主页 / 问题 / 1530987
Accepted
eri
Asked:2023-07-17 03:43:03 +0000 UTC2023-07-17 03:43:03 +0000 UTC

将签名合并到一条加密消息中

  • 772

不同的人为同一文件创建了多个签名。如何从多个文件中收集一个文件?也许通过 asn1crypto 或其他什么?

openssl pkcs7 -in q.sig -in w.sig -out all.sig

没有滚。

python

1 个回答

  1. Best Answer

    下面是一个简单的 Python 脚本,它从两个签名构建组合签名:

    """Test of ASN.1 processing of PKCS#7 messages"""
import glob
import asn1tools

print("Processing ASN specification")
asn_files = glob.glob("*.asn")
cms = asn1tools.compile_files(asn_files, codec="der")

id_signedData = "1.2.840.113549.1.7.2"


def parse_signature_as_sigData(fileName):
    with open(fileName, "rb") as sigFile:
        sigBytes = sigFile.read()
    sigMsg = cms.decode("ContentInfo", sigBytes)
    if sigMsg["contentType"] != id_signedData:
        raise ValueError(f"Unsupported content type: {sigMsg['contentType']}")
    # sigMsg["content"] просто бинарная строка, парсер оставляет тип ANY как есть.
    sigData = cms.decode("SignedData", sigMsg["content"])

    return sigData


def sigData_to_CryptoMessage_DER(sigData):
    # Сначала SignedData кодируется в бинарную строку (тип ANY)
    sigDataBytes = cms.encode("SignedData", sigData)
    # Полное сообщение состоит из идентификатора контента и контента в виде двоичной строки
    msg = {"contentType": id_signedData, "content": sigDataBytes}
    return cms.encode("ContentInfo", msg)


print("Loading sig1.der")
sig1 = parse_signature_as_sigData("sig1.der")
print("Loading sig2.der")
sig2 = parse_signature_as_sigData("sig2.der")

# поле crls необязательное в SignedData
if not "crls" in sig1:
    sig1["crls"] = []
if not "crls" in sig2:
    sig2["crls"] = []

print("Combining the signatures")
sig1["certificates"] += sig2["certificates"]
sig1["crls"] += sig2["crls"]
sig1["signerInfos"] += sig2["signerInfos"]

print("Writing the combined signature to both.der")
der = sigData_to_CryptoMessage_DER(sig1)
with open("both.der", "wb") as file:
    file.write(der)

print("Done")

    完整版本,包含必要的 ASN 规范、证书和密钥、文件lorem.md、签名文件: https://github.com/pakuula/StackOverflow/tree/main/python/1530987

    编解码器是根据规范构建的

    asn_files = glob.glob("*.asn")
cms = asn1tools.compile_files(asn_files, codec="der")

    我稍微归档了这份规范,以免asn1tools他们落入其中。

    此外,一切都很简单。文件被解析为SignedData

    sig1 = parse_signature_as_sigData("sig1.der")
sig2 = parse_signature_as_sigData("sig2.der")

    标签字段已合并

    # поле crls необязательное в SignedData
if not "crls" in sig1:
    sig1["crls"] = []
if not "crls" in sig2:
    sig2["crls"] = []

sig1["certificates"] += sig2["certificates"]
sig1["crls"] += sig2["crls"]
sig1["signerInfos"] += sig2["signerInfos"]

    合并的签名保存到文件中

    der = sigData_to_CryptoMessage_DER(sig1)
with open("both.der", "wb") as file:
    file.write(der)
    • 1

相关问题