info.der( openssl asn1parse -in foo.csr -strparse 4 -out info.der ) pub.pem( openssl req -pubkey -in foo.csr -noout -out pub.pem ) hash.manual(保存的命令"sha256 info.der" 的十六进制输出) sig.raw( openssl asn1parse -in foo.csr -strparse 338 -out sig.raw ) 我的理解/怀疑是签名"，foo.csr中提到的只是加密的输出""hash.manual"的带有私钥"test.key".为了验证我的理解 $ openssl rsautl -encrypt -in hash_manual -inkey test.key -out manual_signature 现在，当我在这两个文件上执行diff时，它们不匹配，并且hexdump -C确认sig.raw与(openssl req -in csr --text)中提到的签名输出匹配. 请帮助说明为什么manual_signature&sig.raw不匹配.解决方案您有两个问题:您需要使用 sign 而不是 encrypt .对于RSA， encrypt 是使用公钥加密，而 sign 是使用私钥加密 rsautl 的输出格式错误第一个很容易修复，只需使用 -sign .第二个有点烦人，不仅是 sha256 输出被签名，而且是一个如下所示的ASN.1结构: 0:d = 0 hl = 2 l = 49缺点:序列2:d = 1 hl = 2 l = 13缺点:序列4:d = 2 hl = 2 l = 9原始:对象:sha25615:d = 2 hl = 2 l = 0 prim:空17:d = 1 hl = 2 l = 32 prim:OCTET STRING0000-dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q .........0010-4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7 ..... I.C ... 最后一个 OCTET STRING 字段是原始的 sha256 哈希.最简单的方法是使用 openssl dgst 组合哈希和签名: #哈希并签署certificateRequestInfo$ openssl dgst -sha256 -sign test.key info.der>manual_signature#与提取的sig.raw比较(无输出表示无差异)$ diff manual_signature sig.raw#使用公钥验证提取的sig.raw和manual_signature$ openssl rsautl -verify -pubin -inkey pub.pem -in sig.raw -asn1parse0:d = 0 hl = 2 l = 49缺点:序列2:d = 1 hl = 2 l = 13缺点:序列4:d = 2 hl = 2 l = 9原始:对象:sha25615:d = 2 hl = 2 l = 0 prim:空17:d = 1 hl = 2 l = 32 prim:OCTET STRING0000-dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q .........0010-4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7 ..... I.C ...$ openssl rsautl -verify -pubin -inkey pub.pem -in manual_signature -asn1parse0:d = 0 hl = 2 l = 49缺点:序列2:d = 1 hl = 2 l = 13缺点:序列4:d = 2 hl = 2 l = 9原始:对象:sha25615:d = 2 hl = 2 l = 0 prim:空17:d = 1 hl = 2 l = 32 prim:OCTET STRING0000-dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q .........0010-4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7 ..... I.C ...Created certificate signing request using following commands :$ openssl genrsa -out test.key 2048$ openssl req -new -key test.key -subj "/CN=foo" -out foo.csrwith the help of steps provided @marc i have extracted 4 files from it :info.der ( openssl asn1parse -in foo.csr -strparse 4 -out info.der )pub.pem (openssl req -pubkey -in foo.csr -noout -out pub.pem)hash.manual ( saved hex output of command "sha256 info.der")sig.raw (openssl asn1parse -in foo.csr -strparse 338 -out sig.raw )My understanding / doubt is , "Signature" mentioned in foo.csr is nothing but "encrypted ouptut" of the "hash.manual" with private key "test.key". so to validate my understanding i used$ openssl rsautl -encrypt -in hash_manual -inkey test.key -out manual_signatureNow when i perform diff on these two files they are not matching and hexdump -C confirms the sig.raw is matching the signature output mentioned in (openssl req -in csr --text).Please help in clarifying why manual_signature & sig.raw are not matching. 解决方案 You have two problems:you need to use sign rather than encrypt. For RSA, encrypt is encryption with the public key but sign is encryption with the private keythe output of rsautl is in the wrong formatThe first is easy to fix, just use -sign.The second is a bit more annoying, it is not just the sha256 output being signed, it's an ASN.1 structure that looks like this: 0:d=0 hl=2 l= 49 cons: SEQUENCE 2:d=1 hl=2 l= 13 cons: SEQUENCE 4:d=2 hl=2 l= 9 prim: OBJECT :sha256 15:d=2 hl=2 l= 0 prim: NULL 17:d=1 hl=2 l= 32 prim: OCTET STRING 0000 - dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q.........>. 0010 - 4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7.....I.C...Where the final OCTET STRING field is the raw sha256 hash.The easiest way to generate this is to use openssl dgst to combine hashing and signature:# Hash and sign the certificationRequestInfo$ openssl dgst -sha256 -sign test.key info.der > manual_signature# Compare to extracted sig.raw (no output means no diff)$ diff manual_signature sig.raw# Verify both the extracted sig.raw and the manual_signature using the public key$ openssl rsautl -verify -pubin -inkey pub.pem -in sig.raw -asn1parse 0:d=0 hl=2 l= 49 cons: SEQUENCE 2:d=1 hl=2 l= 13 cons: SEQUENCE 4:d=2 hl=2 l= 9 prim: OBJECT :sha256 15:d=2 hl=2 l= 0 prim: NULL 17:d=1 hl=2 l= 32 prim: OCTET STRING 0000 - dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q.........>. 0010 - 4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7.....I.C...$ openssl rsautl -verify -pubin -inkey pub.pem -in manual_signature -asn1parse 0:d=0 hl=2 l= 49 cons: SEQUENCE 2:d=1 hl=2 l= 13 cons: SEQUENCE 4:d=2 hl=2 l= 9 prim: OBJECT :sha256 15:d=2 hl=2 l= 0 prim: NULL 17:d=1 hl=2 l= 32 prim: OCTET STRING 0000 - dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q.........>. 0010 - 4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7.....I.C... 这篇关于在证书签名请求中手动创建的签名与openssl req生成的签名不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！