex(mdctx, (*C.uchar)(unsafe.Pointer(&md_value[0])), (*C.uint)(unsafe.Pointer(&md_len)))
    C.EVP_MD_CTX_free(mdctx)

    fmt.Printf("message digest=%x %s message digest len=%d\n", md_value[0:md_len], strdigestname, md_len)
}

输出:

go run .
go OpenSSL cgo sm3 demo/example.
message digest=bc028f836a92dced100b500f087d4223201ff2f60ef0bb76e84e9a5a6f9be74a sm3 message digest len=32
echo -n "https://const.net.cn/" |openssl dgst -sm3
(stdin)= bc028f836a92dced100b500f087d4223201ff2f60ef0bb76e84e9a5a6f9be74a

OpenSSL 生成 SM2 密钥

openssl ecparam -name SM2 -genkey -out sm2_ec.key 
cat sm2_ec.key 
-----BEGIN EC PARAMETERS-----
BggqgRzPVQGCLQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIB9dGHE5+6AD9DGmA8g/cEqn8HYTMBhbM+g2XJ16RqZ1oAoGCCqBHM9V
AYItoUQDQgAEJg19rra1BeuYx9ZU1GbfD0ceE9X67/c2hdb6XZLQor5oNVa+o9HZ
WBioc1hNCC2avO1Dpg5ZAb2YsS71TT7Bsw==
-----END EC PRIVATE KEY-----

OpenSSL 根据SM2私钥生成公钥

openssl ec -in sm2_ec.key -pubout -out sm2_ec.pubkey 
read EC key
writing EC key
cat sm2_ec.pubkey 
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEJg19rra1BeuYx9ZU1GbfD0ceE9X6
7/c2hdb6XZLQor5oNVa+o9HZWBioc1hNCC2avO1Dpg5ZAb2YsS71TT7Bsw==
-----END PUBLIC KEY-----

OpenSSL SM3 计算文件Hash

echo "https://const.net.cn" > sign.data 
openssl dgst -SM3 sign.data 
SM3(sign.data)= 8c13610aeb3040b2899ac224ae7db0710030803c424f776e7241340c66a6d553

OpenSSL 使用 SM2 签名文件

openssl dgst -SM3 -sign sm2_ec.key -out sm2_ec.sig sign.data 
Error setting context
140524048778560:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:../crypto/ec/ec_pmeth.c:331:

在当前版本(OpenSSL 1.1.1f)还不支持命令行使用SM2结合SM3签名。将hash算法换成sha256试试。
OpenSSL 使用 SM2 结合 sha256签名

openssl dgst -sha256 -sign sm2_ec.key -out sm2_ec.sig sign.data 
root@hesy-ThinkPad-P15v-Gen-1:/home/hesy/2021/asn1/src/sm# hexdump -C sm2_ec.sig 
00000000  30 46 02 21 00 d7 52 c2  63 a3 12 ff ef af 69 8e  |0F.!..R.c.....i.|
00000010  8a 35 17 9f f2 0c e2 b1  80 fb dd a1 38 a3 59 14  |.5..........8.Y.|
00000020  5a 18 33 ba 43 02 21 00  9d 10 91 a7 5f a4 cf bb  |Z.3.C.!....._...|
00000030  7b 75 c0 27 17 d5 2d 55  09 cc 10 49 29 f8 bc 0d  |{u.'..-U...I)...|
00000040  10 d6 02 db b1 e4 7c 7a                           |......|z|
00000048

OpenSSL 使用 SM2 结合 sha256 验签

openssl dgst -sha256 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data 
Verified OK

OpenSSL 使用 SM2 结合 SM3 验签

openssl dgst -SM3 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data 
Error setting context
140471948707136:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:../crypto/ec/ec_pmeth.c:331:

同上面一样的原因,官方没实现,命令行用不了。

  • TRCL 可信根证书列表 Trusted Root Certificate List
    相关概念
  • TDCL 可信域CA证书列表 Trusted Domain CA Certificates List 
  • TRCLA 可信根证书列表管理机构 Trusted Root Certificate List Authority
    v2x trcla.oer详细介绍(链接地址:https://const.net.cn/25.html

