已经有很多问题,但是问题是,没有一个有足够的答案,尤其是在使用python3时。
基本上,我想阅读JAR/APK证书,如以下:链接到ASN1解码器,Android测试签名键
现在有几种选择:
- pyasn1:似乎有效,但只能解析RAW ASN.1格式
- M2Crypto:仅在PY2上工作
- 奇尔卡特:不自由,尽管Ckcert似乎是免费的
- 密码学:无法加载证书,因为X509证书在PKCS#7集装箱内部
我找到了一种使用PYASN1从PKCS#7消息打开证书的方法,然后使用密码学来读取它:
from pyasn1.codec.der.decoder import decode
from pyasn1.codec.der.encoder import encode
from cryptography import x509
from cryptography.hazmat.backends import default_backend
cdata = open("CERT.RSA", "rb").read()
cert, rest = decode(cdata)
# The cert should be located there
realcert = encode(cert[1][3])
realcert = realcert[2 + (realcert[1] & 0x7F) if realcert[1] & 0x80 > 1 else 2:] # remove the first DER identifier from the front
x509.load_der_x509_certificate(realcert, default_backend())
给出
<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value='US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.8, name=stateOrProvinceName)>, value='California')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.7, name=localityName)>, value='Mountain View')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, value='Android')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, name=organizationalUnitName)>, value='Android')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Android')>, <NameAttribute(oid=<ObjectIdentifier(oid=1.2.840.113549.1.9.1, name=emailAddress)>, value='android@android.com')>])>, ...)>
是否没有其他方法可以清洁和整洁?
现在有库中的库在纯python中执行此操作。一个是Asn1crypto:https://github.com/wbond/asn1crypto#readme这也在Androguard中引起了影响,包括如何使用它的示例:https://androguard.readthedocs.io/en/latest/intro/certificates.html