GB/T 20518—2018信息安全技術 公鑰基礎設施 數字證書格式附錄D(資料性附錄)數字證書編碼舉例
D.1 SM2數字證書編碼
以下內容將以X.509版本3證書為例,證書包含下列信息:
a)the serial number is 64 57 00 b7 00 00 02 f6 (dec is 7230248512745636598);
b)the certificate is signed with SM2 and the SM3 hash algorithm;
c)the issuer’s distinguished name is CN=OSCCA SM2 CA, C=CN;
d)and the subject’s distinguished name is CN=用戶名字, OU=部門名稱,O=組織名稱,S=省份名稱,C=CN;
e)the certificate was issued on March 22, 2011 and expired on March 29,2014;
f)the certificate contains a 256 bit SM2 EC public key;
g)the certificate is an end entity certificate (not a CA certificate);
h)the certificate include an authority key identifier ,subject KeyIdentifier and basic constraints extensions;
i)the certificate includes a critical key usage extension specifying the public is intended for generation of digital signatures;
0000 30 200: SEQUENCE {
0004 30 1A5: SEQUENCE {
0008 A0 3: [0] {
000A 02 1: INTEGER 2
: }
000D 02 8: INTEGER
: 64 57 00 B7 00 00 02 F6
0017 30 C: SEQUENCE {
0019 06 8: OBJECT IDENTIFIER ‘1 2 156 10197 1 501’
0023 05 0:
: }
0025 30 24: SEQUENCE {
0027 31 15: SET {
0029 30 13: SEQUENCE {
002B 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
0030 13 C: PrintableString ‘OSCCA SM2 CA’
: }
: }
003E 31 B: SET {
0040 30 9: SEQUENCE {
0042 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
0047 13 2: PrintableString ‘CN’
: }
: }
: }
004B 30 1E: SEQUENCE {
004D 17 D: UTCTime ‘110322074444Z’
005C 17 D: UTCTime ‘140329074400Z’
: }
006B 30 52: SEQUENCE {
006D 31 15: SET {
006F 30 13: SEQUENCE {
0071 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
0076 0C C: UTF8String ‘用戶名字’
: }
: }
0084 31 15: SET {
0086 30 13: SEQUENCE {
0088 06 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
008D 0C C: UTF8String ‘部門名稱’
: }
: }
009B 31 15: SET {
009D 30 13: SEQUENCE {
009F 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
00A4 0C C: UTF8String ‘組織名稱’
: }
: }
00B2 31 B: SET {
00B4 30 9: SEQUENCE {
00B6 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
00BB 13 2: PrintableString ‘CN’
: }
: }
: }
00BF 30 59: SEQUENCE {
00C1 30 13: SEQUENCE {
00C3 06 7: OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
00CC 06 8: OBJECT IDENTIFIER ‘1 2 156 10197 1 301’
: }
00D6 03 42: BIT STRING 0 unused bits
: 04 97 0A 71 9B CC 02 B4 6E E9 CC DF 59 2F 59 0B
: 2D C7 5A AC B1 C7 B9 45 55 FE 07 E2 70 B3 83 9A
: 4B EB 4C 37 A3 AD 5E FF BF 23 39 0C AD 36 9A EC
: 58 B2 92 32 A0 CA 30 29 6F 0F F1 F8 35 F1 52 F6
: 76
: }
011A A3 90: [3] {
011D 30 8D: SEQUENCE {
0120 30 C: SEQUENCE {
0122 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
0127 04 5: OCTET STRING
: 30 03 01 01 00
: }
012E 30 1D: SEQUENCE {
0130 06 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
0135 04 16: OCTET STRING
: 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06
: 01 05 05 07 03 04
: }
014D 30 B: SEQUENCE {
014F 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
0154 04 4: OCTET STRING
: 03 02 00 C0
: }
015A 30 11: SEQUENCE {
015C 06 9: OBJECT IDENTIFIER
: netscape-cert-type (2 16 840 1 113730 1 1)
0167 04 4: OCTET STRING
: 03 02 00 80
: }
016D 30 1F: SEQUENCE {
016F 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
0174 04 18: OCTET STRING
: 30 16 80 14 8E 7B 6D F4 CB 16 BC 42 79 80 22 80
: 92 49 97 1C EA BD D3 E5
: }
018E 30 1D: SEQUENCE {
0190 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
0195 04 16: OCTET STRING
: 04 14 1E 99 F3 37 A8 7E 1F 5D C8 B5 C4 D9 F6 94
: 2E A6 9C 24 9F 31
: }
: }
: }
: }
01AD 30 C: SEQUENCE {
01AF 06 8: OBJECT IDENTIFIER ‘1 2 156 10197 1 501’
01B9 05 0:
: }
01BB 03 47: BIT STRING 0 unused bits
: 30 44 02 20 50 37 93 B4 0E 0F 1C 9D 3E EE 7F 7E
: 02 BE BD 3E DE 01 27 27 20 82 EE 8F 0F 6F E4 8A
: 36 3F 26 B9 02 20 B5 70 08 46 76 7B 6F 27 43 6C
: BE D7 45 98 C4 5B 98 5C CB C8 1A 14 0E 2A 3B 03
: 55 CA BE F1 72 F2
:
推薦文章: