I create a self signed certificate using BP cryptography tool now I want to verify its signature manually without using openssl. Can anyone give me the example of a self signed certificate and how to calculate the signature of certificate?
Asked
Active
Viewed 71 times
1 Answers
0
I assume you are talking about X.509 certificates, not e.g. some flavour of CV certificates.
According to RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:
4.1. Basic Certificate Fields
The X.509 v3 certificate basic syntax is as follows. For signature calculation, the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER) [X.690]. ASN.1 DER encoding is a tag, length, value encoding system for each element.
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
...
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
Concerning your task:
I want to verify its signature manually
All you have to do is use an ASN.1 parser to get the three top level elements of the certificate (the to-be-signed certificate part tbsCertificate, the algorithm identifier signatureAlgorithm, and the signature bytes signatureValue) and check, whether the signature value indeed signs the tbsCertificate.
As your certificate is self-signed, you have to check against the subjectPublicKey inside the tbsCertificate.
