我正在使用MDNS,并且需要宣布带有MDNS记录的主题KeyId。SKI 是 x509 证书的一部分,但无法从最终的 TLS 证书中读取:priv, err := rsa.GenerateKey(rand.Reader, 2048)if err != nil { log.Fatal(err)}template := x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{ Organization: []string{"Acme Co"}, }, NotBefore: time.Now(), NotAfter: time.Now().Add(time.Hour * 24 * 180), KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true,}derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)if err != nil { log.Fatalf("Failed to create certificate: %s", err)}tlsCert := tls.Certificate{ Certificate: [][]byte{derBytes}, PrivateKey: priv,}如何从结果中提取或生成SKI?tls.Certificate
1 回答
catspeake
TA贡献1111条经验 获得超0个赞
您必须自己构建它并将其作为证书模板提供。SubjectKeyId
RFC 5280 第 4.2.1.2 节建议了几种生成主题密钥标识符的潜在方法。最受欢迎的是只获取公钥的ASN.1编码的SHA1哈希。例如,如果 是 ,则可以执行以下操作:pub*rsa.PublicKey
keyBytes := x509.MarshalPKCS1PublicKey(pub) keyHash := sha1.Sum(keyBytes) ski := keyHash[:]
,然后在调用 之前将证书模板的字段设置为 。SubjectKeyIdskix509.CreateCertificate
- 1 回答
- 0 关注
- 136 浏览
添加回答
举报
0/150
提交
取消