无法使用 PyAsn1 Python 从 pkcs7 信封中获取加密密钥
Can't get encrypted key out of pkcs7 envelope with PyAsn1 Python
我正在尝试从 PKCS7 信封中提取 RSA 加密的 AES 密钥,但收到一条错误消息,指出加密的密钥是模式,而不是值。为什么在信封中有一行内容是 encryptedKey=....
content, rest = decode(env_der, asn1Spec=rfc2315.ContentInfo())
assert content['contentType'] == rfc2315.envelopedData
myenvelop, rest = decode(content['content'], asn1Spec=rfc2315.EnvelopedData())
print(myenvelop)
print(myenvelop['recipientInfos'][1]['encryptedKey'])
这段代码的结果是:
EnvelopedData:
version=0
recipientInfos=RecipientInfos:
RecipientInfo:
version=0
issuerAndSerialNumber=IssuerAndSerialNumber:
issuer=Name:
=RDNSequence:
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.6
value=0x13025553
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.10
value=0x130f552e532e20476f7665726e6d656e74
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.11
value=0x131c556e697465642053746174657320506f7374616c2053657276696365
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.3
value=0x131255535053496e7465726e616c537562324341
serialNumber=488380148491395325238848
keyEncryptionAlgorithm=KeyEncryptionAlgorithmIdentifier:
algorithm=1.2.840.113549.1.1.1
parameters=0x0500
encryptedKey=0x1b396af2d3a1eca95621262c85fd11835616fc5e1d342c752a2082dd559a23c8f11c21d68b8d5317c721c1d7eba7a1c5bef8ee15d428da74c513a61437d6ba7e6ba4286540ec6c068091b5a611ea36c0aaf44b3055fddbdfe40f5472aa0c1daaa69b67ff5bac3e9de17f5c12f7bd4c86ad4d505341308048c82f29cf71c3bcb9108039ccbf7ebc5f9784570f360a1ec3c529dfc94950d290aa95d80e849688b3cc509851173cedf12e963dcd1d083b87ab3a41b7a0db5f79ca4a52b28b3758fec1f20a627d181e95547d56f0b51fcf2a211371df8d62b5e62473ece192649493d89a72693ffe94c2dbfb7e5ba1fa1c04b623b5094600786b931e6cd1a6f406d1
encryptedContentInfo=EncryptedContentInfo:
contentType=1.2.840.113549.1.7.1
contentEncryptionAlgorithm=ContentEncryptionAlgorithmIdentifier:
algorithm=2.16.840.1.101.3.4.1.42
parameters=0x041016b5378e3bfde72671a7a207a4038840
Traceback (most recent call last):
File "C:/Users/VoxaiLap10/Desktop/pythonbible/cryptotestpemmp3_b_md5_7-19-18b.py", line 81, in <module>
unEnvelop(filename, pemFile, outfilename)
File "C:/Users/VoxaiLap10/Desktop/pythonbible/cryptotestpemmp3_b_md5_7-19-18b.py", line 41, in unEnvelop
print(myenvelop['recipientInfos'][1]['encryptedKey'])
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pyasn1\type\univ.py", line 882, in __str__
return self._value.decode(self.encoding)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pyasn1\type\base.py", line 221, in __getattr__
raise error.PyAsn1Error('Attempted "%s" operation on ASN.1 schema object' % attr)
pyasn1.error.PyAsn1Error: Attempted "decode" operation on ASN.1 schema object
可疑的部分是 [1] 订阅,应该是 [0] 吗?我假设您正在尝试解决从零开始的 RecipientInfos 序列的第一个元素。
错误消息本身意味着您尝试使用的对象未初始化,例如没有填充任何具体值。这就是为什么它只能用作 "schema" 例如获取类型信息。
当您通过不存在的索引订阅 RecipientInfos 时,会创建新的 RecipientInfo 元素,该元素显然没有填充任何具体值(默认值除外)。从这个意义上说,它仍然是一个模式,而不是模式实例。
我正在尝试从 PKCS7 信封中提取 RSA 加密的 AES 密钥,但收到一条错误消息,指出加密的密钥是模式,而不是值。为什么在信封中有一行内容是 encryptedKey=....
