用于证书扩展的 ASN1 模块在哪里
Where is the ASN1 moduels for certificate extention
我正在为 .net 中的证书请求编写 DER 解析器。
我自己基于 RFC 2986,它使用 ASN.1 模块描述了请求的大部分内容。
但是,它没有定义 extensionRequest (oid 1.2.840.113549.1.9.14) 的结构。我搜索过高低但我无法找到另一个 rfc 或公开可用的文档来描述它使用什么结构,预期的类型等(即 extensionRequest 对象的 ASN.1 模块及其子对象)
Der 解码样本:
SEQUENCE (3 elem)
SEQUENCE (4 elem)
INTEGER 0
SEQUENCE (14 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
NULL
BIT STRING (1120 bit) 001100001000000110001001000000101000000110000001000000001011111100011…
SEQUENCE (2 elem)
INTEGER (1024 bit) 134193393845175687447721541202995749257369077931432148182685911334902…
INTEGER 65537
[0] (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.13.2.3 osVersion (Microsoft attribute)
SET (1 elem)
IA5String 10.0.19042.2
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.20 requestClientInfo (Microsoft attribute)
SET (1 elem)
SEQUENCE (4 elem)
INTEGER 5
UTF8String EDITED
UTF8String EDITED\edited
UTF8String MMC.EXE
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.13.2.2 enrolmentCSP (Microsoft attribute)
SET (1 elem)
SEQUENCE (3 elem)
INTEGER 0
BMPString Microsoft Software Key Storage Provider
BIT STRING (0 bit)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF)
SET (1 elem)
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv This sequence vvvvvvvvvvvvvvvvvvvvvvvvv
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
OCTET STRING (153 byte) 308196A41430123110300E060355040B0C076469726E616D658204444E53318204444…
SEQUENCE (9 elem)
[4] (1 elem)
SEQUENCE (1 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String dirname
[2] (4 byte) DNS1
[2] (4 byte) DNS2
[1] (17 byte) othermail@mail.fr
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.25.1 ntdsReplication (Microsoft)
[0] (1 elem)
OCTET STRING (16 byte) ADC5FA58160E9F4ABB154A7DCEDC00A5
[7] (4 byte) 7F000002
[7] (16 byte) 00000000000000000000000000000001
[6] (3 byte) url
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 universalPrincipalName (Microsoft UPN)
[0] (1 elem)
UTF8String userprincipalname
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (20 byte) 87E201CF0B06CB290C98E7DF67796CF46AD9D507
OCTET STRING (20 byte) 87E201CF0B06CB290C98E7DF67796CF46AD9D507
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
BIT STRING (1024 bit) 101110000001101000110010011000110101111010001000011101110110001110000…
你知道我在哪里可以找到这些信息吗?
证书扩展是 PKCS#9 请求属性。具体来说,extensionRequest
属性类型定义在RFC 2985 §5.4.2:
extensionRequest ATTRIBUTE ::= {
WITH SYNTAX ExtensionRequest
SINGLE VALUE TRUE
ID pkcs-9-at-extensionRequest
}
ExtensionRequest ::= Extensions
并在 RFC 5280 Appendix A.1 中:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
简单来说,属性值是SEQUENCE OF Extension
类型。
我正在为 .net 中的证书请求编写 DER 解析器。 我自己基于 RFC 2986,它使用 ASN.1 模块描述了请求的大部分内容。
但是,它没有定义 extensionRequest (oid 1.2.840.113549.1.9.14) 的结构。我搜索过高低但我无法找到另一个 rfc 或公开可用的文档来描述它使用什么结构,预期的类型等(即 extensionRequest 对象的 ASN.1 模块及其子对象)
Der 解码样本:
SEQUENCE (3 elem)
SEQUENCE (4 elem)
INTEGER 0
SEQUENCE (14 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
NULL
BIT STRING (1120 bit) 001100001000000110001001000000101000000110000001000000001011111100011…
SEQUENCE (2 elem)
INTEGER (1024 bit) 134193393845175687447721541202995749257369077931432148182685911334902…
INTEGER 65537
[0] (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.13.2.3 osVersion (Microsoft attribute)
SET (1 elem)
IA5String 10.0.19042.2
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.20 requestClientInfo (Microsoft attribute)
SET (1 elem)
SEQUENCE (4 elem)
INTEGER 5
UTF8String EDITED
UTF8String EDITED\edited
UTF8String MMC.EXE
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.13.2.2 enrolmentCSP (Microsoft attribute)
SET (1 elem)
SEQUENCE (3 elem)
INTEGER 0
BMPString Microsoft Software Key Storage Provider
BIT STRING (0 bit)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF)
SET (1 elem)
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv This sequence vvvvvvvvvvvvvvvvvvvvvvvvv
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.17 subjectAltName (X.509 extension)
OCTET STRING (153 byte) 308196A41430123110300E060355040B0C076469726E616D658204444E53318204444…
SEQUENCE (9 elem)
[4] (1 elem)
SEQUENCE (1 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.11 organizationalUnitName (X.520 DN component)
UTF8String dirname
[2] (4 byte) DNS1
[2] (4 byte) DNS2
[1] (17 byte) othermail@mail.fr
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.25.1 ntdsReplication (Microsoft)
[0] (1 elem)
OCTET STRING (16 byte) ADC5FA58160E9F4ABB154A7DCEDC00A5
[7] (4 byte) 7F000002
[7] (16 byte) 00000000000000000000000000000001
[6] (3 byte) url
[0] (2 elem)
OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 universalPrincipalName (Microsoft UPN)
[0] (1 elem)
UTF8String userprincipalname
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.29.14 subjectKeyIdentifier (X.509 extension)
OCTET STRING (20 byte) 87E201CF0B06CB290C98E7DF67796CF46AD9D507
OCTET STRING (20 byte) 87E201CF0B06CB290C98E7DF67796CF46AD9D507
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
BIT STRING (1024 bit) 101110000001101000110010011000110101111010001000011101110110001110000…
你知道我在哪里可以找到这些信息吗?
证书扩展是 PKCS#9 请求属性。具体来说,extensionRequest
属性类型定义在RFC 2985 §5.4.2:
extensionRequest ATTRIBUTE ::= {
WITH SYNTAX ExtensionRequest
SINGLE VALUE TRUE
ID pkcs-9-at-extensionRequest
}
ExtensionRequest ::= Extensions
并在 RFC 5280 Appendix A.1 中:
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
简单来说,属性值是SEQUENCE OF Extension
类型。