HTTPS数字证书与验证

数字证书作用
我们知道HTTPS比HTTP安全,它的安全在于通信过程被加密。然而加密算法是用对称加密,也就是说,客户端和服务端采用一个相同的密钥。为了让双方得到这个密钥,前期就有一个很重要的工作:协商密钥。
现在我们简单模拟一下通信过程:

客户端:hi,我准备跟你(xx.com)建立HTTPS通信。
服务端:好的,我就是xx.com,这是我的证书,你验证一下。
客户端:验证通过了,你的确是xx.com,我把密钥发给你,下面的通信咱们就加密了。
服务端:s&&(*3u247(
客户端:(&DY&#%%&#
上述只是简化后的过程, 我们可以看到协商密钥中有一个很重要的步骤:服务端要证明自己是xx.com。如何证明?证书+链式验证!

数字证书内容

执行以下的命令可以看到一个网站的证书内容(以www.baidu.com为例):

true |  openssl s_client -connect www.baidu.com:443 -servername www.baidu.com -showcerts | openssl x509 -text -noout

输出内容:

depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
verify return:1
DONE
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ee:19:3c:18:82:78:ea:3e:43:75:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
        Validity
            Not Before: May  9 01:22:02 2019 GMT
            Not After : Jun 25 05:31:02 2020 GMT
        Subject: C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:c6:bf:da:53:20:0f:ea:40:f3:b8:52:17:66:
                    3b:36:01:8d:12:b4:99:0d:d3:9b:6c:18:53:b1:19:
                    08:b0:fa:73:47:3e:0d:3a:79:62:78:61:2e:54:3c:
                    49:7c:56:da:c0:be:61:55:d5:42:70:6a:10:be:f5:
                    bd:8d:64:96:21:00:93:63:09:87:b7:19:ba:0e:20:
                    3e:49:c8:53:ed:02:8f:46:01:eb:a1:07:93:73:bb:
                    ed:f1:b3:c9:e2:fb:dd:f0:39:2a:83:ad:f4:41:98:
                    bc:86:ea:ba:74:a8:a6:e3:d0:e5:c5:8e:b3:0b:b2:
                    d2:ac:91:74:0e:ff:80:10:23:36:62:65:08:b4:87:
                    f5:57:0c:25:c7:00:d8:f5:a8:5d:b8:33:41:a7:2a:
                    5f:db:fa:70:9e:21:bb:ae:42:16:66:07:69:fe:1c:
                    26:2a:81:0f:ab:73:e3:d6:52:20:a4:6d:a8:6c:d4:
                    66:48:a4:6f:f2:68:0a:c5:65:a1:4e:bf:04:7a:40:
                    43:1c:d3:75:fb:75:ac:19:d6:4a:35:05:6e:cf:d5:
                    65:d1:44:ca:6b:0c:58:04:c4:85:4f:1f:be:2c:32:
                    d1:f1:c6:28:fb:f9:26:36:b5:6d:fa:cb:96:a2:a0:
                    d0:bc:f8:51:df:07:44:bd:8f:6f:67:c0:d4:af:d9:
                    cd:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            Authority Information Access:
                CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
                OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g2

            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.4146.1.20
                  CPS: https://www.globalsign.com/repository/
                Policy: 2.23.140.1.2.2

            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

            X509v3 Subject Alternative Name:
                DNS:baidu.com, DNS:click.hm.baidu.com, DNS:cm.pos.baidu.com, DNS:log.hm.baidu.com, DNS:update.pan.baidu.com, DNS:wn.pos.baidu.com, DNS:*.91.com, DNS:*.aipage.cn, DNS:*.aipage.com, DNS:*.apollo.auto, DNS:*.baidu.com, DNS:*.baidubce.com, DNS:*.baiducontent.com, DNS:*.baidupcs.com, DNS:*.baidustatic.com, DNS:*.baifae.com, DNS:*.baifubao.com, DNS:*.bce.baidu.com, DNS:*.bcehost.com, DNS:*.bdimg.com, DNS:*.bdstatic.com, DNS:*.bdtjrcv.com, DNS:*.bj.baidubce.com, DNS:*.chuanke.com, DNS:*.dlnel.com, DNS:*.dlnel.org, DNS:*.dueros.baidu.com, DNS:*.eyun.baidu.com, DNS:*.fanyi.baidu.com, DNS:*.gz.baidubce.com, DNS:*.hao123.baidu.com, DNS:*.hao123.com, DNS:*.hao222.com, DNS:*.im.baidu.com, DNS:*.map.baidu.com, DNS:*.mbd.baidu.com, DNS:*.mipcdn.com, DNS:*.news.baidu.com, DNS:*.nuomi.com, DNS:*.safe.baidu.com, DNS:*.smartapps.cn, DNS:*.ssl2.duapps.com, DNS:*.su.baidu.com, DNS:*.trustgo.com, DNS:*.xueshu.baidu.com, DNS:apollo.auto, DNS:baifae.com, DNS:baifubao.com, DNS:dwz.cn, DNS:mct.y.nuomi.com, DNS:www.baidu.cn, DNS:www.baidu.com.cn
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Key Identifier:
                76:B5:E6:D6:49:F8:F8:36:EA:75:A9:6D:5E:4D:55:5B:37:5C:FD:C7
            X509v3 Authority Key Identifier:
                keyid:96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C

