Dúvida [RESOLVIDO]

1. Dúvida [RESOLVIDO]

Jacy Ferreira
jacyferreira

(usa XUbuntu)

Enviado em 18/06/2020 - 23:52h

Boa noite,

Utilizando o comando openssl posso visualizar os atributos de um certificado:
openssl x509 -in mail-google-com.pem -noout -text

a saída do comando e a seguinte:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ea:11:2b:f6:f7:a7:dd:a9:02:00:00:00:00:6b:21:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Google Trust Services, CN = GTS CA 1O1
Validity
Not Before: May 26 15:30:03 2020 GMT
Not After : Aug 18 15:30:03 2020 GMT
Subject: C = US, ST = California, L = Mountain View, O = Google LLC, CN = mail.google.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:91:a1:c2:31:29:f0:52:52:a9:6f:e5:14:3b:3d:
4c:9f:b9:13:28:c9:99:e6:b0:04:2e:e2:a0:da:e1:
92:e9:8a:23:c3:77:84:2e:3b:6c:d9:e4:2c:84:76:
70:a4:cc:1b:b9:a0:c7:46:b5:b9:2e:a9:0c:e6:f5:
01:a5:99:79:b4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
7D:14:46:5B:54:D7:92:87:C5:B5:E0:1C:76:D4:39:5E:93:67:74:92
X509v3 Authority Key Identifier:
keyid:98:D1:F8:6E:10:EB:CF:9B:EC:60:9F:18:90:1B:A0:EB:7D:09:FD:2B

Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/gts1o1core
CA Issuers - URI:http://pki.goog/gsr2/GTS1O1.crt

X509v3 Subject Alternative Name:
DNS:mail.google.com, DNS:inbox.google.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.3.6.1.4.1.11129.2.5.3

X509v3 CRL Distribution Points:

Full Name:
URI:http://crl.pki.goog/GTS1O1core.crl

CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32:
7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58
Timestamp : May 26 16:30:03.569 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:7D:53:13:2C:CE:27:2F:80:77:EE:93:80:
BD:45:1A:4F:A3:9E:D5:ED:13:A5:12:BB:02:73:BF:9B:
3C:BA:66:8C:02:21:00:96:70:55:F5:6D:47:0F:18:8B:
E3:09:EE:6F:C3:CC:1A:0D:02:A3:2D:86:57:36:C7:81:
28:97:D4:61:72:75:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
Timestamp : May 26 16:30:03.655 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:00:92:B2:7C:15:47:42:11:AB:E8:2B:F8:
7F:73:6E:59:AB:9B:99:D4:89:6A:63:B3:2F:E2:3C:0C:
0A:22:CE:42:02:20:25:DE:00:1D:B0:4A:CC:82:93:51:
12:6A:73:30:13:94:22:9B:DD:BE:DA:6C:ED:FE:3A:9D:
D9:89:23:DE:54:6A
Signature Algorithm: sha256WithRSAEncryption
3e:52:a3:78:fe:ba:6e:e6:aa:17:b9:b0:33:bb:47:60:c9:ba:
ad:8a:72:d6:3b:5a:ed:c8:0b:a4:33:d1:45:97:5a:e9:78:af:
f8:94:c1:3b:f4:27:50:65:a6:03:c8:14:d7:81:63:cb:ad:6d:
56:be:8b:4b:c3:be:07:17:b7:80:b3:79:c2:56:41:ae:b5:b3:
ca:4c:5a:e1:28:81:45:a3:5a:57:44:11:7e:05:60:f5:9b:fb:
74:2d:73:da:25:49:30:bf:88:42:90:20:c2:6a:32:75:b7:1e:
9b:47:b5:b0:83:1b:98:eb:a9:c5:08:38:25:4f:9b:cb:13:f3:
63:f1:fa:3b:36:ba:49:73:9c:61:25:3b:8a:9c:af:45:4d:4f:
b0:01:f3:bd:aa:64:d9:e5:4d:bf:f5:93:d1:3d:c5:05:67:ad:
17:2f:5e:1e:7d:e9:06:49:8e:27:f5:4c:94:5c:af:d0:61:fa:
31:cb:c1:82:c4:cc:8e:1c:1f:5d:b6:13:b2:86:bf:b8:b4:b5:
15:37:4b:7b:15:50:f1:54:0e:33:41:b5:01:41:f4:68:83:2a:
17:47:ca:e6:b5:ad:7e:79:68:29:a9:c0:55:d1:d9:4a:b4:5e:
63:e2:81:98:64:19:72:ae:7d:e5:95:8a:3d:9d:af:54:9c:ee:
eb:4c:dc:a2


