net/data/verify_signed_data_unittest/rsa-pkcs1-sha256.pem


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

This test data was produced by creating a self-signed EC cert using OpenSSL,
and then extracting the relevant fields.

It uses RSA PKCS#1 v1.5 with SHA-256 and a 1024-bit key.

(1) Generate self-signed certificate

  openssl genrsa -out rsa_key.pem 1024
  openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -out cert.pem

(2) Extract public key

  openssl x509 -in cert.pem -pubkey -noout > pubkey.pem
  cat pubkey.pem

(3) Extract signed data (tbsCertificate)

  openssl asn1parse -in cert.pem -out tbs -noout -strparse 4
  base64 tbs

(4) Extract signature algorithm

  # Find the offset of the signature algorithm near the end (491 in this case)
  openssl asn1parse -in cert.pem

  openssl asn1parse -in cert.pem -out alg -noout -strparse 491
  base64 alg

(5) Extract the signature

  # Find the final offset of BIT STRING (506 in this case)
  openssl asn1parse -in cert.pem

  openssl asn1parse -in cert.pem -out sig -noout -strparse 506
  base64 sig


$ openssl asn1parse -i < [PUBLIC KEY]
    0:d=0  hl=3 l= 159 cons: SEQUENCE          
    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   16:d=2  hl=2 l=   0 prim:   NULL              
   18:d=1  hl=3 l= 141 prim:  BIT STRING        
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3
hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q
pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB
-----END PUBLIC KEY-----

$ openssl asn1parse -i < [ALGORITHM]
    0:d=0  hl=2 l=  13 cons: SEQUENCE          
    2:d=1  hl=2 l=   9 prim:  OBJECT            :sha256WithRSAEncryption
   13:d=1  hl=2 l=   0 prim:  NULL              
-----BEGIN ALGORITHM-----
MA0GCSqGSIb3DQEBCwUA
-----END ALGORITHM-----

-----BEGIN DATA-----
MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN
VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1
UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ
VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp
1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA
0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/
cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw
FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w==
-----END DATA-----

$ openssl asn1parse -i < [SIGNATURE]
    0:d=0  hl=3 l= 129 prim: BIT STRING        
-----BEGIN SIGNATURE-----
A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK
oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6
+Gqf3saGdr8/LnvFAdNQvkalQt
-----END SIGNATURE-----