pyOpenSSL的PKCS7对象提供的信息很少，如何获取签名中公钥的sha1摘要

本文介绍了pyOpenSSL的PKCS7对象提供的信息很少，如何获取签名中公钥的sha1摘要的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想用Python解析android apk的CERT.RSA.我知道可以用pyOpenSSL解析

I would like to parse android apk's CERT.RSA in Python.I know it can be parsed with pyOpenSSL

import OpenSSL

cert = OpenSSL.crypto.load_pkcs7_data(type, buffer)

cert的类型为'OpenSSL.crypto.PKCS7'.

cert is of type 'OpenSSL.crypto.PKCS7'.

但是现在PKCS7对象不完整，我无法获取所需的属性，是否有其他方法可以解析该文件?

BUT right now PKCS7 object is not complete, I cannot get attributes I need, is there any alternative way to parse that file?

推荐答案

您可以使用openssl将PKCS#7转换为PEM，使用PyOpenSSL

You can convert PKCS#7 to PEM using openssl, PEM is readable using PyOpenSSL

openssl pkcs7 -print_certs -in sample.p7b -out sample.cer

未实施，拉取请求自2015年以来一直处于停滞状态.
使用请求请求中的代码即可完成操作.

It's not implemented, the Pull Request stalles since 2015.
Useing the code from the Pull Request you can doit.

    def get_certificates(self):
        from OpenSSL.crypto import _lib, _ffi, X509
        """
        https://github.com/pyca/pyopenssl/pull/367/files#r67300900

        Returns all certificates for the PKCS7 structure, if present. Only
        objects of type ``signedData`` or ``signedAndEnvelopedData`` can embed
        certificates.

        :return: The certificates in the PKCS7, or :const:`None` if
            there are none.
        :rtype: :class:`tuple` of :class:`X509` or :const:`None`
        """
        certs = _ffi.NULL
        if self.type_is_signed():
            certs = self._pkcs7.d.sign.cert
        elif self.type_is_signedAndEnveloped():
            certs = self._pkcs7.d.signed_and_enveloped.cert

        pycerts = []
        for i in range(_lib.sk_X509_num(certs)):
            pycert = X509.__new__(X509)
            # pycert._x509 = _lib.sk_X509_value(certs, i)
            # According to comment from @ Jari Turkia
            # to prevent segfaults use '_lib.X509_dup('
            pycert._x509 = _lib.X509_dup(_lib.sk_X509_value(certs, i))
            pycerts.append(pycert)

        if not pycerts:
            return None
        return tuple(pycerts)

用法:

pkcs7 = crypto.load_pkcs7_data(crypto.FILETYPE_ASN1, open('signature.der', 'rb').read())
certs = get_certificates(pkcs7)
print(certs)
for cert in certs:
    print('digest:{}'.format(cert.digest('sha256')))

(<OpenSSL.crypto.X509 object at 0xf671b62c>, <OpenSSL.crypto.X509 object at 0xf671b86c>)
digest:b'48:19:A4:2A:56:94:22:14:73:EC:2B:01:45:9E:0B:87:92:44:26:5E:57:AF:59:F5:4C:89:F3:79:83:14:11:A3'
digest:b'25:BC:AC:86:8F:51:8B:EE:47:CC:8B:A7:78:91:7E:86:09:56:19:4B:B9:C4:10:1B:DF:13:CA:A6:54:E1:F7:4C'

使用Python:3.4.2测试-OpenSSL:17.1.0-密码学:1.9-cffi:1.10.0

Tested with Python:3.4.2 - OpenSSL:17.1.0 - cryptography:1.9 - cffi:1.10.0

使用

OpenSSL.crypto.load_pkcs7_data(type, buffer)

这篇关于pyOpenSSL的PKCS7对象提供的信息很少，如何获取签名中公钥的sha1摘要的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！