一. 前言
前面介绍的公钥密码和数字签名,都无法解决一个问题,那就是判断自己获取的公钥是否期望的,不能确定公钥是否被中间攻击人掉包。所以,证书的作用是用来证明公钥是否合法的。本文介绍的证书就是解决证书的可靠性的技术。
二. 证书的概念和应用场景
1. 概念
证书的全称是公钥证书(Public-Key Certificate,PKC),里面同时还有姓名,组织,邮箱地址等个人信息,并且还有属于此人的公钥,并由认证机构(Certification Authority、Certifying Authority,CA)施加数字签名。只要看到公钥证书,我们就可以知道认证机构认定该公钥属于此人。就如同我们看到某人的驾照,我们就知道该人通过了驾驶考试,因为上面盖有公安局的公章。
2. 证书的应用场景
下面先以一张图介绍证书是怎么应用的,如下:
详细步骤如下:
(1) Bob生成密钥对
要使用公钥密码进行通信,首先需要生成密钥对,Bob生成一对公钥和私钥,并将私钥自己保管,注意:密钥对可以Bob自己生成,也可以由认证机构代为生成。
(2) Bob在认证机构注册自己的公钥
这里,Bob不是直接将公钥发送给Alice,而是发送给认证机构,认证机构在收到Bob的公钥后,需要确认收到的公钥是否为Bob本人所有。
(3) 认证机构用自己的私钥对Bob的公钥施加数字签名并生成证书
认证机构对Bob的公钥加上数字签名,生成数字签名,需要用到认证机构自身的私钥,因此,认证机构也要事先生成密钥对。
(4) Alice得到认证机构的数字签名和Bob的公钥(也就是证书)
Alice需要向Bob发送密文,她会从认证机构获取证书,证书中包含Bob的公钥和机构的数字签名。
(5) Alice使用认证机构的公钥解密数字签名,对比Bob公钥,确认Bob公钥的合法性
Alice使用认证机构的公钥对数字签名进行解密,然后和其中的公钥对比,如果验证一致,则可以认为此公钥确实来自Bob。
(6) Alice用Bob的公钥加密消息并发送给Bob
Alice用Bob的公钥的加密要发送的消息,并将消息发送给Bob。
(7) Bob用自己的私钥解密密文得到Alice的消息
Bob收到Alice的密文,用自己的私钥解密,得到Alice发给自己的消息。
经过上面的步骤,发送者和接收者就实现安全的通信了。
三. 证书的标准规范
证书是由认证机构颁发的,使用者需要对证书进行验证,如果证书的格式不一致就不方便。于是,ITU(International Telecommunication Union,国际电信联盟)和ISO(International Organization for Standardization,国际标准化组织)指定了X.509规范。
X.509证书大致包含:证书序列号、证书颁发者、公钥所有者、SHA-1指纹、MD5指纹、证书ID、有效期(起始时间)、有效期(结束时间)、散列算法、秘钥类型、秘钥ID和秘钥用途。以下是一个完整的自签名证书:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
31:bf:6e:78:d2:51:97:8d:2c:44:e8:41:9c:3e:ed:75:c5:fc:2f:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CN, ST = GuangDong, L = GuangZhou, O = Example Company, OU = IT Department, CN = to_be_better_wen, emailAddress = admin@example.com
Validity
Not Before: Oct 3 03:31:46 2023 GMT
Not After : Oct 2 03:31:46 2024 GMT
Subject: C = CN, ST = GuangDong, L = GuangZhou, O = Example Company, OU = IT Department, CN = to_be_better_wen, emailAddress = admin@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f9:61:05:a4:f3:3c:d2:2f:2c:a2:9d:36:3b:
7f:69:9b:1d:4b:f0:53:7a:5d:66:ef:66:36:f8:3e:
c0:c6:90:c8:1c:13:d7:60:f3:ec:e4:10:a4:e0:3d:
82:6c:68:96:6e:d9:47:61:03:b0:7c:f6:0f:64:bf:
04:07:d8:8d:c1:50:0a:98:85:0b:f1:13:c7:7c:df:
a4:2d:fc:63:1b:f9:71:78:04:50:9e:2d:06:15:53:
01:9b:f3:04:5a:18:9e:65:55:21:82:07:f3:32:2d:
bb:c6:be:b1:af:bf:6a:fe:76:37:1f:64:2f:9c:2e:
35:bf:0c:50:e5:a6:f7:db:59:7e:60:7d:c0:fb:53:
09:f4:4d:f8:8d:87:9a:d3:e9:39:f3:42:67:53:c1:
78:5e:64:cb:12:a4:08:64:97:3f:53:d5:35:d3:84:
f3:b4:ff:ed:a6:b2:9d:24:94:69:ac:ab:f2:b5:cb:
d8:f8:2f:70:3e:eb:df:28:c8:f4:f0:ed:23:92:92:
2c:35:83:42:ac:11:0c:c0:65:b2:c8:51:c2:51:9f:
c8:ab:a6:85:fd:d3:d1:af:90:13:6c:63:fa:8c:40:
73:aa:c5:33:39:c5:32:ea:b0:a3:99:70:25:8e:60:
57:f3:55:70:8a:38:91:3c:9c:07:32:1d:78:88:94:
09:81
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
61:b1:30:02:6d:a5:0a:3a:33:9a:75:c2:9e:66:5f:3a:86:5f:
71:d8:96:e9:8d:71:93:a7:e5:ef:c2:cd:8a:de:3e:ec:b8:5a:
ff:c1:00:10:a0:3e:fe:0a:1a:81:d3:15:1b:ba:63:80:47:30:
53:e7:f5:4b:0a:8e:f3:a1:97:9f:8a:15:ab:02:71:ea:1b:72:
4c:08:98:01:50:f2:e2:aa:51:8e:31:f3:7a:08:b2:fd:f8:f2:
78:f6:04:16:5b:5f:91:90:3c:08:ed:cc:72:6a:bf:67:c5:67:
00:29:9a:36:52:5d:1b:73:0c:cf:9e:c3:56:f1:19:8c:1f:09:
56:ad:69:f9:eb:3a:5c:8c:8e:da:67:b6:0b:2d:a2:c2:d9:fa:
51:b9:d2:d8:94:96:e1:15:18:a6:de:3a:12:01:16:74:87:62:
