昨天我花了几个小时尝试使用 X509 证书(来自 thawte 的“免费邮件”证书之一)对一个短文件进行数字签名。 我终于让 openssl 将其签名为 SMIME 消息,但我无法成功验证它,而且它是 SMIME 格式 - 我无法访问实际上可以发送 SMIME 文件的“sendmail”程序。
我只想创建一些通过普通剪切和编辑“可摘录”的文件。 粘贴,例如:
===BEGIN SIGNED DOCUMENT===
===BEGIN DOCUMENT===
blah blah blah this is the plaintext ...
===END DOCUMENT===
===BEGIN SIGNATURE===
AFab12121abadAF ...
===END SIGNATURE===
===END SIGNED DOCUMENT===
或者,我想我可以制作一个包含原始文件和签名的 .zip 文件。
所以我想我的要求是:
- 输入纯文本=任意文件
- 输入signkey=来自X509证书
- 输出=我可以通过剪切和粘贴或附加单个.zip文件
- 程序轻松通过电子邮件发送给其他人的东西=免费的东西 像 openssl 或 gpg 程序这样的开源程序
- ! = 一个神奇的 GUI,我不明白发生了什么
- 能够轻松地使用该程序从输入生成输出
- 能够轻松地从输出中提取明文(例如直接通过眼睛或作为.zip 文件的组成部分)
- 能够验证明文是否由 X509 证书的授予者(即我)签名,并且证书的授予者 (CA) 是众所周知的 CA...假设我是保持证书安全不被其他方使用的理性人(否则有人可以像我一样签署东西)。
有没有关于 X509 证书和证书的好教程? 它们在实践中是如何使用的? 我有施奈尔的《应用密码学》第二版和《应用密码学》。 在加密算法+协议方面有相当多的经验,但对 X509 知之甚少,而且我对证书实际上是什么感到非常困惑。 (换句话说,“证书是颁发方 CA 的加密断言,证书中指定的 X 方是 CA 已知的身份?”并且“证书使其持有者能够 _____”)
当我得到一个证书时,它显示在 Firefox 证书管理器的“您的证书”选项卡中,我可以导出它并使用 openssl 读取它,但我想确保它不会以任何其他人可以在不知道证书的情况下使用它的方式存储。 密码——我真的很困惑,因为似乎有些证书只有公钥和密码。 其他人有加密的私钥。
openssl 是否有一个好的、简单的 GUI 包装器,可以让你解释它在做什么?
编辑: thawte 并不容易让您直接使用证书请求; 相反,它与网络浏览器(我使用 Firefox)对话 它生成私钥并处理所有证书协议。 所以我可以将其导出为 PKCS12 文件,但我不确定如何使用它。
I spent several hours yesterday trying to digitally sign a short file using an X509 certificate (one of the "freemail" certificates from thawte). I finally got openssl to sign it as an SMIME message, but I can't successfully verify it, AND it's in the SMIME format -- I don't have access to a "sendmail" program which can actually send out the SMIME file.
I just want to create some file that is "excerptable" via plain cut & paste, like:
===BEGIN SIGNED DOCUMENT===
===BEGIN DOCUMENT===
blah blah blah this is the plaintext ...
===END DOCUMENT===
===BEGIN SIGNATURE===
AFab12121abadAF ...
===END SIGNATURE===
===END SIGNED DOCUMENT===
Alternatively I guess I could make a .zip file that contains the original file and also the signature.
so I guess my requirements are:
- input plaintext = arbitrary file
- input signkey = from X509 certificate
- output = something I can easily email to someone else by cut&paste or by attaching a single .zip file
- program = something that is free & open source like openssl or gpg
- program != a magic GUI where I don't understand what's going on
- ability to easily use the program to generate output from inputs
- ability to easily extract the plaintext from the output (e.g. either directly by eye or as a component of the .zip file)
- ability to verify that the plaintext was signed by the grantee of the X509 certificate (i.e. me) and that the grantor (CA) of the certificate is a Well-Known CA... assuming that I am a rational person who keeps the certificate secure from use by other parties (otherwise someone could sign things as me).
