x509 CheckSignature 参数

huangapple go评论167阅读模式
英文:

x509 CheckSignature parameter

问题

在x509库中,有一个名为CheckSignature的函数。我有点困惑应该传递给signed参数什么。它应该是什么?

该函数的定义如下:

func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) (err error)

另外,我想确认一下,如果我使用与证书关联的私钥对某个内容进行签名,那么该签名能通过CheckSignature函数吗?

英文:

In the x509 library, there is a function called CheckSignature. I'm a bit lost as to what to pass into signed. What is it supposed to be?

The function is

func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) (err error)

https://golang.org/src/crypto/x509/x509.go?s=21660:21759#L623

Another thing I want to double is that if I signed something with the private key associated with the certificate, will that signature pass this CheckSignature function?

答案1

得分: 0

signed 看起来是 签名者 的 ASN.1 DER 格式证书。

英文:

signed looks to be the certificate in ASN.1 DER format of the signer.

答案2

得分: 0

你需要使用父证书来检查已发证书上的签名。例如:

// parent 是父 x509.Certificate
// cert 是由父证书签名的证书
// alg 是用于签名的算法,例如 x509.PureEd25519
alg := cert.SignatureAlgorithm
err := parent.CheckSignature(alg, cert.RawTBSCertificate, cert.Signature)
if err != nil {
    return errors.New("签名无效")
}
英文:

You need to use the parent certificate to check the signature on the issued certificate. eg:

// parent is the parent x509.Certificate
// cert is the certificate signed by the parent
// alg is the algorithm used to sign, eg x509.PureEd25519
alg := cert.SignatureAlgorithm
err := parent.CheckSignature(alg, cert.RawTBSCertificate, cert.Signature)
if err != nil {
    return errors.New("Signature invalid")
}

huangapple
  • 本文由 发表于 2015年10月9日 06:22:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/33026915.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定