a7:7a:c3:d1:02:7f:82:f9:43:5b:28:e5:3a:2e:1a:89:f5:b9:
84:13:e9:90:c8:b0:fc:60:21:54:0c:78:9a:76:42:2e:e2:36:
a4:00:26:f9:0e:e2:cb:7e:8a:15:1a:65:b5:ba:f5:fa:41:c1:
55:05:23:1a:67:de:9d:e5:09:5d:20:66:10:3b:c8:15:7a:33:
4e:fb:fb:17:6e:c4:e1:01:ab:62:18:c8:da:09:bb:35:33:ac:
43:85:91:ff
四. openssl实践
这里将介绍使用openssl生成自签名证书的过程,自签名证书表示只是用于自己使用,使用自己的私钥生成即可,而不需要去找认证机构生成的证书。下面是详细步骤:
1. 生成私钥
openssl genrsa -out private.key 2048
这里直接生成了2048比特的私钥。没有对私钥进行加密,如果需要对私钥加密,则要加对称密码算法选项,例如:-aes128,输入命令回车后,会提示输入密码。
2. 创建证书签名申请文件
证书签名申请(Certificate signing request,CSR),该申请包含申请者的公钥和申请者的某些信息,这个文件在正常的情况下,是由申请者自己生成,然后提交给认证机构的,认证机构用这个文件来生成证书。命令如下:
[root@ ca]#openssl req -new -key private.key -out fd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GuangDong
Locality Name (eg, city) []:GuangZhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []:to_be_better_wen
Email Address []:admin@example.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
输完命令回车后,会提示输入一些信息,包括国家,省,市,公司,部门,姓名和邮箱。challenge password和optional company name可以留空。
CSR文件内容如下:
[root@ ca]#cat fd.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0Rvbmcx
......
/xitQdLpj0yvWbFcPwAB8R6lqtR+2e/c1nZaMvHk
-----END CERTIFICATE REQUEST-----
可以看到,CSR文件是以BEGIN CERTIFICATE REQUEST开头,以END CERTIFICATE REQUEST结尾的。
可以使用如下命令查看CSR文件的内容:
[root@ ca]#openssl req -text -in fd.csr -noout
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = CN, ST = GuangDong, L = GuangZhou, O = Example Company, OU = IT Department, CN = to_be_better_wen, emailAddress = admin@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f9:61:05:a4:f3:3c:d2:2f:2c:a2:9d:36:3b:
......
09:81
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
10:69:27:36:0a:14:1f:1b:31:bd:51:de:22:c7:95:c3:30:0f:
......
5a:32:f1:e4
3. 生成自签名证书
使用之前生成的私钥和CSR文件就可以生成自签名证书了,命令如下:
openssl x509 -req -days 365 -in fd.scr -signkey private.key -out fd.crt
x509表示生成x.509格式的证书,-days 365表示证书的有效期为1年,fd.crt则是最终的证书了。
证书的内容如下:
[root@ ca]#cat fd.crt
-----BEGIN CERTIFICATE-----
MIID0TCCArkCFDG/bnjSUZeNLEToQZw+7XXF/C94MA0GCSqGSIb3DQEBCwUAMIGk
......
+/sXbsThAatiGMjaCbs1M6xDhZH/
-----END CERTIFICATE-----
4. 检查证书
由上可知,证书的内容是不可读的,无法直接检查,需要使用命令转化可读,命令如下:
[root@ ca]#openssl x509 -text -in fd.crt -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
31:bf:6e:78:d2:51:97:8d:2c:44:e8:41:9c:3e:ed:75:c5:fc:2f:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CN, ST = GuangDong, L = GuangZhou, O = Example Company, OU = IT Department, CN = to_be_better_wen, emailAddress = admin@example.com
Validity
Not Before: Oct 3 03:31:46 2023 GMT
Not After : Oct 2 03:31:46 2024 GMT
Subject: C = CN, ST = GuangDong, L = GuangZhou, O = Example Company, OU = IT Department, CN = to_be_better_wen, emailAddress = admin@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f9:61:05:a4:f3:3c:d2:2f:2c:a2:9d:36:3b:
......
09:81
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
61:b1:30:02:6d:a5:0a:3a:33:9a:75:c2:9e:66:5f:3a:86:5f:
......
43:85:91:ff
至此,公钥证书就生成完毕了。
5. 从证书中提取公钥
消息的发送者获取到了证书,这时需要从证书中提取公钥,用于加密消息。可以使用如下命令提取公钥:
openssl x509 -in fd.crt -pubkey -noout > public.key
五. 总结
本文介绍了证书的作用:用于证明公钥的合法性。以及介绍了当消息发送者和消息接收者通信前,消息接收者怎么向认证机构(CA)申请证书的大致步骤,最后介绍了使用openssl怎么生成一个自签名证书。