多个车联网PKI系统之间的可信关系是通过一个“可信根证书列表(Trusted Root Certificate List,TRCL)”实现的。该可信列表由可信根证书列表管理机构(Trusted Root Certificate List Authority,TRCLA)签发。
可信根证书列表的存在与否不会影响各个独立PKI系统的运行,但会影响不同PKI系统证书之间是否能够互认。
车联网跨CA证书系统安全认证就是通过TRCL来实现的。
trcl.coer hex 内容

hexdump -C trcl.coer 
00000000  01 83 08 0b 2c 85 a0 f3  b2 62 2c 00 02 1f 79 ed  |....,....b,...y.|
00000010  3d 32 48 93 3d 01 05 80  80 03 00 81 02 79 81 15  |=2H.=........y..|
00000020  72 63 61 2e 76 32 78 63  61 2e 63 61 74 61 72 63  |rca.v2xca.catarc|
00000030  2e 69 6e 66 6f 00 00 00  00 00 1f 78 a9 c3 86 00  |.info......x....|
00000040  1e 83 01 01 80 00 9c 03  01 02 80 02 0e 2b 80 03  |.............+..|
00000050  80 00 01 00 02 0e 2c 01  02 e0 81 01 03 01 ff c0  |......,.........|
00000060  e0 80 01 03 00 02 0e 2b  00 02 0e 2c 00 02 0e 2d  |.......+...,...-|
00000070  01 03 01 ff c0 01 82 21  83 6a b7 70 34 f5 7b d0  |.......!.j.p4.{.|
00000080  56 05 6e 12 58 8b 0e 6a  9d 5f 0d f5 5f aa 18 ff  |V.n.X..j._.._...|
00000090  b3 86 11 e0 4a 71 8b a2  5b 80 84 21 82 5e f4 92  |....Jq..[..!.^..|
000000a0  df ad da 00 f0 39 bf 50  24 85 b0 ed b9 3a 92 6e  |.....9.P$....:.n|
000000b0  f4 78 13 35 f4 c2 1c 53  d2 3d 73 26 c8 84 40 ba  |.x.5...S.=s&..@.|
000000c0  69 c3 42 6a b8 bb 61 ae  80 7e 11 bc 79 94 ba 05  |i.Bj..a..~..y...|
000000d0  0d 70 09 42 59 86 0d 5b  0b f8 ba 5c de 9f e9 66  |.p.BY..[...\...f|
000000e0  63 d0 8a af 06 e8 e5 c0  4f af 4c 89 f0 ce 3f fe  |c.......O.L...?.|
000000f0  7a 11 d5 43 e4 7a f1 77  12 cd ab d1 73 82 2c 2c  |z..C.z.w....s.,,|
00000100  68 74 74 70 3a 2f 2f 36  30 2e 32 34 37 2e 35 38  |http://60.247.58|
00000110  2e 31 31 37 3a 38 30 39  39 2f 63 61 2f 63 61 74  |.117:8099/ca/cat|
00000120  61 72 63 74 64 63 6c 2e  63 6f 65 72 80 80 03 00  |arctdcl.coer....|
00000130  81 02 58 81 13 72 6f 6f  74 63 61 2e 63 68 69 6e  |..X..rootca.chin|
00000140  61 2d 69 63 76 2e 63 6e  00 00 00 00 00 1f 47 46  |a-icv.cn......GF|
00000150  85 86 00 1e 83 01 01 80  00 9c 01 01 80 02 0e 2b  |...............+|
00000160  80 03 80 00 01 01 04 e0  81 01 03 01 ff c0 e0 80  |................|
00000170  01 01 80 02 0e 2b 81 01  03 01 ff c0 e0 80 01 01  |.....+..........|
00000180  80 02 0e 2c 81 01 03 01  ff c0 e0 80 01 01 80 02  |...,............|
00000190  0e 2d 81 01 03 01 ff c0  80 84 21 83 37 f1 33 b1  |.-........!.7.3.|
000001a0  a0 8d 99 df 06 f7 d6 dd  2a cd 3b f6 7d 6b db fc  |........*.;.}k..|
