Home

公私钥、数字签名、数字证书

2022/07/29 Tool 共 5998 字,约 18 分钟

公私钥、数字签名、数字证书

alt

Alice,信息发送方;Bob,信息接收方。

Q:如何保证信息传输过程中,其他人看不到?

公私钥

加解密分为对称加密和非对称加密

alt

对称加密:加解密用到的密钥是一样的。密钥泄露风险较大

alt

非对称加密:加解密用到的密钥是不一样的,密钥是一对。公钥对外公开,私钥保密。

公私钥用来对信息进行加解密,解决信息明文传输问题。

可以通过公钥加密,然后通过私钥解密。公钥通常用来加密

可以通过私钥加密,然后通过公钥解密。私钥通常用来签名

加解密过程:

# 生成私钥
# openssl genpkey -algorithm  RSA  -outform PEM -out private_key.pem
.............................++++++
................++++++

# 根据私钥生成对应的公钥
# openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem
writing RSA key

# 构造明文
# echo 'Hello world' > plain_text

# 利用公钥对明文进行加密
# openssl rsautl -encrypt -inkey public_key.pem -pubin -in plain_text -out encrypted_text

# 利用私钥对密文进行解密
# openssl rsautl -decrypt -inkey private_key.pem -in encrypted_text -out decrypted_text
# cat decrypted_text 
Hello world

Q:如何保证信息确实是Alice发出的,而不是其他人伪造的?

数字签名

数字签名用来表明信息归属,解决信息归属问题。

用Alice的公钥解密能获取到的信息,表明该信息确实属于Alice

alt

Alice签名:1、对信息进行Hash运算;2、对Hash值采用私钥进行加密,最后生成签名文件

Bod验签:1、拿到信息和对应的签名文件;2、对信息进行Hash运算;3、采用Alice的公钥解密签名文件;4、比对Hash值,一致则验证通过

Hash运算:1、唯一性,无法找到产生相同输出的输入;2、单向性,法通过输出反推出输入。

Q:如何保证获取到的公钥是Alice的,而不是其他人恶意发布的?

数字证书

数字证书用来说明证书拥有者的真实身份信息,解决证书属主问题

证书=公钥+个人/组织信息(姓名+地址+电子邮件+公司等)

X.509证书关键内容:

  • Issuer: 证书颁发机构
  • Subject: 证书拥有者
  • Subject Public Key Info: 证书拥有者的公钥
  • Signature Algorithm: 签名算法及数字签名

Q:如何保证Alice的证书是可信的?

A:CA机构,通过第三方权威机构做信用背书,解决共识问题

  1. Alice用自己的公钥和个人信息向CA机构发送证书申请CSR
  2. CA验证Alice身份,使用CSR身份信息生成证书,并采用根私钥对证书进行签名
  3. Bob使用CA机构的公钥对Alice的证书进行验证,确认Alice的公钥及其身份

CA的公钥通常预置在操作系统中

Q:如何保证CA的私钥未被泄露?

A:证书链,通过增加中间证书,降低泄露影响面

alt

示例

alt

生成CA私钥和证书

# openssl req -newkey rsa:2048 -nodes -keyout rootCA.key -x509 -days 365 -out rootCA.crt
Generating a 2048 bit RSA private key
...........................+++
..................................+++
writing new private key to 'rootCA.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi       
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:Test Root CA
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Test Root CA
Email Address []:ca@test.com
# ls rootCA.key rootCA.crt 
rootCA.crt  rootCA.key

生成中间证书的私钥和CSR

# openssl req -new -nodes -keyout intermediate.key -out intermediate.csr
Generating a 2048 bit RSA private key
......................................................................+++
....+++
writing new private key to 'intermediate.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:Test Intermediate CA
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Test Intermediate CA
Email Address []:intermediate@test.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# ls intermediate.key intermediate.csr 
intermediate.csr  intermediate.key

根据CSR生成中间证书

# mkdir db
# touch db/index
# cat intermediateCA.conf 
[ ca ]
default_ca = intermediate_ca
[ intermediate_ca ]
dir = .
private_key = $dir/rootCA.key
certificate = $dir/rootCA.crt
new_certs_dir = $dir/
serial = $dir/crt.srl
database = $dir/db/index
default_md = sha256
policy = policy_any
email_in_dn = no
[ policy_any ]
domainComponent = optional
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ ca_ext ]
keyUsage                = critical,keyCertSign,cRLSign
basicConstraints        = critical,CA:true
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always

中间证书,需要设置basicConstraints包含CA:true,标明该证书属于证书机构的证书,可以用于签发和验证用户证书

# openssl ca -config intermediateCA.conf -days 365 -create_serial -in intermediate.csr -out intermediate.crt -extensions ca_ext -notext
Using configuration from intermediateCA.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :ASN.1 12:'Shaanxi'
localityName          :ASN.1 12:'Xi'an'
organizationName      :ASN.1 12:'Test Intermediate CA'
commonName            :ASN.1 12:'Test Intermediate CA'
Certificate is to be certified until Jul 29 07:34:53 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
# ls intermediate.crt 
intermediate.crt

生成Alice的私钥和CSR

# openssl req -new -nodes -keyout Alice.key -out Alice.csr
Generating a 2048 bit RSA private key
.....................+++
..............................+++
writing new private key to 'Alice.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:Alice Company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Alice
Email Address []:alice@test.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# ls Alice.key Alice.csr 
Alice.csr  Alice.key

生成Alice的用户证书

# openssl x509 -req -in Alice.csr -CA intermediate.crt -CAkey intermediate.key -CAcreateserial -out Alice.crt
Signature ok
subject=/C=CN/ST=Shaanxi/L=Xi'an/O=Alice Company/CN=Alice/emailAddress=alice@test.com
Getting CA Private Key
# ls Alice.crt 
Alice.crt

Bob对Alice的用户证书进行验证

通过指定证书进行验证:

# openssl verify -CAfile rootCA.crt -untrusted intermediate.crt Alice.crt
Alice.crt: OK

验证时需要同时指明根证书和中间证书

或者,通过证书链进行验证:

# cat rootCA.crt intermediate.crt > chain.crt
# openssl verify -CAfile chain.crt Alice.crt
Alice.crt: OK

实际使用中,根证书自身就是可信的,而且预置在OS中的,可以直接通过中间证书进行验证

参考:

  • https://segmentfault.com/a/1190000024523772
  • https://www.zhaohuabing.com/post/2020-03-19-pki/

Search

    Table of Contents