The x.509 standard specifies what information a certificate can contain and explains how to record this information.
X.509 structure includes version number (integer), serial number (integer), signature algorithm (object), issuer (set), validity period (utc_time), subject (set), subject public key (bit_string), subject public key algorithm (object) and signature value (bit_string).
Using ASN. 1 description, we can abstract it into the following structure.
Certificate:: = Sequence {
tbsCertificate TBSCertificate
Signature algorithm identifier,
SignatureValue bit string
}
TBS certificate:: = sequence {
Version [0] Explicit version defaults to v 1,
Serial number certificate serial number,
Signature algorithm identifier,
Name of issuer,
Validity, validity,
Subject name,
subjectPublicKeyInfo subjectPublicKeyInfo,
IssuerUniqueID [1] The implicit unique identifier is optional.
The implicit unique identify of subjectunique [2] is optional,
Extension [3] Explicit extension is optional
}
`
In this experiment, I chose to download the certificate directly from chrome. At this point, we can see that the certificate structure is as follows:
Notes on class structure information
TBS certificate version information certificate uses version integer format, 0-V 1, 1-V2, 2-V3.
TBS certificate serial number Each certificate has a unique integer format of certificate serial number.
When TBS certificate signing algorithm obtains the signature, the algorithm used has the corresponding OID.
The naming rules of TBSCertificate issuer generally adopt X.500 format names.
TBSCertificate generally uses UTC time format, and the timing range is 1950-2049 format: yymmddhhmssz.
The subject name of the certificate used by the TBSCertificate user.
The public key of the certificate owner.
Certificate public key signature algorithm The encryption algorithm of certificate public key has OID corresponding to it.
What is the signature result of the certificate signature value?
Second, the data structure
encoding method
X509 coding method is TLV structure. T is used to record the type of current data, L is used to record the length of current data, and V is used to record the value of current data, where different type values correspond to different data types.
Type data type coding format
0 1 boolean 01; 0 1; French franc /00
When the length of 02Integer is greater than 7f, the results of bitwise OR operation of lengths n and 0x80 are assigned to the first byte of the length.
The 03-bit string is filled with 0 to become a multiple of 8, and the first byte of the value records the number of padding.
04Ectet string 04; Len British unit of pressure
05Nullvalue part is empty, one * * * two bytes.
06 object identifier v1.v2.v3.v4.V5 ... VN (1) Calculate 40*V 1+V2 as the first byte; (2)Vi(I & gt; =3) is expressed as 128, and if one byte is taken for every 128 bit, the highest bit of all bytes except the last byte is1; (3) Arrange in sequence to obtain the part of the value.
19 ascii string13; Len British unit of pressure
23UTCtimeyymmddhhmssZ
24 universal time yyyymmddhhmssZ
48 Sequence Constructor Sequence Sequence Sequence The sequence arrangement of all project codes
Set the code of all items in the constructor collection.
160 is marked as simple type, with type = 80+ tag serial number; For construction type, type = A0+ tag sequence number. The length and value remain the same.
data structure
Class declaration: all use string type to record data, and the specific content of the data has been marked in the comments.