GB35114---聊聊SM2签名格式
公司原計劃是年后讓我直接去公安一所過35114的認證,但是突發疫情,導致上班時間一推再推,最后也只能遠程用升級包的方式給檢測員進行認證。
前幾次的嘗試,服務器一直回復401,讓我百思不得其解,甚至開始讓我產生對算法的懷疑。現在回過頭來看,其實SM2簽名格式不理解是導致一直驗簽失敗的主要原因。
按照國密的規范,SM2簽名結果r||s長度應該是(r:32字節)+(s:32字節)64字節,就算加個04頭字節,也是65個字節。但是,我參考網上有限的資料發現sign1簽名MEQCIC24h6tnaKcOnxNZe93rtLFrKEqM9R3yG8/Ba2+tyE+3AiBTG46yfxJziYDlaH1WZjrCfRloIuMnfx5oyEVuwgbV0A==長度為96字節,這一看就是base64加密數據,源簽名長度96/4*3=72字節。
SM2簽名結果長度為64字節,為什么出來的是72字節?我咨詢過好幾個過35114的博客主,回復都是,我們是硬加密。/(ㄒoㄒ)/~~
其實,SM2簽名結果數據是要經過asn.1(der格式)編碼的。
編碼結果長度在70-72變化。
我們來看openssl內通過
int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
函數來進行對ECDSA_SIG格式與asn.1編碼相互轉化的。
最后附上注冊數據包
REGISTER sip:34020000002000000001@192.168.1.81:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.198:5060;rport;branch=z9hG4bKPjxp5SsGzh.j3U8MYfe.5RmOV-H483DWnt Max-Forwards: 70 From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81> Call-ID: 151959520 CSeq: 1 REGISTER Expires: 3600 Authorization: Capability algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2",keyversion="1970-8-16T19:54:35" Contact: <sip:34020000001320000001@192.168.1.198:5060> Content-Length: 0SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 192.168.1.198:5060;rport=5060;branch=z9hG4bKPjxp5SsGzh.j3U8MYfe.5RmOV-H483DWnt From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81>;tag=894209716 Call-ID: 151959520 CSeq: 1 REGISTER User-Agent: eXosip/4.1.0 Expires: 3600 Date: 2020-03-09T15:24:47.054 WWW-Authenticate: Bidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2", random1="iqxeFEd+zXOwlgxERVI6RQ==" Content-Length: 0REGISTER sip:34020000002000000001@192.168.1.81:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.198:5060;rport;branch=z9hG4bKPj4BWBr8Ul2sCtikHC6SUB4UqMzghmUY5q Max-Forwards: 70 From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81>;tag=894209716 Call-ID: 151959520 CSeq: 2 REGISTER Contact: <sip:34020000001320000001@192.168.1.198:5060> Expires: 3600 Authorization: Bidirection random1="iqxeFEd+zXOwlgxERVI6RQ==",random2="skFXTJAlP98cbUkeeCSx7w==",serverid="34020000002000000001",sign1="MEQCIC24h6tnaKcOnxNZe93rtLFrKEqM9R3yG8/Ba2+tyE+3AiBTG46yfxJziYDlaH1WZjrCfRloIuMnfx5oyEVuwgbV0A==",algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2" Content-Length: 0SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.198:5060;rport=5060;branch=z9hG4bKPj4BWBr8Ul2sCtikHC6SUB4UqMzghmUY5q From: <sip:34020000001320000001@192.168.1.81>;tag=vRq11dVmXG7i5AqD26oyX.mQM-tjGsLT To: <sip:34020000001320000001@192.168.1.81>;tag=894209716 Call-ID: 151959520 CSeq: 2 REGISTER User-Agent: eXosip/4.1.0 Expires: 3600 Date: 2020-03-09T15:24:47.267 SecurityInfo: Bidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2",random1="iqxeFEd+zXOwlgxERVI6RQ==",random2="skFXTJAlP98cbUkeeCSx7w==",deviceid="34020000001320000001",cryptkey="MHoCIQC8G0MLIbZfce7F2voDAN+FCpJf/oY/2SRPCJRos1i4NQIhAJq2pNkZBF4Zrvt9Pq9UaWstOYRANhBZ0PHj5XkkzxFRBCCrEsniIp5VqgY1b9wHspo2kmjZFhvN7ctrN5gex9SyUQQQeoRLl5cPoCPf0Z5oNeflGw==",sign2="MEUCIG3sSFbbCXelzhNxrTsZsHYdJv2Oy0WHHKTJpksxJVvxAiEA6ADKoX970RmZS+5NTaMiUsg0S4H3uaqO+Jy1tKvSIaQ=" Content-Length: 0有錯誤請留言,謝謝
---bob? 2020/3/17
總結
以上是生活随笔為你收集整理的GB35114---聊聊SM2签名格式的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 国土空间基础信息平台与时空大数据平台的区
- 下一篇: Delphi开发Android用虚拟摇杆