I'm working on project that involves reading public key data used to sign Android APKs. I am able to successfully extract the signatures as public keys. When I look inside the binary pubkey files produced by this, I see some plain-text such as a name and a city.
我正在做一个项目,包括阅读用于签署Android apk的公开密钥数据。我能够成功地提取签名作为公钥。当我查看由它生成的二进制pubkey文件时,我看到一些明文,比如名称和城市。
How can I safely extract this name/city information embedded inside the public key using PHP (or even Java or C#)? And hopefully do it in such a way that I know exactly what these fields are (i.e. not blindly grabbing text, but knowing which string is a city and which is a name)
如何使用PHP(甚至Java或c#)安全地提取嵌入到公钥中的名称/城市信息?希望我能准确地知道这些字段是什么(例如,不要盲目地抓取文本,而是知道哪个字符串是一个城市,哪个是名字)
For clarification: I don't have the private key or a certificate file. I'm currently not interested in signing or encrypting anything, I would just like to extract the plaintext inside the pubkey without using kludgy approaches like regex.
澄清一下:我没有私钥或证书文件。我目前对签名或加密没有兴趣,我只想在pubkey中提取明文,而不使用像regex这样的笨拙方法。
Update: Here's a sample (base64-encoded) public key from one of my APKs
更新:这是我的一个APKs的一个示例(base64编码)公钥
MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg==
3 个解决方案
#1
3
The string you put in is a base 64 encoded x509 certificate, not simply a public key.
您输入的字符串是一个base 64编码的x509证书,而不仅仅是一个公钥。
You'll need to parse the Distinguished Name fields to get the desired info.
您需要解析专有名称字段以获得所需的信息。
Here's a C# example:
这是一个c#的例子:
using System;
using System.Security.Cryptography.X509Certificates;
namespace Sample
{
class Program
{
static void Main(string[] args)
{
string base64EncodedX509 =
"MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg==";
var rawBytes = Convert.FromBase64String(base64EncodedX509);
X509Certificate cert = new X509Certificate(rawBytes);
// Parse the distinguished name to get your desired fields
Console.WriteLine(cert.Subject); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US
Console.WriteLine(cert.Issuer); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US
}
}
}
#2
1
The "binary pubkey files produced by this" is an X.509 certificate.
“这个生成的二进制pubkey文件”是一个X.509证书。
Just about any platform has support for reading X.509 certificates, and creating a structure from them, from which you can reliably extract the "subject name," and often extended information that includes an email address or host name.
几乎所有平台都支持读取X.509证书,并从中创建一个结构,您可以从其中可靠地提取“主题名”,以及通常包含电子邮件地址或主机名的扩展信息。
For example, if you have OpenSSL installed, use the following command:
例如,如果您已经安装了OpenSSL,请使用以下命令:
openssl x509 -text -noout -inform der -in <yourfilehere>
You can extract specific fields with additional options. For example, adding -subject yields:
您可以使用其他选项提取特定字段。例如,增加-subject收益率:
subject= /C=US/ST=RI/L=Narragansett/CN=Colin O'Dell
主题/圣= = / C =我们RI / L = Colin O 'Dell纳拉甘塞特人/ CN =
#3
0
In php, I am not sure but maybe this function could be your friend. There is a whole section of ssl related functions that could come in handy if you are playing with certificates.
在php中,我不确定,但是这个函数可能是您的朋友。如果您正在使用证书,可以使用一整套与ssl相关的函数。
#1
3
The string you put in is a base 64 encoded x509 certificate, not simply a public key.
您输入的字符串是一个base 64编码的x509证书,而不仅仅是一个公钥。
You'll need to parse the Distinguished Name fields to get the desired info.
您需要解析专有名称字段以获得所需的信息。
Here's a C# example:
这是一个c#的例子:
using System;
using System.Security.Cryptography.X509Certificates;
namespace Sample
{
class Program
{
static void Main(string[] args)
{
string base64EncodedX509 =
"MIICBzCCAXCgAwIBAgIES6KlazANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCUkkxFTATBgNVBAcTDE5hcnJhZ2Fuc2V0dDEVMBMGA1UEAxMMQ29saW4gTydEZWxsMB4XDTEwMDMxODIyMTI1OVoXDTQ1MDMwOTIyMTI1OVowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlJJMRUwEwYDVQQHEwxOYXJyYWdhbnNldHQxFTATBgNVBAMTDENvbGluIE8nRGVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmPetcBW+ITURXY0LsI2ZfgM3R7K2kwicgpd0W+BYAXQBh76SXyN9MYvtfnUY3SNz37FW/lDQgAO3pbhEFqGwfADh2ctXlYmlE9DtcRQw0ojGVPIDlWBX+9IUxyL/89CPaN84R/1lvdosco4V0BqQYR300S9ZwmwFA2Vh9hSUZmsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBezKu4G11Z68NTPIBro8xsnbkdYxObzW7BsSr6t9MS5x6EQVs75R/nnKrsMcQ+9ImdT940jhQgZT3ZrYla5VhdbelxnLhBVbJfBdipV3Hv2bG7MnXzFqHYwQqYp+UrP8zWm1YHQf5I/P9VBjlkgwFyNKr0TxP4t/qS08oGX2wvZg==";
var rawBytes = Convert.FromBase64String(base64EncodedX509);
X509Certificate cert = new X509Certificate(rawBytes);
// Parse the distinguished name to get your desired fields
Console.WriteLine(cert.Subject); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US
Console.WriteLine(cert.Issuer); // writes CN=Colin O'Dell, L=Narragansett, S=RI, C=US
}
}
}
#2
1
The "binary pubkey files produced by this" is an X.509 certificate.
“这个生成的二进制pubkey文件”是一个X.509证书。
Just about any platform has support for reading X.509 certificates, and creating a structure from them, from which you can reliably extract the "subject name," and often extended information that includes an email address or host name.
几乎所有平台都支持读取X.509证书,并从中创建一个结构,您可以从其中可靠地提取“主题名”,以及通常包含电子邮件地址或主机名的扩展信息。
For example, if you have OpenSSL installed, use the following command:
例如,如果您已经安装了OpenSSL,请使用以下命令:
openssl x509 -text -noout -inform der -in <yourfilehere>
You can extract specific fields with additional options. For example, adding -subject yields:
您可以使用其他选项提取特定字段。例如,增加-subject收益率:
subject= /C=US/ST=RI/L=Narragansett/CN=Colin O'Dell
主题/圣= = / C =我们RI / L = Colin O 'Dell纳拉甘塞特人/ CN =
#3
0
In php, I am not sure but maybe this function could be your friend. There is a whole section of ssl related functions that could come in handy if you are playing with certificates.
在php中,我不确定,但是这个函数可能是您的朋友。如果您正在使用证书,可以使用一整套与ssl相关的函数。