Advertisement
mar-kim

pkcs7.rb

Oct 2nd, 2023
1,631
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 5.48 KB | None | 0 0
  1. require 'openssl'
  2.  
  3. def make_cert(pkey)
  4.   subject = "/C=BE/O=Test/OU=Test/CN=Test"
  5.   cert = OpenSSL::X509::Certificate.new
  6.   cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
  7.   cert.not_before = Time.now
  8.   cert.not_after = Time.now + 365 * 24 * 60 * 60
  9.   cert.public_key = pkey.public_key
  10.   cert.serial = 0x0
  11.   cert.version = 2
  12.  
  13.   ef = OpenSSL::X509::ExtensionFactory.new
  14.   ef.subject_certificate = cert
  15.   ef.issuer_certificate = cert
  16.   cert.extensions = [
  17.     ef.create_extension("basicConstraints","CA:TRUE", true),
  18.     ef.create_extension("subjectKeyIdentifier", "hash"),
  19.   ]
  20.   cert.add_extension ef.create_extension("authorityKeyIdentifier",
  21.                                        "keyid:always,issuer:always")
  22.  
  23.   cert.sign pkey, OpenSSL::Digest::SHA1.new
  24.   cert
  25. end
  26.  
  27. recipient_key = OpenSSL::PKey::RSA.new(4096)
  28. recipient_cert = make_cert(recipient_key)
  29.  
  30. sender_key = OpenSSL::PKey::RSA.new(4096)
  31. sender_cert = make_cert(sender_key)
  32.  
  33. csr = OpenSSL::X509::Request.new
  34. csr.public_key = sender_key.public_key
  35. csr.subject = OpenSSL::X509::Name.parse("C=UP")
  36. csr.sign(sender_key, OpenSSL::Digest::SHA256.new)
  37.  
  38. # The sender encrypts and signs the message
  39. crypted = OpenSSL::PKCS7.encrypt([recipient_cert], "message").to_der
  40. signed = OpenSSL::PKCS7.sign(sender_cert, sender_key, crypted).to_der
  41.  
  42. # The recipient tries to extract the message
  43. store = OpenSSL::X509::Store.new
  44. p7_signed = OpenSSL::PKCS7.new(signed)
  45. p7_signed.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
  46. unsigned = p7_signed.data
  47.  
  48. # Attempt to decrypt
  49. OpenSSL::PKCS7.new(unsigned).decrypt(recipient_key, recipient_cert)
  50. # => ArgumentError: Could not parse the PKCS7: nested asn1 error
  51.  
  52. unsigned
  53. # => "0\x82\x02\xA8\x06\t*\x86H\x86\xF7\r\x01\a\x03\xA0\x82\x02\x990\x82\x02\x95\x02\x01\x001\x82\x02[0\x82\x02W\x02\x01\x000?0:1\v0\t\x06\x03U\x04\x06\x13\x02BE1\r0\v\x06\x03U\x04\r\n\f\x04Test1\r0\v\x06\x03U\x04\v\f\x04Test1\r0\v\x06\x03U\x04\x03\f\x04Test\x02\x01\x000\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x04\x82\x02\x00j\xB4\x8C\x8E\x9E\"?\xFE#\x93\xFF\x92zg\x10\r^&\xE4l\x96\x15\xF9\xADk [\xB0\xEBK\xF8M\xAD\x90\xFD\xF2\xAF3\xAAT\xA5\x95\x84H\xFD\x14\xD5\r\x16\xC4\xCFg\xF4B\xB6\v\xB0\xD1\xF8\x99\x88+\xB5\e\x10|i\x02\x16\xFBFU\x17\v\xB7\x8A?\xAF?\xB2l\xB2A\x90cy\xDA\x94\xA8f\x0F\x90g\xB7&\b\xCF\xBB\x017\xE5?L\x80\xDB\xBF%S\xA0C8\xF2\xB0n\x8CK\xFF4VMr\b\x85\xC6\x0E/J\x88\xD7\xB7F\x13\x83M\x14\x16\xE36\xCC8o^\x99\xBA\xD8\xB1\xC5V\x04\xD9\xF6\x18\x02\xB1;\t\xD8LiP\x83!x=\xC5jf[4\xA5\xC0$\x9Bk\xCB\xBDM=^\x82\x1F\xAC\xDB\x89H\x9C8\xFB\xA3\x8C\x17\xD2L\xAA[PqPI\xB1e\xF9\xDC\xA3N\xCB\x83\xA7\xC8\x05\xFC\xC1X\x062\xB6A\xA1\x8B\x02\xFE\x82\x14\a\xB1\xE8\xB8\xC4\xD0\xBA\xAAv\xC8\x9D]\xCAn\xB2w\x891\xEA\x10d\e\xC6CO\xE1\xF0\x9B\xD1,A;\t\x9A\xC5\x17\xD8p\x9B\xF0\x03\x88Cpg\am\x87\xD1\xDE,\e\xEA-1_\x01\x19\x86\xA0\xC4E\xC51\x98\xE2\xB9\x9DZ'\x16\x98\x19\x9E\xD2b\t\xC6\xDB\r\n\xFB\x1Dl\x8A%\xEE,\x01t5\x91z\xF3\x00\x9Faq\x7F\xB1\xDD\xA2\xB2\\\xFF\x86r1n8\x1E\x8B\x8FW\x01\xD4\xDB\xB2b\xF0\x8E<U\x01[\xDB\xD8uB\x94R\x18\x17z\x16\x94\x97\xCCi\xC4\x8D;\xB1\xA2\xB6\xE8\x9C\x16o\x19T&\xFB\xF4\xC3\xFA\x1D\xE8\xD0\xF3,\xE3\"\xC4D\x14\xCD\xF9\xD6E\x9A\xA3\xE1U\xF9a\x84\xA5e\xCCDR\x1D\xACr\xBF\xA2u\xAC\xBB\v1\x8C\xB8\x8D\xF6UY\xA6-\xABU@\"\xD0\xE0<(\x19\x0E\xAE\xB7\x04\xEA\xA4W`\x9Fs\x9F\xD4\x8C\x9D!]\xDB\x02\xC8\x8B.lP\x85\xDC\xB8\xE7mH\xEB\x83\x11\xE7Q\x17\xEB5\x9F\x8D\x9C\e|\xA6\xEB\xF2)E2a\xA3\xFE\x99\xF3\x9ET\x97=\x80e3\x90\xE4\xA2\xEAk\xC6Sx\xAAz.\x17\xB6\xEF\xD4g\xA5\x18\xF4@\xE201\x06\t*\x86H\x86\xF7\r\x01\a\x010\x1A\x06\b*\x86H\x86\xF7\r\x03\x020\x0E\x02\x02\x00\xA0\x04\b\xB1\xCC]%\xE0/%\x01\x80\b\xBA`TYs\x9AP3"
  54.  
