Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: How to validate signature of a RSA/x509 cert in Perl

by kgoess (Beadle)
on Mar 29, 2018 at 18:37 UTC ( [id://1211997]=note: print w/replies, xml ) Need Help??


in reply to How to validate signature of a RSA/x509 cert in Perl

After extensive research, the closest thing we have to that is in Net::SSLeay, which has bindings to a ton of low-level openssl functions. In v1.83 2018-01-06 they added these: 
    X509_STORE_CTX_new and X509_verify_cert

[download]
but I couldn't get past related segfaults and there's not much documentation on there. So I ended up doing:
  1. use Convert::ASN1 to re-encode the tbsCertificate data I had decoded in my PKCS#7 file ("tbs" it turns out is "to-be-signed")
  2. get the signature from the PCKS#7 file
  3. get the subjectPublicKeyInfo.subjectPublic Key from the cert that signed this cert
  4. feed that to $signer_key = Crypt::OpenSSL::RSA->new_public_key($signer_key_pem);
  5. and then do $signer_key->verify($cert_as_signed, $signature)
and wash, rinse, repeat for each of the certs in the chain.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1211997]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2024-04-24 06:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found