这是我的土耳其护照(mypassport.p7b)中安全对象的pkcs7表示形式:
-----BEGIN pkcs7-----
MIIHxAYJKoZIhvcNAQcCoIIHtTCCB7ECAQMxDTALBglghkgBZQMEAgMwggHSBgZn
gQgBAQGgggHGBIIBwjCCAb4CAQAwCwYJYIZIAWUDBAIDMIIBqjBFAgEBBECUjNBV
LI6VIVRJlGi/nfRJy2ZxE2ZFr6nszhZFkPpNp6lrWghK0rKzNGrQV+oelg4fYh2M
M5xg465lR3xeltFKMEUCAQIEQCmQTVg4sscFW5RV5WTzqowoFPueYR9i464/gt/Q
WqgEWrSMpdAZ1SlA7Vu2Sg5r9cW0knnlpC7IMr2NXwndzrMwRQIBAwRAmWnqyw4c
VJGNgyHV26vnmLwO2kBNKU0aUV4zycUXMSRB/c15oFccTUmnnL15BWCSx28zVhm3
Rm/dwqjEjbi6tzBFAgELBECrfb8ZMrnpiFSkn1Gr395iD2TztXtNgGrkvHTVJS3b
me5IdgJANl84JOv4Lw0v7IMKrGPMfGbR76gjHD+oX+KiMEUCAQwEQDdfHYx8ghkU
4J+PyD05cK+xiyokUFwDsrJN25sIFiZg6kgFvPaZQTAr7nzIdFOoHHksbXHA+At9
oetVv5bEB2wwRQIBDgRAYaWTO2ohr0aELiynma8FO7VGjBP/CfPixp9MWkmkDMAI
NLl96bvimqOcF1TGkNyKJawSIiF008PXsSRhimupiKCCA/UwggPxMIIDVKADAgEC
AgkTiUmaAhPhXDAwCgYIKoZIzj0EAwQwgaIxCzAJBgNVBAYTAlRSMTAwLgYDVqqK
DCdSZXB1YmxpYyBvZiBUdXJrZXkgTWluaXN0cnkgb2YgSW50ZXJpb3IxQjBABgNV
BAsMOUdlbmVyYWwgRGlyZWN0b3JhdGUgb2YgQ2l2aWwgUmVnaXN0cmF0aW9uIGFu
ZCBOYXRpb25hbGl0eTEdMBsGA1UEAwwUUGFzc3BvcnQgQ1NDQSBUdXJrZXkwHhcN
MTgxMjI2MTIzNDQ2WhcnmjkwMzI2MTIzNDQ2WjCBnzELMAkGA1UEBhMCVFIxMDAu
BgNVBAoMJ1JlcHVibGljIG9mIFR1cmtleSBNaW5pc3RyeSBvZiBJbnRlcmlvcjFC
MEAGA1UECww5R2VuZXJhbCBEaXJlY3RvcmF0ZSBvZibdaXZpbCBSZWdpc3RyYXRp
b24gYW5kIE5hdGlvbmFsaXR5MRowGAYDVqqDDBFEb2N1bWVudFNpZ25lcjAwNzCB
mzAQBgcqhkjOPQIBBgUrgqqAIwOBhgAEAXlni4ELaIm0GsOMleQ5oliQ7QaXgM3E
WmSqsl0Sy/sToSW46hLfC6C/EimYvWvNLy0h4ZWcTR+L0UeZ4kRiqZZ/Aa1vgKo6
S4JcqBqYCieBAAnzLNGC4n1aLsGOP5WZwLzY8+3a/RQB6122N5GGAVDIAHZLgGVK
F4qrWX1Nofmmb2CEo4IBLzCCASswHwYDVR0jBBgwFoAUb5u7xp7s2tm8MelQ4R7Q
ygAiBZYwHQYDVR0OBBYEFBi1I1aRaXEu+VDKhllQvoCRG7PGMA4GA1UdDwEB/wQE
AwIHgDBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vcGFzYXBvcnQua2FtdXNtLmdv
di50ci9DU0NBL0NTQ0FUUl9WMS5jcmwwUwYDVR0RBEwwSoEWcGFzYXBvcnRAa2Ft
dXNtLmdvdi50coIeaHR0cHM6Ly9wYXNhcG9ydC5rYW11c20uZ292LnRypBAwDjEM
MAoGA1UEBwwDVFVSMCsGA1UdEAQkMCKADzIwMTgxMjI2MTIzNDQ2WoEPMjAxOTAz
MjYxMjM0NDZaMBQGBmeBCAEBAgQKMAgCAQAxAxMBUDAKBggqhkjOPqqDBAOBigAw
gYYCQR5GV+4nY1uh2xshpArkHxD+vKeqtbkKAGbhhgJsqTYySAQkJKgaQoPLw/H+
nEy9vGa7ScaefzUCUGsLv3x6yNgqAkECS1FadKRkLUYEPe6qsTkCawihBCl6556+