            1.3.6.1.4.1.11129.2.4.2:
                ......v.......q...#...{G8W.
.R....d6.......j.........G0E. ,{M...G.-
.y;...f....X.#6......!.!../... .}._.....s..T.3A..j....i+k.v.oSv.1.1.....Q..w.......).....7.....j...O.....G0E. .2h.9.._.a...io(D...<....~.&_ ...!...b...D2...E.U.,6.).D.4\.|5W1...
    Signature Algorithm: sha256WithRSAEncryption
         aa:b9:cd:52:8e:dc:36:5d:47:d4:8b:f3:32:17:06:46:83:60:
         a3:27:05:49:29:b1:1b:46:6e:38:fe:93:fe:09:43:6c:d2:a1:
         58:24:12:42:b7:ab:41:f8:47:0a:7d:64:b5:75:dc:5a:45:14:
         b2:a4:18:6b:9c:b7:3b:8f:b3:7e:d2:bd:c0:72:4b:35:05:ae:
         0d:2d:19:1f:50:73:72:5a:df:97:18:3b:db:2a:f3:de:44:ce:
         64:2d:c1:1e:84:cc:76:24:3e:30:67:23:26:e8:4f:f7:0b:f6:
         ec:69:d7:7f:51:a9:a0:6f:b8:c4:14:e2:c0:4a:4a:c4:00:5d:
         57:6a:c9:41:c4:25:2b:32:18:aa:62:a8:1e:49:81:73:1c:81:
         5f:5e:fa:e4:94:32:c3:50:6d:8e:aa:cc:6c:4c:53:0c:fa:8f:
         4e:34:79:9f:a5:60:c0:f8:50:75:b8:a1:9d:01:e6:ab:25:23:
         0c:3b:24:02:40:58:24:ff:34:02:8b:94:61:10:68:2f:b6:80:
         e3:d0:5f:4a:0a:a7:02:d2:c0:98:3e:1d:e8:02:c8:27:71:26:
         b2:a8:87:b6:db:9d:10:47:4b:c2:13:62:34:c6:d0:3c:39:09:
         39:25:8f:fe:a2:f4:f3:fb:df:9b:27:3d:fc:d0:28:e8:6d:dc:
         dd:17:d3:1f

数字证书,没有很复杂的内容,它包括以下几样东西:

  • 公钥:Public-Key
  • 签名:Signature
  • 签名算法: Signature Algorithm: sha256WithRSAEncryption
  • 证书颁布机构:Issuer
  • 过期时间:Validity
  • 其他…

1~5是较为重要,其他的,例如一些扩展属性SAN,稍作了解即可。

数字证书如何验证

平时我们写代码的时候为了验证请求的合法性,一般会用md5来算出一个sign值,该sign值伴随请求一同发送给服务端。服务端用相同的key,md5算出sign,比对是否一致。例如:

//客户端签名
sign = md5(content + key)
 
//服务端校验签名
md5_Sign ?= md5(content + key)

HTTPS的证书校验其实差不多,只不过算法比md5稍微复杂一点。
具体签名算法在证书里都会明确标明,例如baidu的证书就是用 Signature Algorithm: sha256WithRSAEncryption签名。需要注意的是,不同证书颁发的时候会有不同的签名算法,有些老证书仍采用sha128。
sha256WithRSAEncryption大体是这样的:

//签名
sign = RSA_Encrypt(sha256(content), privateKey)
 
//校验签名
sha256_Content =  RSA_Decrypt(sign, publicKey)
sha256_Content ?= sha256(content)

在非对称加密体系中,私钥用来签名,公钥用来校验签名。
到了HTTPS场景,A给B颁发证书,意味着这证书是用A的私钥签名,以后必须用A的公钥来校验。
那A的公钥哪来?答案就是从A的证书里获得。问题又来了,我得验证一下A的证书才能用它的公钥,对吧?假设A的证书是X颁发的,那就用X的公钥验证。
同样,我们要验证X的证书,又需要Y的公钥…
如此循环下来就成了一条所谓的证书链。循环必须有出口,出口就是系统安装的根证书,安装在系统的根证书是永远信任的,也就是说,可以拿它的公钥来验证下一级的证书,下一级又验证下下一级,如下图:

证书链说白了就是一个”找别人证明自己”的过程:

A:我是A,不信你可以问下B,B给我做担保;
B:我是B,不信你找下X,它能证明我是B;
X:我是X,不信你找下Y,它能证明我是X;
Y:我是Y,不信你找下ROOT,它能证明我是Y;
ROOT:哎呀,我们是认识的啊,那就好办了,Y是真的…

ROOT必须可靠可信任,如果ROOT是伪造的,那么ABXY它们的话都不可信。

所以以前有些网站(例如12306)让用户添加根证书是很不负责任的,大家警惕。
以下是一个完整的证书链验证,执行命令:

true |  openssl s_client -connect www.baidu.com:443 -servername www.baidu.com -showcerts | openssl x509 -text -noout

depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
verify return:1
DONE

可以看到证书链有3层(一般也就只有3层),分别是*.baidu.com、GlobalSign Organization Validation CA和GlobalSign Root CA。

第0层,验证*.baidu.com,需要找GlobalSign Organization Validation CA这个证书;

第1层,验证GlobalSign Organization Validation CA,需要找GlobalSign Root CA这个证书;

第2层,验证GlobalSign Root CA,它是一个根证书,而且在客户端的信任列表里,所以通过验证,验证结果“verify return:1”;

发表评论

电子邮件地址不会被公开。 必填项已用*标注