X.509 证书定义

概念

• 证书撤销列表 certificate revocation list (CRL)
• 证书颁发机构 certification authority (CA)
• 注册机构 registration authority (RA)
• 公用密钥基础设施 Public Key Infrastructure (PKI)

编码

• DER X.509依赖于的唯一编码规则（distinguished encoding rules,DER）是BER的子集
• PEM 基于DER编码后内容使用BASE64编码且带头带尾的特定格式

证书相关文件后缀

• PEM
• CER
• CRT

证书字段

 Certificate  ::=  SEQUENCE  {tbsCertificate       TBSCertificate,signatureAlgorithm   AlgorithmIdentifier,signatureValue       BIT STRING  }

TBSCertificate

TBSCertificate  ::=  SEQUENCE  {version         [0]  EXPLICIT Version DEFAULT v1,serialNumber         CertificateSerialNumber,signature            AlgorithmIdentifier,issuer               Name,validity             Validity,subject              Name,subjectPublicKeyInfo SubjectPublicKeyInfo,issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,-- If present, version MUST be v2 or v3subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,-- If present, version MUST be v2 or v3extensions      [3]  EXPLICIT Extensions OPTIONAL-- If present, version MUST be v3}

Version

Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }

CertificateSerialNumber

CertificateSerialNumber  ::=  INTEGER

AlgorithmIdentifier

AlgorithmIdentifier  ::=  SEQUENCE  {algorithm               OBJECT IDENTIFIER,parameters              ANY DEFINED BY algorithm OPTIONAL  }

Name

 Name ::= CHOICE { -- only one possibility for now --rdnSequence  RDNSequence }RDNSequence ::= SEQUENCE OF RelativeDistinguishedNameRelativeDistinguishedName ::=SET SIZE (1..MAX) OF AttributeTypeAndValueAttributeTypeAndValue ::= SEQUENCE {type     AttributeType,value    AttributeValue }AttributeType ::= OBJECT IDENTIFIERAttributeValue ::= ANY -- DEFINED BY AttributeTypeDirectoryString ::= CHOICE {teletexString           TeletexString (SIZE (1..MAX)),printableString         PrintableString (SIZE (1..MAX)),universalString         UniversalString (SIZE (1..MAX)),utf8String              UTF8String (SIZE (1..MAX)),bmpString               BMPString (SIZE (1..MAX)) }

Validity

Validity ::= SEQUENCE {notBefore      Time,notAfter       Time }

Time

Time ::= CHOICE {utcTime        UTCTime,generalTime    GeneralizedTime }

UniqueIdentifier

UniqueIdentifier  ::=  BIT STRING

SubjectPublicKeyInfo

SubjectPublicKeyInfo  ::=  SEQUENCE  {algorithm            AlgorithmIdentifier,subjectPublicKey     BIT STRING  }

Extensions

Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

Extension

Extension  ::=  SEQUENCE  {extnID      OBJECT IDENTIFIER,critical    BOOLEAN DEFAULT FALSE,extnValue   OCTET STRING-- contains the DER encoding of an ASN.1 value-- corresponding to the extension type identified-- by extnID}

参考资料

https://datatracker.ietf.org/doc/html/rfc5280#ref-X.690
https://www.cnblogs.com/NathanYang/p/9951282.html
https://www.cnblogs.com/20175211lyz/p/12722360.html

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！