  55. crypted
  56. # => "0\x82\x02\xA8\x06\t*\x86H\x86\xF7\r\x01\a\x03\xA0\x82\x02\x990\x82\x02\x95\x02\x01\x001\x82\x02[0\x82\x02W\x02\x01\x000?0:1\v0\t\x06\x03U\x04\x06\x13\x02BE1\r0\v\x06\x03U\x04\n\f\x04Test1\r0\v\x06\x03U\x04\v\f\x04Test1\r0\v\x06\x03U\x04\x03\f\x04Test\x02\x01\x000\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x04\x82\x02\x00j\xB4\x8C\x8E\x9E\"?\xFE#\x93\xFF\x92zg\x10\r^&\xE4l\x96\x15\xF9\xADk [\xB0\xEBK\xF8M\xAD\x90\xFD\xF2\xAF3\xAAT\xA5\x95\x84H\xFD\x14\xD5\r\x16\xC4\xCFg\xF4B\xB6\v\xB0\xD1\xF8\x99\x88+\xB5\e\x10|i\x02\x16\xFBFU\x17\v\xB7\x8A?\xAF?\xB2l\xB2A\x90cy\xDA\x94\xA8f\x0F\x90g\xB7&\b\xCF\xBB\x017\xE5?L\x80\xDB\xBF%S\xA0C8\xF2\xB0n\x8CK\xFF4VMr\b\x85\xC6\x0E/J\x88\xD7\xB7F\x13\x83M\x14\x16\xE36\xCC8o^\x99\xBA\xD8\xB1\xC5V\x04\xD9\xF6\x18\x02\xB1;\t\xD8LiP\x83!x=\xC5jf[4\xA5\xC0$\x9Bk\xCB\xBDM=^\x82\x1F\xAC\xDB\x89H\x9C8\xFB\xA3\x8C\x17\xD2L\xAA[PqPI\xB1e\xF9\xDC\xA3N\xCB\x83\xA7\xC8\x05\xFC\xC1X\x062\xB6A\xA1\x8B\x02\xFE\x82\x14\a\xB1\xE8\xB8\xC4\xD0\xBA\xAAv\xC8\x9D]\xCAn\xB2w\x891\xEA\x10d\e\xC6CO\xE1\xF0\x9B\xD1,A;\t\x9A\xC5\x17\xD8p\x9B\xF0\x03\x88Cpg\am\x87\xD1\xDE,\e\xEA-1_\x01\x19\x86\xA0\xC4E\xC51\x98\xE2\xB9\x9DZ'\x16\x98\x19\x9E\xD2b\t\xC6\xDB\n\xFB\x1Dl\x8A%\xEE,\x01t5\x91z\xF3\x00\x9Faq\x7F\xB1\xDD\xA2\xB2\\\xFF\x86r1n8\x1E\x8B\x8FW\x01\xD4\xDB\xB2b\xF0\x8E<U\x01[\xDB\xD8uB\x94R\x18\x17z\x16\x94\x97\xCCi\xC4\x8D;\xB1\xA2\xB6\xE8\x9C\x16o\x19T&\xFB\xF4\xC3\xFA\x1D\xE8\xD0\xF3,\xE3\"\xC4D\x14\xCD\xF9\xD6E\x9A\xA3\xE1U\xF9a\x84\xA5e\xCCDR\x1D\xACr\xBF\xA2u\xAC\xBB\v1\x8C\xB8\x8D\xF6UY\xA6-\xABU@\"\xD0\xE0<(\x19\x0E\xAE\xB7\x04\xEA\xA4W`\x9Fs\x9F\xD4\x8C\x9D!]\xDB\x02\xC8\x8B.lP\x85\xDC\xB8\xE7mH\xEB\x83\x11\xE7Q\x17\xEB5\x9F\x8D\x9C\e|\xA6\xEB\xF2)E2a\xA3\xFE\x99\xF3\x9ET\x97=\x80e3\x90\xE4\xA2\xEAk\xC6Sx\xAAz.\x17\xB6\xEF\xD4g\xA5\x18\xF4@\xE201\x06\t*\x86H\x86\xF7\r\x01\a\x010\x1A\x06\b*\x86H\x86\xF7\r\x03\x020\x0E\x02\x02\x00\xA0\x04\b\xB1\xCC]%\xE0/%\x01\x80\b\xBA`TYs\x9AP3"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement