Golang：验证x509证书是否使用与指定公钥相对应的私钥签名

I want to get an X509 certificate verified to make sure it was signed by the private key that corresponds to the public key:

var publicKey *rsa.PublicKey = getPublicKey()
var certificate *x509.Certificate = getCertificate()
certificate.CheckSignature(...)

It seems to me that certificate.CheckSignature method is the right way to go but I can not figure out the parameters it needs and would like to ask for community's help.

Btw, I was able to do the same in java (working on two adjacent projects). It looks like this:

RSAPublicKey publicKey = getPublicKey();
X509Certificate certificate = X509CertUtils.parse(...);

// Verifies that this certificate was signed using the
// private key that corresponds to the specified public key.
certificate.verify(publicKey);

I appreciate any hints on the field! P.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongzipu7517 2017-03-03 06:18
关注
If I properly understood what you are trying to do, then answer is simple.

Your certificate includes the public key. So all you need is to compare your public key with the public key from the certificate. The code looks like:

if certificate.PublicKey.(*rsa.PublicKey).N.Cmp(publicKey.(*rsa.PublicKey).N) == 0 && publicKey.(*rsa.PublicKey).E == certificate.PublicKey.(*rsa.PublicKey).E { println("Same key") } else { println("Different keys") }

Update

Just checked OpenJDK implementation of .verify method. Looks like there can be situation when certificate doesn't contain the public key and you actually need to verify signature. The Go code for this case looks like this:

h := sha256.New() h.Write(certificate.RawTBSCertificate) hash_data := h.Sum(nil) err = rsa.VerifyPKCS1v15(publicKey.(*rsa.PublicKey), crypto.SHA256, hash_data, certificate.Signature) if err != nil { println("Signature does not match") }
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决 2
无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

Golang：验证x509证书是否使用与指定公钥相对应的私钥签名
2017-03-02 15:44

回答 2 已采纳 If I properly understood what you are trying to do, then answer is simple. Your certificate inclu
Golang问题x509：无法验证签名：net / http上未实现的算法 https ssl
2014-07-29 05:10

回答 1 已采纳 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is currently broken in Go, it will be supported in v1.4, the
golang：如何将pflag与其他使用flag的软件包一起使用？
2015-12-02 21:59

回答 3 已采纳 I got a response from a maintainer for pflag. The solution is to "import" all flags defined for f
golang生成公钥私钥证书及自签名证书通过云账号dns验证直接生成freessl证书 openssl常用方法介绍
2023-10-25 17:17

1.go生成rsa证书自签名证书 2.go生成ecc证书自签名证书 ...4.对自已生成的公钥私钥进行签名,得到签名证书crt 5.通过设置云dns账号直接生成freessl证书 6.openssl一些惯用方法介绍 7.如生成pfx格式的证书包文件的方法
检查X509证书是否与CertificateRequest（CSR）匹配
2019-05-08 09:59

回答 1 已采纳 If your signing request is in the DER format there's a couple of functions in the standard library
golang：发送带有证书的http请求 https
2014-06-30 18:12

回答 2 已采纳 This is likely a problem with the remote server you're accessing, but it is a known problem (with
golang：tls.LoadX509KeyPair关闭net.Conn吗？
2014-10-02 12:06

回答 1 已采纳 The problem is that you're not using the network connection for anything here, and it's simply get
golang：实现私钥加密公钥解密
2022-02-11 22:58

_李白_的博客 golang：实现私钥加密公钥解密
Golang证书验证 ssl
2017-12-09 23:01

回答 1 已采纳 You need to do two things: add the CA certificate on the server side as well, the CA needs to be
golang，我可以使用rsa键创建X509KeyPair吗？
2017-05-06 16:42

回答 1 已采纳 If you want to generate your own certificate and private key, you have to do: 1.- Generate privat
Golang：如何在HTTP客户端的TLS配置中指定证书 ssl
2014-02-04 20:05

回答 1 已采纳 You can replace the system CA set by providing a root CA pool in tls.Config. certs := x509.NewCer
Golang代码搜集-基于RSA的公钥加密私钥解密-私钥签名公钥验证
2018-03-02 22:29

lhtzbj12的博客首先由genkey.go生成公钥和私文件，在rsa.go里使用生成的公钥和私钥进行加密和解密 //文件 genkey.go //生成公钥和私钥 pem文件 package main import ( "crypto/rand" &...
Golang：使用PostgreSQL模式进行连接 postgresql
2018-07-21 18:54

回答 2 已采纳 You should add search_path=myschema to dataSourceName P.S. better use fmt.Sprintf("host=%s port=%
Golang Rsa 公钥加密私钥解密，私钥签名公钥验证，私钥加密公钥解密
2020-05-08 17:29

TwistedFater的博客 //FIXME 配合cgo的openssl使用，为什么要用这个？？？因为大佬说速度比较快 import . "github.com/spacemonkeygo/openssl" // 生成 TLS的ca 证书注意这是ca func TestCAGenerate(t *testing.T) { cakey, err := ...
golang 区块链：验证签名
2022-02-16 09:55

信缘 ꈍ 随缘的博客 3.传入output的集合，逐笔验证签名验证： 1.复制一份新的交易对象（input的签名和公钥置空） 2.对复制的交易进行hash，获取签名需要的hash （获取input的output所在的交易设置vin的公钥为utxo的pubhash 对交易...
没有解决我的问题, 去提问

悬赏问题

¥15 深度学习根据CNN网络模型，搭建BP模型并训练MNIST数据集
¥15 lammps拉伸应力应变曲线分析
¥15 C++ 头文件/宏冲突问题解决
¥15 用comsol模拟大气湍流通过底部加热（温度不同）的腔体
¥50 安卓adb backup备份子用户应用数据失败
¥20 有人能用聚类分析帮我分析一下文本内容嘛
¥15 请问Lammps做复合材料拉伸模拟，应力应变曲线问题
¥30 python代码，帮调试，帮帮忙吧
¥15 #MATLAB仿真#车辆换道路径规划
¥15 java 操作 elasticsearch 8.1 实现索引的重建

Golang：验证x509证书是否使用与指定公钥相对应的私钥签名

2条回答 默认 最新

悬赏问题

2条回答默认最新