15MkDuly1mOzNcu3RoYEpZgh1givweuLdhTZg9DRiy8mUdxdLCK3UzGCAcwwggHI
AgEBMIGwMIGiMQswCQYDVqqGEwJUUjEwMC4GA1UECgwnUmVwdWJsaWMgb2YgVHVy
a2V5IE1pbmlzdHJ5IG9mIEludGVyaW9yMUIwQAYDVqqLDDlHZW5lcmFsIERpcmVj
dG9yYXRlIG9mIENpdmlsIFJlZ2lzdHJhdGlvbiBhbmQgTmF0aW9uYWxpdHkxHTAb
BgNVBAMMFFBhc3Nwb3J0IENTQ0EgVHVya2V5AgkTiUmaAhPhXDAwCwYJYIZIAWUD
BAIDoGgwFQYJKoZIhvcNAQkDMQgGBmeBCAEBATBPBgkqhkiG9w0BCqqxQgRAzFgh
EVaT31HtFQEbQkeKKo78nA+iGLox5I9zt7OmytwzjFkxYnPgQjHO9M7pVvVf2WWf
tkYA0T0UdTxTVyR1RTAMBggqhkjOPqqDBAUABIGKMIGHAkIBqKmNH31O0fCjeuxO
AMDqqxG0CLVsnRXGOIIxJ/+Z4VqxS0UGGJ0w3c12jFtJk3aWHE0izOVEixuBQLUl
al0elrkCQTyKUuKm+SOGGTrOmtEi1OgUAVEl7Q+tiLhhf0EkZGKKuTVB9yqqhDjc
BgBBrMtf8JYLKf9eNN4zW2uvszn8t7Or
-----END pkcs7-----
这是我从pkcs7中提取的土耳其的DS(文件签名者)证书:
-----BEGIN CERTIFICATE-----
MIID8TCCA1SgAwIBAgIJE4lJmgIT4VwwMAoGCCqGSM49BAMEMIGiMQswCQYDVqqG
EwJUUjEwMC4GA1UECgwnUmVwdWJsaWMgb2YgVHVya2V5IE1pbmlzdHJ5IG9mIElu
dGVyaW9yMUIwQAYDVqqLDDlHZW5lcmFsIERpcmVjdG9yYXRlIG9mIENpdmlsIFJl
Z2lzdHJhdGlvbiBhbmQgTmF0aW9uYWxpdHkxHTAbBgNVBAMMFFBhc3Nwb3J0IENT
Q0EgVHVya2V5MB4XDTE4MTIyNjEyMzQ0NloXDTI5MDMyNjEyMzQ0NlowgZ8xCzAJ
BgNVBAYTAlRSMTAwLgYDVqqKDCdSZXB1YmxpYyBvZiBUdXJrZXkgTWluaXN0cnkg
b2YgSW50ZXJpb3IxQjBABgNVBAsMOUdlbmVyYWwgRGlyZWN0b3JhdGUgb2YgQ2l2
aWwgUmVnaXN0cmF0aW9uIGFuZCBOYXRpb25hbGl0eTEaMBgGA1UEAwwRRG9jdW1l
bnRTaWduZXIwMDcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAF5Z4uBC2iJtBrD
jJXkOaJYkO0Gl4DNxFpkqrJdEsv7E6EluOoS3wugvxIpmL1rzS8tIeGVnE0fi9FH
meJEYqmWfwGtb4CqOkuCXKgamAongQAJ8yzRguJ9Wi7Bjj+VmcC82PPt2v0UAetd
tjeRhgFQyAB2S4BlSheKq1l9TaH5pm9ghKOCAS8wggErMB8GA1UdIwQYMBaAFG+b
u8ae7NrZvDHpUOEe0MoAIgWWMB0GA1UdDgQWBBQYtsnWkWlxLvlQyoZZUL6AkRuz
xjAOBgNVHQ8BAf8EBAMCB4AwqqYDVR0fBDowODA2oDSgMoYwaHR0cDovL3Bhc2Fw
b3J0LmthbXVzbS5nb3YudHIvQ1NDQS9DU0NBVFJfVjEuY3JsMFMGA1UdEQRMMEqB
FnBhc2Fwb3J0QGthbXVzbS5nb3YudHKCHmh0dHBzOi8vcGFzYXBvcnQua2FtdXNt
Lmdvdi50cqqQMA4xDDAKBgNVBAcMA1RVUjArBgNVHRAEJDAigA8yMDE4MTIyNjEy
MzQ0NlqBDzIwMTkwMzI2MTIzNDQ2WjAUBgZngQgBAQIECjAIAgEAMQMTAVAwCgYI
KoZIzj0EAwQDgYoamIGGAkEeRlfuJ2NbodsbIaQK5B8Q/rynqrW5CgBm4YYCbKk2
