【问题标题】:How to decode CSR using pyOpenssl [closed]如何使用 pyOpenssl 解码 CSR [关闭]
【发布时间】:2015-07-30 16:51:40
【问题描述】:

从网页中获取字符串

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIDPzCCAqgCAQAwZDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAmJqMQswCQYDVQQH
EwJiajERMA8GA1UEChMIbXhjei5uZXQxETAPBgNVBAsTCG14Y3oubmV0MRUwEwYD
VQQDEwx3d3cubXhjei5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQ7
an4v6pHRusBA0prMWXMWJCXY1AO1H0X8pvZj96T5GWg++JPCQE9guPgGwlD02U0B
NDoEABeD1fwyKZ+JV5UFiOeSjO5sWrzIupdMI7hf34UaPNxHo6r4bLYEykw/Rnmb
GKnNcD4QlPkypE+mLR4p0bnHZhe3lOlNtgd6NpXbAgMBAAGgggGZMBoGCisGAQQB
gjcNAgMxDBYKNS4yLjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8E
BAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcN
AwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABS
AFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABp
AGMAIABQAHIAbwB2AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQBIKHVhHb9FZdVLV4VZ
9DK4aBSuYY//jlIpvsfMIdHXfAsuan7w7PH87asp1wdb6lD9snvLZix1UGK7VQg6
wUFYNlMqJh1m7ITVvzhjdnx7EzCKkBXSxEom4mwbvSNvzqOKAWsDE0gvHQ9aCSby
NFBQQMoW94LqrG/kuIQtjwVdZA==
-----END NEW CERTIFICATE REQUEST-----

如何将其解码为纯文本,如

Certificate information
Common name: www.xxx.net
Organization:xxx.net
Organizational unit:xxx.net
City/locality:bj
State/province:bj
Country:CN
Signature algorithm:SHA1
Key algorithm:RSA
Key size:1024

我知道有第三方 pyopenssl,但不确定如何处理来自 Web 前端的字符串缓冲区。或者你有什么更好的主意吗?谢谢

【问题讨论】:

    标签: python decoder csr pyopenssl


    【解决方案1】:

    您可以使用OpenSSL.crypto.load_certificate_request() 加载证书,然后从那里访问密钥和主题详细信息,例如

    import OpenSSL.crypto
    from OpenSSL.crypto import load_certificate_request, FILETYPE_PEM
    
    csr = '''-----BEGIN NEW CERTIFICATE REQUEST-----
    MIIDPzCCAqgCAQAwZDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAmJqMQswCQYDVQQH
    EwJiajERMA8GA1UEChMIbXhjei5uZXQxETAPBgNVBAsTCG14Y3oubmV0MRUwEwYD
    VQQDEwx3d3cubXhjei5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQ7
    an4v6pHRusBA0prMWXMWJCXY1AO1H0X8pvZj96T5GWg++JPCQE9guPgGwlD02U0B
    NDoEABeD1fwyKZ+JV5UFiOeSjO5sWrzIupdMI7hf34UaPNxHo6r4bLYEykw/Rnmb
    GKnNcD4QlPkypE+mLR4p0bnHZhe3lOlNtgd6NpXbAgMBAAGgggGZMBoGCisGAQQB
    gjcNAgMxDBYKNS4yLjM3OTAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8E
    BAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcN
    AwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMB
    MIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABS
    AFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABp
    AGMAIABQAHIAbwB2AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQBIKHVhHb9FZdVLV4VZ
    9DK4aBSuYY//jlIpvsfMIdHXfAsuan7w7PH87asp1wdb6lD9snvLZix1UGK7VQg6
    wUFYNlMqJh1m7ITVvzhjdnx7EzCKkBXSxEom4mwbvSNvzqOKAWsDE0gvHQ9aCSby
    NFBQQMoW94LqrG/kuIQtjwVdZA==
    -----END NEW CERTIFICATE REQUEST-----'''
    
    req = load_certificate_request(FILETYPE_PEM, csr)
    key = req.get_pubkey()
    key_type = 'RSA' if key.type() == OpenSSL.crypto.TYPE_RSA else 'DSA'
    subject = req.get_subject()
    components = dict(subject.get_components())
    print "Common name:", components['CN']
    print "Organisation:", components['O']
    print "Orgainistional unit", components['OU']
    print "City/locality:", components['L']
    print "State/province:", components['ST']
    print "Country:", components['C']
    print "Signature algorithm:", '?'
    print "Key algorithm:", key_type
    print "Key size:", key.bits()
    

    很遗憾我不知道如何获取签名算法。

    【讨论】:

    • 是的,这对我有用。谢谢,虽然这里的密钥大小似乎不正确。
    • @kent:很好。我认为密钥大小是正确的,它与openssl req -text <csr.pem 报告的相同,输出Public-Key: (1024 bit)
    • 是的,使用 openssl req 命令密钥大小为 1024 位,而通过 pyopenssl 运行 key.bit,公钥 2048 位。
    • @kent:这很奇怪。 key.bits() 在你的问题中给我 1024 的 CSR。
    • 另见openssl req -textopenssl.org/docs/manmaster/man1/openssl-req.html 上的文档,其中还包括签名算法。
    猜你喜欢
    • 2018-05-24
    • 2017-09-17
    • 2010-09-17
    • 1970-01-01
    • 1970-01-01
    • 2012-02-24
    • 1970-01-01
    • 2020-09-10
    • 2012-06-10
    相关资源
    最近更新 更多