英文:
x509 CheckSignature parameter
问题
在x509库中,有一个名为CheckSignature的函数。我有点困惑应该传递给signed参数什么。它应该是什么?
该函数的定义如下:
func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) (err error)
另外,我想确认一下,如果我使用与证书关联的私钥对某个内容进行签名,那么该签名能通过CheckSignature函数吗?
英文:
In the x509 library, there is a function called CheckSignature. I'm a bit lost as to what to pass into signed. What is it supposed to be?
The function is
func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) (err error)
https://golang.org/src/crypto/x509/x509.go?s=21660:21759#L623
Another thing I want to double is that if I signed something with the private key associated with the certificate, will that signature pass this CheckSignature function?
答案1
得分: 0
signed 看起来是 签名者 的 ASN.1 DER 格式证书。
英文:
signed looks to be the certificate in ASN.1 DER format of the signer.
答案2
得分: 0
你需要使用父证书来检查已发证书上的签名。例如:
// parent 是父 x509.Certificate
// cert 是由父证书签名的证书
// alg 是用于签名的算法,例如 x509.PureEd25519
alg := cert.SignatureAlgorithm
err := parent.CheckSignature(alg, cert.RawTBSCertificate, cert.Signature)
if err != nil {
return errors.New("签名无效")
}
英文:
You need to use the parent certificate to check the signature on the issued certificate. eg:
// parent is the parent x509.Certificate
// cert is the certificate signed by the parent
// alg is the algorithm used to sign, eg x509.PureEd25519
alg := cert.SignatureAlgorithm
err := parent.CheckSignature(alg, cert.RawTBSCertificate, cert.Signature)
if err != nil {
return errors.New("Signature invalid")
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论