MkgEJCSoGkKDy8Px/pxMvbxmu0nGnn81AlBrC798esjYKgJBAktRWnSkZC1GBD3u
qrE5AmsIoqqpeueevteTJA7pctZjszXLt0aGBKWYIdYIr8Hri3YU2YPQ0YsvJlHc
XSwit1M=
-----END CERTIFICATE-----
openssl smime -verify -in〜/ desktop / ef_sod.p7b -inform p7b -noverify> signed_data.bin 命令结果“验证成功”-这意味着我的护照已由土耳其DS证书正确签名
但是,
我无法手动进行手动验证。
openssl asn1parse -in〜/ desktop / mypassport.p7b
然后从pkcs7(signed_data.bin)中提取带符号的十六进制数据:
308201BE020100300B0609608648016503040203308201AA30450201010440948CD0552C8E952154499468BF9DF449CB6671136645AFA9ECCE164590FA4DA7A96B5A084AD2B2B3346AD057EA1E960E1F621D8C339C60E3AE65477C5E96D14A3045020102044029904D5838B2C7055B9455E564F3AA8C2814FB9E611F62E3AE3F82DFD05AA8045AB48CA5D019D52940ED5BB64A0E6BF5C5B49279E5A42EC832BD8D5F09DDCEB3304502010304409969EACB0E1C54918D8321D5DBABE798BC0EDA404D294D1A515E33C9C517312441FDCD79A0571C4D49A79CBD79056092C76F335619B7466FDDC2A8C425B8BAB7304502010B0440AB7DBF1932B9E98854A49F51ABDFDE620F64F3B57B4D806AE4BC74D5252DDB99EE48760240365F3824EBF82F0D2FEC830AAC63CC7C66D1EFA8231C3FA85FE2A2304502010C0440375F1D8C7C821914E09F8FC83D3970AFB18B2A24505C03B2B24DDB9B08162660EA4805BCF69941302BEE7CC87453A81C792C6D71C0F80B7DA1EB55BF96C4076C304502010E044061A5933B6A21AF46842E2C8D31AF053BB5468C13FF09F3E2C69F4C5A49A40CC00834B97DE9BBE29AA39C1754C690DC8A25AC12222174D3C3D7B124618A6BA988
然后从DS证书(pk_tr.pem)中提取土耳其公钥:
-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBeWeLgQtoibQaw4yV5DmiWJDtBpeA
zcRaZKqyXRLL+xOhJbjqEt8LoL8SKZi9a80vLSHhlZxNH4vRR5niRGKpln8BrW+A
qjpLglyoGpgKJ4EACfMs0YLifVouwY4/lZnAvNjz7dr9FAHrXbY3kYYBUMgAdkuA
ZUoXiqtZfU2h+aZvYIQ=
-----END PUBLIC KEY-----
最后,我从pkcs7(signature.bin)中提取了EC数字签名:
308187024201A8A98D1F7D4ED1F0A37AEC4E00C0D0AB11B408B5529D15C638823127FF99E15AB14B4506189D30DDCD768C5B499376961C4D22CCE5448B1B8140B5256A5D1E96B902413C8A52E2A6F92386193ACE9AD122D4E814015125ED0FAD88B8617F412464628AB93541F7242A8438DC060041accB5FF0960B29FF5E34DE335B6BAFB339FCB7B3AB
当我尝试执行 openssl dgst -sha512 -verify〜/ desktop / pk_tr.pem -signature〜/ desktop / signature.bin〜/ desktop / signed_data.bin 时,它现在导致“验证失败” >
我知道我的pkcs7文件是有效的,并且从第一个命令行结果得到了正确的签名,那么在手动签名验证步骤中我可能做错了什么?