Estou precisando gerar um arquivo texto para exportar para padrão txt ou csv os seguintes atributos dos certificados:
Version: Serial Number:Signature Algorithm:Issuer: C,Issuer: O: Issuer: CN;Validity Not Before: Validity Not After: Subject US:Subject L: Subject O: Subject CN

Data:
Version: 3 (0x2)
Serial Number:
ea:11:2b:f6:f7:a7:dd:a9:02:00:00:00:00:6b:21:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Google Trust Services, CN = GTS CA 1O1
Validity
Not Before: May 26 15:30:03 2020 GMT
Not After : Aug 18 15:30:03 2020 GMT
Subject: C = US, ST = California, L = Mountain View, O = Google LLC, CN = mail.google.com

Meu script ira gravar estas informações para muitos certificados.
Então a saida deverá ser da seguinte forma:
version;serial number;signature algorithm;issuer C;issuer O;issuer CN;Not Before;Not After;Subject US;Subject L;Subject O;Subject CN;
3 (0x2);ea:11:2b:f6:f7:a7:dd:a9:02:00:00:00:00:6b:21:22;sha256WithRSAEncryption;US;Google Trust Services;GTS CA 1O1;

-----------------------------
Agradeço pela atenção.


  


2. Re: Dúvida

Marcelo Oliver
msoliver

(usa Debian)

Enviado em 19/06/2020 - 18:15h

jacyferreira escreveu:

Boa noite,

Utilizando o comando openssl posso visualizar os atributos de um certificado:
openssl x509 -in mail-google-com.pem -noout -text

a saída do comando e a seguinte:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ea:11:2b:f6:f7:a7:dd:a9:02:00:00:00:00:6b:21:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Google Trust Services, CN = GTS CA 1O1
Validity
Not Before: May 26 15:30:03 2020 GMT
Not After : Aug 18 15:30:03 2020 GMT
Subject: C = US, ST = California, L = Mountain View, O = Google LLC, CN = mail.google.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:91:a1:c2:31:29:f0:52:52:a9:6f:e5:14:3b:3d:
4c:9f:b9:13:28:c9:99:e6:b0:04:2e:e2:a0:da:e1:
92:e9:8a:23:c3:77:84:2e:3b:6c:d9:e4:2c:84:76:
70:a4:cc:1b:b9:a0:c7:46:b5:b9:2e:a9:0c:e6:f5:
01:a5:99:79:b4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
7D:14:46:5B:54:D7:92:87:C5:B5:E0:1C:76:D4:39:5E:93:67:74:92
X509v3 Authority Key Identifier:
keyid:98:D1:F8:6E:10:EB:CF:9B:EC:60:9F:18:90:1B:A0:EB:7D:09:FD:2B

Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/gts1o1core
CA Issuers - URI:http://pki.goog/gsr2/GTS1O1.crt

X509v3 Subject Alternative Name:
DNS:mail.google.com, DNS:inbox.google.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.3.6.1.4.1.11129.2.5.3

X509v3 CRL Distribution Points:

