On Fri, Aug 05, 2011, Erwann ABALEA wrote:
> Bonjour Giordano
>
> Let's start with your example file: example.der.
>
> Extract the contained public key:
> openssl req -pubkey -inform D -in example.der -noout > example.key
>
> Now we'll extract the signature block.
>
> Start by ASN1-parse your file:
> openssl asn1parse -inform D -i -dump -in example.der
>
> You'll see the subject name, public key, extension requests, and the
> signature at the end:
> 318:d=1 hl=3 l= 129 prim: BIT STRING
> 0000 - 00 8f 2c 23 95 d5 70 b6-19 df 20 fb 59 a6 e8 9f ..,#..p...
> .Y...
> 0010 - 5d 59 0b b5 33 69 6b ee-8b 4f 4e f8 1a 4d be 12
> ]Y..3ik..ON..M..
> 0020 - 30 5b 8b 1c bf 3b 09 9b-62 9c 00 a9 47 91 0d 06
> 0[...;..b...G...
> 0030 - a4 3f 6e e7 a4 77 32 f4-ca 09 c7 1a b2 2f e8 62
> .?n..w2....../.b
> 0040 - c7 43 b1 0e a4 fe d6 61-fa 6c 43 81 3e af de a9
> .C.....a.lC.>...
> 0050 - 79 2d 72 b5 3a bc 00 01-59 d3 86 59 45 7a 28 54
> y-r.:...Y..YEz(T
> 0060 - 55 c6 b7 45 c0 22 96 6c-7a b1 a3 b7 f5 3f e2 5f
> U..E.".lz....?._
> 0070 - c9 96 b0 b8 2c 3c dc b8-9b 0b c0 e5 77 41 5a ae
> ....,<......wAZ.
> 0080 - 61 a
>
> You know that the signature starts at offset 318. We need only the raw
> signature, so we'll skip the first 318 bytes, the header (hl=3, so
> skip 3 more bytes), and since it's a bit string, it starts with the
> number of unused bits (expressed in one octet, 00 in this case), you
> must also skip this octet. Finally, you need to skip 318+3+1=322
> bytes:
> dd if=example.der of=example.der.sig bs=1 skip=322
>
Note that you can also dump this using the asn1parse command:
openssl asn1parse -inform DER -noout -in example.der -out example.der.sig \
-strparse 318
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