000001b0  be 32 5d f3 0c ff 1a bf  ad 91 a2 f2 84 40 50 db  |.2]..........@P.|
000001c0  c7 27 f8 76 49 68 ef 61  3e 77 09 7d 4d ff 81 d5  |.'.vIh.a>w.}M...|
000001d0  35 44 70 b9 74 83 ba f4  b5 d3 52 71 55 53 5d a4  |5Dp.t.....RqUS].|
000001e0  c5 75 1f d2 cc b0 f2 c6  72 c1 37 95 af 5d d8 2d  |.u......r.7..].-|
000001f0  f9 6a 38 41 90 fa c5 a7  c3 d2 a5 16 26 57 22 68  |.j8A........&W"h|
00000200  74 74 70 3a 2f 2f 31 30  36 2e 33 37 2e 36 39 2e  |ttp://106.37.69.|
00000210  32 32 3a 36 30 36 30 2f  63 69 63 76 2e 70 63 74  |22:6060/cicv.pct|
00000220  6c 80 80 03 00 81 02 58  81 16 72 6f 6f 74 63 61  |l......X..rootca|
00000230  2e 64 61 74 61 6e 67 6d  6f 62 69 6c 65 2e 63 6e  |.datangmobile.cn|
00000240  00 00 00 00 00 1f 52 53  d5 86 00 1e 83 01 01 80  |......RS........|
00000250  00 9c 01 02 80 02 0e 2b  80 03 80 00 01 80 02 0e  |.......+........|
00000260  2c 80 07 00 01 00 01 01  00 00 01 02 e0 81 01 02  |,...............|
00000270  01 ff c0 60 80 01 03 00  02 0e 2b 00 02 0e 2c 00  |...`......+...,.|
00000280  02 0e 2d 01 ff c0 80 84  21 82 fb 20 48 16 85 dd  |..-.....!.. H...|
00000290  84 80 ed be b4 66 4a f9  a4 76 2c 07 12 0e fe fe  |.....fJ..v,.....|
000002a0  16 6c 17 d9 41 3e 3e 5e  3d d3 84 40 68 25 12 b9  |.l..A>>^=..@h%..|
000002b0  fd f8 98 cb b9 d2 9b e0  a2 38 68 ba d5 dc 3d ed  |.........8h...=.|
000002c0  74 23 f9 8e 64 4a 66 96  b1 2f dd 51 58 72 17 6a  |t#..dJf../.QXr.j|
000002d0  51 76 fc 28 b3 1e 19 2e  04 f2 06 55 f1 18 cb 28  |Qv.(.......U...(|
000002e0  f0 dd 36 3d 5e d3 45 23  d0 f4 94 4e 39 68 74 74  |..6=^.E#...N9htt|
000002f0  70 73 3a 2f 2f 73 6d 61  72 74 63 61 72 2e 64 61  |ps://smartcar.da|
00000300  74 61 6e 67 6d 6f 62 69  6c 65 2e 63 6e 2f 61 70  |tangmobile.cn/ap|
00000310  69 2f 63 61 2f 76 31 2f  63 74 6c 2f 44 54 43 54  |i/ca/v1/ctl/DTCT|
00000320  4c 2e 63 6f 65 72 80 80  03 00 81 02 58 81 17 72  |L.coer......X..r|
00000330  6f 6f 74 63 61 2e 74 65  73 74 2e 76 32 78 2e 74  |ootca.test.v2x.t|
00000340  6b 63 61 2e 63 6e 00 00  00 00 00 1f 5b a9 05 86  |kca.cn......[...|
00000350  00 1e 83 01 01 80 00 9c  01 02 80 02 0e 2b 80 03  |.............+..|
00000360  80 00 01 00 02 0e 2c 01  04 e0 81 01 02 01 ff c0  |......,.........|
00000370  60 80 01 01 00 02 0e 2b  01 ff c0 60 80 01 01 00  |`......+...`....|
00000380  02 0e 2c 01 ff c0 60 80  01 01 00 02 0e 2d 01 ff  |..,...`......-..|