content, rest = decode(env_der, asn1Spec=rfc2315.ContentInfo())
assert content['contentType'] == rfc2315.envelopedData
myenvelop, rest = decode(content['content'], asn1Spec=rfc2315.EnvelopedData())
print(myenvelop)
print(myenvelop['recipientInfos'][1]['encryptedKey'])
这段代码的结果是:
EnvelopedData:
version=0
recipientInfos=RecipientInfos:
RecipientInfo:
version=0
issuerAndSerialNumber=IssuerAndSerialNumber:
issuer=Name:
=RDNSequence:
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.6
value=0x13025553
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.10
value=0x130f552e532e20476f7665726e6d656e74
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.11
value=0x131c556e697465642053746174657320506f7374616c2053657276696365
RelativeDistinguishedName:
AttributeTypeAndValue:
type=2.5.4.3
value=0x131255535053496e7465726e616c537562324341
serialNumber=488380148491395325238848
keyEncryptionAlgorithm=KeyEncryptionAlgorithmIdentifier:
algorithm=1.2.840.113549.1.1.1
parameters=0x0500
encryptedKey=0x1b396af2d3a1eca95621262c85fd11835616fc5e1d342c752a2082dd559a23c8f11c21d68b8d5317c721c1d7eba7a1c5bef8ee15d428da74c513a61437d6ba7e6ba4286540ec6c068091b5a611ea36c0aaf44b3055fddbdfe40f5472aa0c1daaa69b67ff5bac3e9de17f5c12f7bd4c86ad4d505341308048c82f29cf71c3bcb9108039ccbf7ebc5f9784570f360a1ec3c529dfc94950d290aa95d80e849688b3cc509851173cedf12e963dcd1d083b87ab3a41b7a0db5f79ca4a52b28b3758fec1f20a627d181e95547d56f0b51fcf2a211371df8d62b5e62473ece192649493d89a72693ffe94c2dbfb7e5ba1fa1c04b623b5094600786b931e6cd1a6f406d1
encryptedContentInfo=EncryptedContentInfo:
contentType=1.2.840.113549.1.7.1
contentEncryptionAlgorithm=ContentEncryptionAlgorithmIdentifier:
algorithm=2.16.840.1.101.3.4.1.42
parameters=0x041016b5378e3bfde72671a7a207a4038840
Traceback (most recent call last):
File "C:/Users/VoxaiLap10/Desktop/pythonbible/cryptotestpemmp3_b_md5_7-19-18b.py", line 81, in <module>
unEnvelop(filename, pemFile, outfilename)
File "C:/Users/VoxaiLap10/Desktop/pythonbible/cryptotestpemmp3_b_md5_7-19-18b.py", line 41, in unEnvelop
print(myenvelop['recipientInfos'][1]['encryptedKey'])
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pyasn1\type\univ.py", line 882, in __str__
return self._value.decode(self.encoding)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pyasn1\type\base.py", line 221, in __getattr__
raise error.PyAsn1Error('Attempted "%s" operation on ASN.1 schema object' % attr)
pyasn1.error.PyAsn1Error: Attempted "decode" operation on ASN.1 schema object
可疑的部分是 [1] 订阅,应该是 [0] 吗?我假设您正在尝试解决从零开始的 RecipientInfos 序列的第一个元素。
错误消息本身意味着您尝试使用的对象未初始化,例如没有填充任何具体值。这就是为什么它只能用作 "schema" 例如获取类型信息。
当您通过不存在的索引订阅 RecipientInfos 时,会创建新的 RecipientInfo 元素,该元素显然没有填充任何具体值(默认值除外)。从这个意义上说,它仍然是一个模式,而不是模式实例。