Is there a good tutorial for X509 certificates & how they are used in practice for this stuff? I have the 2nd edition of Schneier's "Applied Cryptography" & have a fair amount of experience with cryptographic algorithms + protocols, but don't know much at all about X509 and I'm really confused as to what a certificate actually is in practical terms. (In other words, "a certificate is a cryptographic assertion by the issuing party CA that the party X named in the certificate is an identity known to the CA?" AND "a certificate enables its bearer to _____")
When I get one it shows up in Firefox's "Your Certificates" tab of the Certificate Manager, and I can export it and read it with openssl, but I want to make sure that it's not stored in any way that someone else can use it w/o knowing the cert. passphrase -- and I get really confused because it seems like some certificates only have the public key & others have encrypted private keys.
Is there a good, simple GUI wrapper around openssl that allows you to have it explain what it's doing?
edit: thawte doesn't easily let you use certificate requests directly; instead it talks to web browsers (I use Firefox) & that generatese the private key and handles all the certificate protocol. So I can export that as a PKCS12 file but am not exactly sure how to use that.
发布评论
评论(2)
如果使用openssl工具,可以使用命令
将其转换为pem-格式。
编辑:
PKCS#12 文件只是证书和密钥的容器。 如果您想查看它包含的内容(至少除了加密部分),您可以使用诸如 dumpasn1. 从浏览器导出的 PKCS#12 文件将包含加密格式的私钥、证书以及形成受信任 CA 链所需的 CA 证书。
同样,PEM 文件可以包含证书和密钥。 在 PEM 文件中,证书和密钥采用 Base64 编码并放置在一些文本分隔符内(PKCS#12 文件使用名为 ASN.1 的二进制编码来构造文件 - 您可以将 ASN.1 视为 XML 的二进制形式。您遇到的大多数加密结构都已使用 ASN.1 进行编码)。 除此之外,格式之间唯一真正的区别是 PKCS#12 包含完整性检查 - 否则格式是等效的。
OpenSSL 最适合与 PEM 配合使用,而大多数浏览器和电子邮件应用程序都需要 PKCS#12,但您可以在格式之间自由转换。
If you use the openssl tool, you can use the command
to convert it to pem-format.
EDIT:
A PKCS#12 file is just a container for certificates and keys. If you want to see what it contains (at least except for the encrypted parts), you can use a tool such as dumpasn1. The PKCS#12 file that you export from your browser will contain your private key in an encrypted format, your certificate as well as the CA certificates that are necessary to form a chain up to a trusted CA.
Likewise a PEM file can contain certificates and keys. In a PEM file the certificates and keys are base64 encoded and placed within some text delimiters (a PKCS#12 file uses a binary encoding named ASN.1 to structure the file - you can think of ASN.1 as a binary form of XML. Most cryptographic structures you encounter will have been encoded using ASN.1). Except for that, the only real difference between the formats is that PKCS#12 contains an integrity check - otherwise the formats are equivalent.
OpenSSL works best with PEM, while most browsers and emailapplications will expect PKCS#12, but you can freely convert between the formats.
首先,您可能需要了解私钥、公钥和证书之间的区别。 证书是用 CA 私钥对声明“公钥 XX 属于个人 YY”进行的签名。 如果您使用私钥签署某些内容,则可以使用您的公钥验证签名,并且信任 CA 的第三方可以断定该签名是由您签署的。
如果生成 S/MIME 消息并将其附加为扩展名为 .p7s 的文件,则大多数邮件程序可能能够验证它。
如果您想完全控制您正在做的事情,我的经验是,围绕 PGP 格式的工具可以为您提供更好的控制(与实现 S/MIME 协议的邮件程序相比)。
First you probably need to read up on the difference between a private key, a public key and a certificate. A certificate is a signature with a CAs private key on the statement "The public key XX belongs to the person YY". If you sign something with your private key, the signature can be validated with your public key, and a third party that trusts the CA can conclude that the signature was signed by you.
If you generate a S/MIME message and attach it as a file with the extension .p7s, most mail programs will probably be able to verify it.
If you want total control over what you are doing, my experience is that the tooling around the PGP-format gives you better control (compared to the mail-programs implementing the S/MIME protocol).