00000390  c0 80 84 21 82 fb 7c 6a  4d 53 d7 42 e2 2e c1 b3  |...!..|jMS.B....|
000003a0  ed 0c 55 93 96 83 90 9e  67 7c e1 97 47 46 52 a0  |..U.....g|..GFR.|
000003b0  18 52 b9 67 d6 84 40 6c  f6 0f 29 bd d9 2d db b4  |.R.g..@l..)..-..|
000003c0  c5 1c a6 55 5a b8 94 b4  30 a6 f6 cf 1c 47 e1 99  |...UZ...0....G..|
000003d0  a3 e5 d9 80 2a 2e 8c 46  83 63 82 05 88 32 af 99  |....*..F.c...2..|
000003e0  c6 0e 54 69 c6 0b 69 ff  32 6b 8c c5 e0 14 65 2f  |..Ti..i.2k....e/|
000003f0  78 52 84 82 40 84 0d 33  68 74 74 70 3a 2f 2f 33  |xR..@..3http://3|
00000400  36 2e 31 31 32 2e 38 38  2e 32 30 34 3a 38 30 39  |6.112.88.204:809|
00000410  33 2f 64 63 2d 61 70 69  2f 67 65 74 63 74 6c 2f  |3/dc-api/getctl/|
00000420  54 4b 43 41 43 54 4c 2e  6f 65 72 80 80 03 00 81  |TKCACTL.oer.....|
00000430  02 58 81 17 72 6f 6f 74  63 61 2e 76 32 78 2e 6a  |.X..rootca.v2x.j|
00000440  73 69 74 73 2e 6f 72 67  2e 63 6e 00 00 00 00 00  |sits.org.cn.....|
00000450  1f 55 09 9a 86 00 1e 83  01 01 80 00 9c 01 02 80  |.U..............|
00000460  02 0e 2b 80 03 80 00 01  00 02 0e 2c 01 04 e0 81  |..+........,....|
00000470  01 02 01 ff c0 60 80 01  01 00 02 0e 2b 01 ff c0  |.....`......+...|
00000480  60 80 01 01 00 02 0e 2c  01 ff c0 60 80 01 01 00  |`......,...`....|
00000490  02 0e 2d 01 ff c0 80 84  21 83 9e ce 5d 51 f6 06  |..-.....!...]Q..|
000004a0  88 65 cb 97 d4 61 03 2c  86 28 d2 9e 9b f0 44 0f  |.e...a.,.(....D.|
000004b0  f8 0e bd cf 89 e1 96 1f  51 19 84 40 1e 16 6e 9f  |........Q..@..n.|
000004c0  4f 21 4a 2b 87 8a 74 85  e6 68 d8 ba 19 aa d2 a1  |O!J+..t..h......|
000004d0  78 47 d0 7b 2c 3d 23 8d  d7 e8 82 22 1e 93 6c a7  |xG.{,=#...."..l.|
000004e0  8e 02 62 4b 18 21 39 88  9c af 60 91 05 73 7b 5a  |..bK.!9...`..s{Z|
000004f0  6c aa ea b8 2a c0 a7 71  ef 5f 00 ab 26 68 74 74  |l...*..q._..&htt|
00000500  70 3a 2f 2f 64 63 2e 76  32 78 2e 6a 73 69 74 73  |p://dc.v2x.jsits|
00000510  2e 6f 72 67 2e 63 6e 3a  38 30 39 33 2f 67 65 74  |.org.cn:8093/get|
00000520  63 74 6c 84 40 91 4e e2  e1 79 cf 8d 2e 8a c5 ea  |ctl.@.N..y......|
00000530  26 c2 fa fb 44 e4 6d bf  97 9b 4d ff f0 59 79 43  |&...D.m...M..YyC|
00000540  b0 fa 13 c3 af 71 91 06  71 26 8e a4 0f f2 22 2f  |.....q..q&...."/|
00000550  1c f8 08 63 ca 00 55 dc  c2 6f cd 83 38 a8 37 9a  |...c..U..o..8.7.|
00000560  84 8c 47 a1 21                                    |..G.!|
00000565