Full Name:
URI:http://crl.pki.goog/GTS1O1core.crl

CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32:
7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58
Timestamp : May 26 16:30:03.569 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:7D:53:13:2C:CE:27:2F:80:77:EE:93:80:
BD:45:1A:4F:A3:9E:D5:ED:13:A5:12:BB:02:73:BF:9B:
3C:BA:66:8C:02:21:00:96:70:55:F5:6D:47:0F:18:8B:
E3:09:EE:6F:C3:CC:1A:0D:02:A3:2D:86:57:36:C7:81:
28:97:D4:61:72:75:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
Timestamp : May 26 16:30:03.655 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:00:92:B2:7C:15:47:42:11:AB:E8:2B:F8:
7F:73:6E:59:AB:9B:99:D4:89:6A:63:B3:2F:E2:3C:0C:
0A:22:CE:42:02:20:25:DE:00:1D:B0:4A:CC:82:93:51:
12:6A:73:30:13:94:22:9B:DD:BE:DA:6C:ED:FE:3A:9D:
D9:89:23:DE:54:6A
Signature Algorithm: sha256WithRSAEncryption
3e:52:a3:78:fe:ba:6e:e6:aa:17:b9:b0:33:bb:47:60:c9:ba:
ad:8a:72:d6:3b:5a:ed:c8:0b:a4:33:d1:45:97:5a:e9:78:af:
f8:94:c1:3b:f4:27:50:65:a6:03:c8:14:d7:81:63:cb:ad:6d:
56:be:8b:4b:c3:be:07:17:b7:80:b3:79:c2:56:41:ae:b5:b3:
ca:4c:5a:e1:28:81:45:a3:5a:57:44:11:7e:05:60:f5:9b:fb:
74:2d:73:da:25:49:30:bf:88:42:90:20:c2:6a:32:75:b7:1e:
9b:47:b5:b0:83:1b:98:eb:a9:c5:08:38:25:4f:9b:cb:13:f3:
63:f1:fa:3b:36:ba:49:73:9c:61:25:3b:8a:9c:af:45:4d:4f:
b0:01:f3:bd:aa:64:d9:e5:4d:bf:f5:93:d1:3d:c5:05:67:ad:
17:2f:5e:1e:7d:e9:06:49:8e:27:f5:4c:94:5c:af:d0:61:fa:
31:cb:c1:82:c4:cc:8e:1c:1f:5d:b6:13:b2:86:bf:b8:b4:b5:
15:37:4b:7b:15:50:f1:54:0e:33:41:b5:01:41:f4:68:83:2a:
17:47:ca:e6:b5:ad:7e:79:68:29:a9:c0:55:d1:d9:4a:b4:5e:
63:e2:81:98:64:19:72:ae:7d:e5:95:8a:3d:9d:af:54:9c:ee:
eb:4c:dc:a2


Estou precisando gerar um arquivo texto para exportar para padrão txt ou csv os seguintes atributos dos certificados:
Version: Serial Number:Signature Algorithm:Issuer: C,Issuer: O: Issuer: CN;Validity Not Before: Validity Not After: Subject US:Subject L: Subject O: Subject CN

Data:
Version: 3 (0x2)
Serial Number:
ea:11:2b:f6:f7:a7:dd:a9:02:00:00:00:00:6b:21:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Google Trust Services, CN = GTS CA 1O1
Validity
Not Before: May 26 15:30:03 2020 GMT
Not After : Aug 18 15:30:03 2020 GMT
Subject: C = US, ST = California, L = Mountain View, O = Google LLC, CN = mail.google.com

Meu script ira gravar estas informações para muitos certificados.
Então a saida deverá ser da seguinte forma:
version;serial number;signature algorithm;issuer C;issuer O;issuer CN;Not Before;Not After;Subject US;Subject L;Subject O;Subject CN;
3 (0x2);ea:11:2b:f6:f7:a7:dd:a9:02:00:00:00:00:6b:21:22;sha256WithRSAEncryption;US;Google Trust Services;GTS CA 1O1;

-----------------------------
Agradeço pela atenção.

Boa noite Jacy Ferreira.
Segue sugestão com base na "saída" postada,
Para efeito de testes, salvei-a, como Arquivo.txt.
sed -n '/^Version:/,/^Subject:/p' Arquivo.txt|sed '/^Val.*$\|:$/d'|sed -r '/^[A-Z][a-z]+/s/: /=/;s/, /\n/g;s/ = /=/g'|awk -F"=" '{ORS=";";print $NF}'

Para "filtrar" a saída do comando,
Faça
:
openssl x509 -in mail-google-com.pem -noout -text|\
sed -n '/^ \+Version:/,/^ \+Subject:/p'|\
sed 's/^ \+//'|\
sed '/^Val.*$\|:$/d'|\
sed -r '/^[A-Z][a-z]+/s/: /=/;s/, /\n/g;s/ = /=/g'|\
awk -F"=" '{ORS=";";print $NF}'

Como gerou o arquivo "mail-google-com.pem"?
______________________________________________________________________
Importante: echo -e "\n$(lynx --dump goo.gl/a9KeFc|sed -nr '/^[ ]+Se/,/dou.$/p')\n"
Att.: Marcelo Oliver
______________________________________________________________________






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts