verify_data = b'MIIEEwYJKoZIhvcNAQcCoIIEBDCCBAACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3\nDQEHAaCCAgcwggIDMIIBbAIJAKBFD8eF/nAAMA0GCSqGSIb3DQEBCwUAMEYxCzAJ\nBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRAwDgYDVQQLDAdtaXRzb2dv\nMRAwDgYDVQQDDAdoZXhub2RlMB4XDTIxMDgyMDEzNTExMVoXDTIyMDgyMDEzNTEx\nMVowRjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAsM\nB21pdHNvZ28xEDAOBgNVBAMMB2hleG5vZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A\nMIGJAoGBAM/ID0YIWOtgokdkFI+DO0AAtHiN+Q+LIvBI8yD3wn/IpFIBo0erDiU+\n9NQDoeMgzphjVB2hW2iN9X6P9WtcFpk4jPtemUnDys8/d+xkwEFijayQ8slURWrE\nAZFzgdDg2a0b0SGZswuvHieWrTBl4btlMIAKU8ou8GNa4/U5q2jRAgMBAAEwDQYJ\nKoZIhvcNAQELBQADgYEAxzXFTxuk9CZajH77QjzsoYfOFiRLnjaoIohU+EMausw8\nmr5hPyDI5LsupzJmcZqAPQF8g8lSKS3p8xhqNC/FheH6WRZY2xTsn8CJ0/aMI7NF\n/dJ3FBnAXXDKa+/aJs53DbBqzLPNY/doADIOgWjzNwWHWmGLLsqylCkLdTc+Z7cx\nggHUMIIB0AIBATBTMEYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\nMRAwDgYDVQQLDAdtaXRzb2dvMRAwDgYDVQQDDAdoZXhub2RlAgkAoEUPx4X+cAAw\nCQYFKw4DAhoFAKCB2DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3\nDQEJBTEPFw0yMTA4MjQwODEzNTNaMCMGCSqGSIb3DQEJBDEWBBRiGrGGHTSM6iOJ\nxg0H89PGLgTRKjB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgB\nZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN\nBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B\nAQEFAASBgLQbhQ0BiI48ng75tDc4sc7lblj9cNwG0sUUbONF07olqgfO3FHt3It6\nhIu6UBoqj4cis3TYEkDglkvr0PCql5XUabvcrERwQvz9Ou987Fp4PvBK3b3gHebK\nKhWAgLyDMCKYf16bDvpAJTtqr/jG6sH7NK0a4wxiLu8yb2ZFnijs'
这是我要反序列化的数据。我正在尝试从签名内容中获取数据。
from M2Crypto import SMIME, X509, BIO
s = SMIME.SMIME()
sig = b"""
-----BEGIN PKCS7-----
%s
-----END PKCS7-----
""" % verify_data
buf = BIO.MemoryBuffer(sig)
p7 = SMIME.load_pkcs7_bio(buf)
sk = X509.X509_Stack()
signers = p7.get0_signers(sk)
signer = signers[0]
sk.push(signer)
s.set_x509_stack(sk)
stor = X509.X509_Store()
stor.add_cert(signer)
s.set_x509_store(stor)
v = s.verify(p7, flags=SMIME.PKCS7_NOVERIFY)
我收到这个错误
M2Crypto.SMIME.PKCS7_Error: 没有内容
确实没有内容。
$ openssl asn1parse <68904580.p7 -i
0:d=0 hl=4 l=1043 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1028 cons: cont [ 0 ]
19:d=2 hl=4 l=1024 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 11 cons: SET
28:d=4 hl=2 l= 9 cons: SEQUENCE
30:d=5 hl=2 l= 5 prim: OBJECT :sha1
37:d=5 hl=2 l= 0 prim: NULL
39:d=3 hl=2 l= 11 cons: SEQUENCE
41:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
52:d=3 hl=4 l= 519 cons: cont [ 0 ]
[snip cert]
575:d=3 hl=4 l= 468 cons: SET
579:d=4 hl=4 l= 464 cons: SEQUENCE
[snip signerinfo]
如您所见,ContentInfo39 处仅包含 contentType OID,而不包含 ASN.1-ly OPTIONAL 内容。这就是 PKCS7 所称的外部签名,现在通常称为分离签名——也就是说,与所应用的数据分开传输和/或存储的签名。由于数据不在带有签名的消息中,为了验证签名,必须从其他地方提供数据,在 OpenSSL 中,这是一个 BIO。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句