trcl.coer xml 内容

<?xml version="1.0"?>
<RootCtl>
    <toBeSignedRootCtl>
        <version>1</version>
        <issuer>
            <sm3AndDigest>0B 2C 85 A0 F3 B2 62 2C</sm3AndDigest>
        </issuer>
        <series>2</series>
        <issueDate>528084285</issueDate>
        <nextRootCtl>843617085</nextRootCtl>
        <pkiCtlInfoList>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rca.v2xca.catarc.info</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>528001475</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <assuranceLevel>03</assuranceLevel>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <encryptionKey>
                            <supportedSymmAlg>
                                <sm4Ccm/>
                            </supportedSymmAlg>
                            <publicKey>
                                <ecencSm2>
                                    <compressed-y-1>
                                        6A B7 70 34 F5 7B D0 56 05 6E 12 58 8B 0E 6A 9D 
                                        5F 0D F5 5F AA 18 FF B3 86 11 E0 4A 71 8B A2 5B
                                    </compressed-y-1>
                                </ecencSm2>
                            </publicKey>
                        </encryptionKey>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        5E F4 92 DF AD DA 00 F0 39 BF 50 24 85 B0 ED B9 
                                        3A 92 6E F4 78 13 35 F4 C2 1C 53 D2 3D 73 26 C8
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                BA 69 C3 42 6A B8 BB 61 AE 80 7E 11 BC 79 94 BA 
                                05 0D 70 09 42 59 86 0D 5B 0B F8 BA 5C DE 9F E9
                            </rSig>
                            <sSig>
                                66 63 D0 8A AF 06 E8 E5 C0 4F AF 4C 89 F0 CE 3F 
                                FE 7A 11 D5 43 E4 7A F1 77 12 CD AB D1 73 82 2C
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://60.247.58.117:8099/ca/catarctdcl.coer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.china-icv.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>524764805</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-1>
                                        37 F1 33 B1 A0 8D 99 DF 06 F7 D6 DD 2A CD 3B F6 
                                        7D 6B DB FC BE 32 5D F3 0C FF 1A BF AD 91 A2 F2
                                    </compressed-y-1>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                50 DB C7 27 F8 76 49 68 EF 61 3E 77 09 7D 4D FF 
                                81 D5 35 44 70 B9 74 83 BA F4 B5 D3 52 71 55 53
                            </rSig>
                            <sSig>
                                5D A4 C5 75 1F D2 CC B0 F2 C6 72 C1 37 95 AF 5D 
                                D8 2D F9 6A 38 41 90 FA C5 A7 C3 D2 A5 16 26 57
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://106.37.69.22:6060/cicv.pctl</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.datangmobile.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>525489109</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                                <ssp>
                                    <opaque>00 01 00 01 01 00 00</opaque>
                                </ssp>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        FB 20 48 16 85 DD 84 80 ED BE B4 66 4A F9 A4 76 
                                        2C 07 12 0E FE FE 16 6C 17 D9 41 3E 3E 5E 3D D3
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                68 25 12 B9 FD F8 98 CB B9 D2 9B E0 A2 38 68 BA 
                                D5 DC 3D ED 74 23 F9 8E 64 4A 66 96 B1 2F DD 51
                            </rSig>
                            <sSig>
                                58 72 17 6A 51 76 FC 28 B3 1E 19 2E 04 F2 06 55 
                                F1 18 CB 28 F0 DD 36 3D 5E D3 45 23 D0 F4 94 4E
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>https://smartcar.datangmobile.cn/api/ca/v1/ctl/DTCTL.coer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.test.v2x.tkca.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>526100741</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        FB 7C 6A 4D 53 D7 42 E2 2E C1 B3 ED 0C 55 93 96 
                                        83 90 9E 67 7C E1 97 47 46 52 A0 18 52 B9 67 D6
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                6C F6 0F 29 BD D9 2D DB B4 C5 1C A6 55 5A B8 94 
                                B4 30 A6 F6 CF 1C 47 E1 99 A3 E5 D9 80 2A 2E 8C
                            </rSig>
                            <sSig>
                                46 83 63 82 05 88 32 AF 99 C6 0E 54 69 C6 0B 69 
                                FF 32 6B 8C C5 E0 14 65 2F 78 52 84 82 40 84 0D
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://36.112.88.204:8093/dc-api/getctl/TKCACTL.oer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.v2x.jsits.org.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>525666714</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-1>
                                        9E CE 5D 51 F6 06 88 65 CB 97 D4 61 03 2C 86 28 
                                        D2 9E 9B F0 44 0F F8 0E BD CF 89 E1 96 1F 51 19
                                    </compressed-y-1>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                1E 16 6E 9F 4F 21 4A 2B 87 8A 74 85 E6 68 D8 BA 
                                19 AA D2 A1 78 47 D0 7B 2C 3D 23 8D D7 E8 82 22
                            </rSig>
                            <sSig>
                                1E 93 6C A7 8E 02 62 4B 18 21 39 88 9C AF 60 91 
                                05 73 7B 5A 6C AA EA B8 2A C0 A7 71 EF 5F 00 AB
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://dc.v2x.jsits.org.cn:8093/getctl</caListUrl>
            </PkiCtlInfo>
        </pkiCtlInfoList>
    </toBeSignedRootCtl>
    <signature>
        <sm2Signature>
            <rSig>
                91 4E E2 E1 79 CF 8D 2E 8A C5 EA 26 C2 FA FB 44 
                E4 6D BF 97 9B 4D FF F0 59 79 43 B0 FA 13 C3 AF
            </rSig>
            <sSig>
                71 91 06 71 26 8E A4 0F F2 22 2F 1C F8 08 63 CA 
                00 55 DC C2 6F CD 83 38 A8 37 9A 84 8C 47 A1 21
            </sSig>
        </sm2Signature>
    </signature>
</RootCtl>

