dsh77114 2019-01-27 00:37
浏览 516

如何显示网站证书的公钥

I've created a Go program to connect to a website and get the certificates it uses. I'm not sure how to get the correct representation of the public key.

I can fetch the certificate and I can type check on Certificate.PublicKey. Once I understand it's rsa.PublicKey or ecdsa.PublicKey I'd need to print the hex representation of it.

switch cert.PublicKey.(type) {
case *rsa.PublicKey:
    logrus.Error("this is RSA")
    // TODO: print hex representation of key
case *ecdsa.PublicKey:
    logrus.Error("this is ECDSA")
    // TODO: print hex representation of key
default:
    fmt.Println("it's something else")
}

I'd expect it to print something like:

04 4B F9 47 1B A8 A8 CB A4 C6 C0 2D 45 DE 43 F3 BC F5 D2 98 F4 25 90 6F 13 0D 78 1A AC 05 B4 DF 7B F6 06 5C 80 97 9A 53 06 D0 DB 0E 15 AD 03 DE 14 09 D3 77 54 B1 4E 15 A8 AF E3 FD DC 9D AD E0 C5
  • 写回答

1条回答 默认 最新

  • dongyirong3564 2019-01-27 01:39
    关注

    it seems you are asking for the sha1 sum of the certificates involved. here is a working example that asks for a host:port and prints the sums of the certificates involved

    package main

import (
        "crypto/sha1"
        "crypto/tls"
        "fmt"
        "log"
        "os"
)

func main() {
        if len(os.Args) != 2 {
                log.Panic("call with argument of host:port")
        }
        log.SetFlags(log.Lshortfile)

        conf := &tls.Config{
                //InsecureSkipVerify: true,
        }
        fmt.Printf("dialing:%s
", os.Args[1])
        conn, err := tls.Dial("tcp", os.Args[1], conf)
        if err != nil {
                log.Println(err)
                return
        }
        defer conn.Close()
        for i, v := range conn.ConnectionState().PeerCertificates {
                //edit: use %X for uppercase hex printing
                fmt.Printf("cert %d sha1 fingerprint:%x 
", i, sha1.Sum(v.Raw))
        }
}

    run as:

    ./golang-tls www.google.com:443
dialing:www.google.com:443
cert 0 sha1 fingerprint:34781c3be98cf958f514aecb1ae2e4e866effe34
cert 1 sha1 fingerprint:eeacbd0cb452819577911e1e6203db262f84a318

    for general notions on SSL i have found this stackexchange answer to be extremely valuable.

    评论

报告相同问题?

悬赏问题

  • ¥20 易康econgnition精度验证
  • ¥15 线程问题判断多次进入
  • ¥15 msix packaging tool打包问题
  • ¥28 微信小程序开发页面布局没问题,真机调试的时候页面布局就乱了
  • ¥15 python的qt5界面
  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致