如何从 tls 获取 SubjectKeyId。证书?
我正在使用MDNS,并且需要宣布带有MDNS记录的主题KeyId。SKI 是 x509 证书的一部分,但无法从最终的 TLS 证书中读取:
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatal(err)
}
template := x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
Organization: []string{"Acme Co"},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 180),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
}
tlsCert := tls.Certificate{
Certificate: [][]byte{derBytes},
PrivateKey: priv,
}
如何从结果中提取或生成SKI?tls.Certificate
慕姐82654341回答
-
catspeake
您必须自己构建它并将其作为证书模板提供。SubjectKeyIdRFC 5280 第 4.2.1.2 节建议了几种生成主题密钥标识符的潜在方法。最受欢迎的是只获取公钥的ASN.1编码的SHA1哈希。例如,如果 是 ,则可以执行以下操作:pub*rsa.PublicKeykeyBytes := x509.MarshalPKCS1PublicKey(pub) keyHash := sha1.Sum(keyBytes) ski := keyHash[:],然后在调用 之前将证书模板的字段设置为 。SubjectKeyIdskix509.CreateCertificate
随时随地看视频慕课网APP
相关分类
Go