trcl.coer包含各个厂家的根证书,我们要做的是将根证书解析出来并保存
通过解析得到五个厂家的根证书,分别为

  • rca.v2xca.catarc.info
  • rootca.china-icv.cn
  • rootca.datangmobile.cn
  • rootca.test.v2x.tkca.cn
  • rootca.v2x.jsits.org.cn

rca.v2xca.catarc.info 内容

hex = 80 03 00 81 02 79 81 15 72 63 61 2e 76 32 78 63 61 2e 63 61 74 61 72 63 2e 69 6e 66 6f 00 00 00 00 00 1f 78 a9 c3 86 00 1e 83 01 01 80 00 9c 03 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 02 e0 81 01 03 01 ff c0 e0 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 03 01 ff c0 01 82 21 83 6a b7 70 34 f5 7b d0 56 05 6e 12 58 8b 0e 6a 9d 5f 0d f5 5f aa 18 ff b3 86 11 e0 4a 71 8b a2 5b 80 84 21 82 5e f4 92 df ad da 00 f0 39 bf 50 24 85 b0 ed b9 3a 92 6e f4 78 13 35 f4 c2 1c 53 d2 3d 73 26 c8 84 40 ba 69 c3 42 6a b8 bb 61 ae 80 7e 11 bc 79 94 ba 05 0d 70 09 42 59 86 0d 5b 0b f8 ba 5c de 9f e9 66 63 d0 8a af 06 e8 e5 c0 4f af 4c 89 f0 ce 3f fe 7a 11 d5 43 e4 7a f1 77 12 cd ab d1 73 82 2c 
sm3 hashid32 = f8 43 4e 66 2f f5 61 12 d4 12 3a 29 89 88 ff 65 ee 25 20 fa 0b 47 42 14 0b 89 cb 67 a9 3c a5 8c
sm3 hashid8 = 0b 89 cb 67 a9 3c a5 8c

rootca.china-icv.cn 内容

hex = 80 03 00 81 02 58 81 13 72 6f 6f 74 63 61 2e 63 68 69 6e 61 2d 69 63 76 2e 63 6e 00 00 00 00 00 1f 47 46 85 86 00 1e 83 01 01 80 00 9c 01 01 80 02 0e 2b 80 03 80 00 01 01 04 e0 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2b 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2c 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2d 81 01 03 01 ff c0 80 84 21 83 37 f1 33 b1 a0 8d 99 df 06 f7 d6 dd 2a cd 3b f6 7d 6b db fc be 32 5d f3 0c ff 1a bf ad 91 a2 f2 84 40 50 db c7 27 f8 76 49 68 ef 61 3e 77 09 7d 4d ff 81 d5 35 44 70 b9 74 83 ba f4 b5 d3 52 71 55 53 5d a4 c5 75 1f d2 cc b0 f2 c6 72 c1 37 95 af 5d d8 2d f9 6a 38 41 90 fa c5 a7 c3 d2 a5 16 26 57 
sm3 hashid32 = 80 0a 70 9a fa bf 11 bb 27 36 7c b5 a4 eb 4d 5f 7c 7f dd 89 79 7b 50 f5 46 82 80 66 9c a1 f5 4e 
sm3 hashid8 = 46 82 80 66 9c a1 f5 4e 

rootca.datangmobile.cn 内容

hex = 80 03 00 81 02 58 81 16 72 6f 6f 74 63 61 2e 64 61 74 61 6e 67 6d 6f 62 69 6c 65 2e 63 6e 00 00 00 00 00 1f 52 53 d5 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 fb 20 48 16 85 dd 84 80 ed be b4 66 4a f9 a4 76 2c 07 12 0e fe fe 16 6c 17 d9 41 3e 3e 5e 3d d3 84 40 68 25 12 b9 fd f8 98 cb b9 d2 9b e0 a2 38 68 ba d5 dc 3d ed 74 23 f9 8e 64 4a 66 96 b1 2f dd 51 58 72 17 6a 51 76 fc 28 b3 1e 19 2e 04 f2 06 55 f1 18 cb 28 f0 dd 36 3d 5e d3 45 23 d0 f4 94 4e 

sm3 hashid32 = f2 55 82 a5 5a a2 51 b1 a4 01 0c 38 7b e5 13 15 14 0e bb df 27 97 e7 0d 26 de ec 8e eb 3f 5f fb 
sm3 hashid8 = 26 de ec 8e eb 3f 5f fb 

rootca.test.v2x.tkca.cn 内容

hex = 80 03 00 81 02 58 81 17 72 6f 6f 74 63 61 2e 74 65 73 74 2e 76 32 78 2e 74 6b 63 61 2e 63 6e 00 00 00 00 00 1f 5b a9 05 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 04 e0 81 01 02 01 ff c0 60 80 01 01 00 02 0e 2b 01 ff c0 60 80 01 01 00 02 0e 2c 01 ff c0 60 80 01 01 00 02 0e 2d 01 ff c0 80 84 21 82 fb 7c 6a 4d 53 d7 42 e2 2e c1 b3 ed 0c 55 93 96 83 90 9e 67 7c e1 97 47 46 52 a0 18 52 b9 67 d6 84 40 6c f6 0f 29 bd d9 2d db b4 c5 1c a6 55 5a b8 94 b4 30 a6 f6 cf 1c 47 e1 99 a3 e5 d9 80 2a 2e 8c 46 83 63 82 05 88 32 af 99 c6 0e 54 69 c6 0b 69 ff 32 6b 8c c5 e0 14 65 2f 78 52 84 82 40 84 0d 

sm3 hashid32 = a7 c2 cf 36 d3 2c e6 fb 99 f1 53 85 2b 37 6d 8d b3 d3 88 e9 0c 4a e4 4c eb 03 52 f8 9c e6 9f 39 
sm3 hashid8 = eb 03 52 f8 9c e6 9f 39 

rootca.v2x.jsits.org.cn 内容

hex = 80 03 00 81 02 58 81 17 72 6f 6f 74 63 61 2e 76 32 78 2e 6a 73 69 74 73 2e 6f 72 67 2e 63 6e 00 00 00 00 00 1f 55 09 9a 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 04 e0 81 01 02 01 ff c0 60 80 01 01 00 02 0e 2b 01 ff c0 60 80 01 01 00 02 0e 2c 01 ff c0 60 80 01 01 00 02 0e 2d 01 ff c0 80 84 21 83 9e ce 5d 51 f6 06 88 65 cb 97 d4 61 03 2c 86 28 d2 9e 9b f0 44 0f f8 0e bd cf 89 e1 96 1f 51 19 84 40 1e 16 6e 9f 4f 21 4a 2b 87 8a 74 85 e6 68 d8 ba 19 aa d2 a1 78 47 d0 7b 2c 3d 23 8d d7 e8 82 22 1e 93 6c a7 8e 02 62 4b 18 21 39 88 9c af 60 91 05 73 7b 5a 6c aa ea b8 2a c0 a7 71 ef 5f 00 ab 

sm3 hashid32 = 48 6d 43 34 ef c7 b5 77 8a 18 13 ba 4e f3 4a b4 2b e5 22 6a c5 e4 f9 26 56 6b ed 42 32 5c 48 a7
sm3 hashid8 =  56 6b ed 42 32 5c 48 a7

根据上述5个根证书的sm3 hashid8,可以将对应的根证书文件保存为对应的名字,类似:

  • 0B89CB67A93CA58C.rca
  • 26DEEC8EEB3F5FFB.rca
  • 468280669CA1F54E.rca
  • 566BED42325C48A7.rca
  • EB0352F89CE69F39.rca

而每一个根证书所对应的PKI体系证书信息可以包含在下述文件中,列表中的CA证书应为从相关CA至该PKI根证书的证书链

  • 0B89CB67A93CA58C.tdcl
  • 26DEEC8EEB3F5FFB.tdcl
  • 468280669CA1F54E.tdcl
  • 566BED42325C48A7.tdcl
  • EB0352F89CE69F39.tdcl

《基于LTE的车联网无线通信技术 安全证书管理系统技术要求》 SM2 验证过程

已知数据
签名证书对应的SM2私钥:

17 9e 18 ae e3 38 72 e1 60 5e 99 e8 bc 61 20 f7 
95 e7 c8 f8 a9 ce 60 7a 4a 71 78 68 23 53 a1 69

签名证书SM3哈希值:

e3 8c 7c b2 ec ed b9 28 9b 6e 71 ad 30 b6 26 2c 
4a 57 85 73 b9 a4 4d e8 ab 65 9a 6b cd 96 7d 77

ToBeSignedData待签名数据值:

40 03 80 20 34 34 34 34 34 34 34 34 34 34 34 34 
34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 
34 34 34 34 40 01 20 00 00 00 00 00 23 73 03 

过程数据
签名证书对应的公钥:

X:
1e 5f 89 a5 74 08 2c 8b 36 11 fb a8 d0 65 f3 08 
b4 8f 64 ee ef 71 30 3c 75 ba 8e 95 d5 be 89 42 
Y:
77 84 ef 22 09 41 de eb cf 5b 3e 34 65 98 0a 30 
91 67 34 6f fe 05 0a e1 00 7c 2d 2f 3f 10 57 74

ZA值:

ff 25 43 65 9c 0b 93 c3 9f e3 b4 00 73 98 df 9f 
b4 0c f4 5d e3 65 e7 c9 af 16 5d 42 68 35 0b b9 

Hash (ZA || Data input) 值:

7a b1 2a 19 b6 45 df c6 36 e2 0e a7 ae b0 e5 5e 
f3 f3 68 38 87 b2 e0 76 a8 eb 32 94 90 4e e5 d4

签名结果数据

R:
DD F9 07 5D D2 D9 47 05 A1 2F 42 5E 51 CB 27 4C 
B8 F4 AE 65 B3 1C 7C DD CD 31 C2 BC 3C 55 28 81
S:
20 86 11 DE 09 A7 CC 4E 48 76 E6 9E F2 E7 C0 6A 
85 39 A4 67 F2 0B 0E A7 FE EB 2A FE 9D 59 5C C4

附录
ZA值计算方法
SM2是一种椭圆曲线密码学算法, SM2只与单个特定的256位椭圆曲线相关联,因此在本标准中与SM2相关联的标识符不需要额外的曲线指示。
本标准中SM2的签名格式r用整数表示。SM2通过将身份字符串添加到要散列的消息前来命名散列函数, 这个身份字符串是:
𝑍𝐴 = 𝐻ASH(𝐸𝑁𝑇𝐿𝐴||𝐼𝐷𝐴||𝑎||𝑏||𝑥𝐺| |𝑦𝐺 ||𝑥𝐴||𝑦𝐴)
其中

1) ENTLA 是由IDA长度转换而成的两个字节字符,值为IDA的有效比特数;
2) IDA 是发送方的ID;
3) a 和b是SM2椭圆曲线的方程参数;
4) xG和yG 是SM2基点的 x和y坐标;
5) xA和yA是验签公钥的x和y坐标;

数字签名用H(ZA || Data input)计算,而不是只用M计算,此处的Data input为待签名的消息数据。
本标准约定IDA为发送方正在使用证书的32字节哈希值,也即IDA=HashedId32(Certificate)并按GB/T 32918进行比特串到字节串的转换,ENTLA 是0x0100。当签发的证书为自签名证书时,IDA为16进制整数31323334353637383132333435363738,并按GB/T 32918进行整数到字节串的转换,因此ENTLA 是0x0080。