已经有很多问题,但问题是,他们都没有足够的答案如何做到这一点,尤其是在使用python3时。
基本上,我想阅读JAR / APK证书,如下所示:Link to ASN1 Decoder, with Android Test Signing Key
现在有几种选择:
我找到了一种方法来使用pyasn1从pkcs#7消息中解压缩证书,然后使用加密技术来读取它:
from pyasn1.codec.der.decoder import decode
from pyasn1.codec.der.encoder import encode
from cryptography import x509
from cryptography.hazmat.backends import default_backend
cdata = open("CERT.RSA", "rb").read()
cert, rest = decode(cdata)
# The cert should be located there
realcert = encode(cert[1][3])
realcert = realcert[2 + (realcert[1] & 0x7F) if realcert[1] & 0x80 > 1 else 2:] # remove the first DER identifier from the front
x509.load_der_x509_certificate(realcert, default_backend())
这使
<Certificate(subject=<Name([<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.6, name=countryName)>, value='US')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.8, name=stateOrProvinceName)>, value='California')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.7, name=localityName)>, value='Mountain View')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.10, name=organizationName)>, value='Android')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.11, name=organizationalUnitName)>, value='Android')>, <NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Android')>, <NameAttribute(oid=<ObjectIdentifier(oid=1.2.840.113549.1.9.1, name=emailAddress)>, value='[email protected]')>])>, ...)>
没有别的方法让它干净整洁吗?
现在有库在纯python中执行此操作。一个是asn1crypto:https://github.com/wbond/asn1crypto#readme这也在androguard中得到了证明,包括如何使用它的例子:https://androguard.readthedocs.io/en/latest/intro/certificates.html