还记得LIF文件里那段base64编码的内容吗?这段内容在base64解码后还需要经过一次循环解扰才能得到asn1数据,循环解扰的参数来自LIF文件的TimeStamp字段。此处以网上收集的一份LIF文件(Terra2314.WibuCmLIF)为例:
signed结构使用数字证书对内容进行了签名,envelope结构使用数据证书对内容进行了加密,两者使用的场景和目的不同。前者允许让任何人查看,但不允许任何人更改;后者只允许特定人查看。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
-
-
Wibu
-
File
.asn1
WIBU
-
FILE
DEFINITIONS ::
=
BEGIN
Wibu
-
File
::
=
CHOICE
{
signed[
0
] IMPLICIT Wibu
-
File
-
Signed,
envelope[
1
] IMPLICIT Wibu
-
File
-
Enveloped
}
Wibu
-
File
-
Signed ::
=
SEQUENCE
{
contentType ContentType,
content[
0
] EXPLICIT SignedData
}
ContentType ::
=
OBJECT
IDENTIFIER
SignedData ::
=
SEQUENCE
{
version VersionPKCS7,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates[
0
] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
crls[
1
] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos
}
VersionPKCS7 ::
=
INTEGER
DigestAlgorithmIdentifiers ::
=
SET
OF DigestAlgorithmIdentifier
DigestAlgorithmIdentifier ::
=
SEQUENCE OF
OBJECT
IDENTIFIER
ContentInfo ::
=
SEQUENCE
{
contentType ContentType,
content[
0
] EXPLICIT
ANY
OPTIONAL
}
ExtendedCertificatesAndCertificates ::
=
SET
OF ExtendedCertificateOrCertificate
ExtendedCertificateOrCertificate ::
=
ANY
CertificateRevocationLists ::
=
SET
{
dummy INTEGER
}
SignerInfos ::
=
SET
OF SignerInfo
SignerInfo ::
=
SEQUENCE
{
version VersionPKCS7,
signerIdentifier SignerIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes[
0
] IMPLICIT Attributes OPTIONAL,
digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
encryptedDigest EncryptedDigest,
unauthenticatedAttributes[
1
] IMPLICIT Attributes OPTIONAL
}
SignerIdentifier ::
=
CHOICE
{
subjectKeyIdentifier[
2
] IMPLICIT SubjectKeyIdentifier
}
SubjectKeyIdentifier ::
=
OCTET STRING
Attributes ::
=
SET
OF Attribute7
Attribute7 ::
=
SEQUENCE
{
type
OBJECT
IDENTIFIER,
values Values,
valuesWithContext ValuesWithContext OPTIONAL
}
Values ::
=
SET
OF
ANY
ValuesWithContext ::
=
SET
OF
ANY
DigestEncryptionAlgorithmIdentifier ::
=
SEQUENCE OF
OBJECT
IDENTIFIER
EncryptedDigest ::
=
OCTET STRING
Wibu
-
File
-
Enveloped ::
=
SEQUENCE
{
contentType ContentType,
content[
0
] EXPLICIT EnvelopedData
}
EnvelopedData ::
=
SEQUENCE
{
version VersionPKCS7,
recipientInfos RecipientInfos,
encryptedContentInfo EncryptedContentInfo
}
RecipientInfos ::
=
SET
OF RecipientInfo
RecipientInfo ::
=
SEQUENCE
{
version VersionPKCS7,
signerIdentifier SignerIdentifier,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey
}
KeyEncryptionAlgorithmIdentifier ::
=
SEQUENCE OF
OBJECT
IDENTIFIER
EncryptedKey ::
=
OCTET STRING
EncryptedContentInfo ::
=
SEQUENCE
{
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent[
0
] IMPLICIT EncryptedContent OPTIONAL
}
ContentEncryptionAlgorithmIdentifier ::
=
SEQUENCE OF
OBJECT
IDENTIFIER
EncryptedContent ::
=
OCTET STRING
END
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
>>>
import
asn1tools
>>>
import
datetime
>>>
def
write_line(fd, level, line):
>>>
if
(line !
=
""):
>>>
if
(fd
=
=
None
):
>>>
print
(
" "
*
level
+
line, end
=
"")
>>>
pass
>>>
else
:
>>> fd.write(
" "
*
level
+
line)
>>>
>>>
def
print_asn1_data(data, fd
=
None
, level
=
0
):
>>>
if
(
type
(data)
=
=
tuple
):
>>> key
=
data[
0
]
>>> val
=
data[
1
]
>>>
>>>
if
(
type
(key)
=
=
bytes
or
type
(key)
=
=
bytearray):
>>> print_asn1_data(key, fd, level
+
2
)
>>>
else
:
>>>
if
(
type
(val)
=
=
dict
or
(
type
(val)
=
=
tuple
and
type
(val[
0
])
=
=
str
)
or
type
(val)
=
=
list
):
>>> write_line(fd, level,
"<%s>\n"
%
key)
>>>
else
:
>>> write_line(fd, level,
"<%s> "
%
key)
>>> print_asn1_data(val, fd, level
+
2
)
>>>
if
(
type
(val)
=
=
dict
or
(
type
(val)
=
=
tuple
and
type
(val[
0
])
=
=
str
)
or
type
(val)
=
=
list
):
>>> write_line(fd, level,
"</%s>\n"
%
key)
>>>
else
:
>>> write_line(fd,
0
,
" </%s>\n"
%
key)
>>>
elif
(
type
(data)
=
=
dict
):
>>>
for
key, val
in
data.items():
>>>
if
(
type
(val)
=
=
dict
or
(
type
(val)
=
=
tuple
and
type
(val[
0
])
=
=
str
)
or
type
(val)
=
=
list
):
>>> write_line(fd, level,
"<%s>\n"
%
key)
>>>
else
:
>>> write_line(fd, level,
"<%s> "
%
key)
>>> print_asn1_data(val, fd, level
+
2
)
>>>
if
(
type
(val)
=
=
dict
or
(
type
(val)
=
=
tuple
and
type
(val[
0
])
=
=
str
)
or
type
(val)
=
=
list
):
>>> write_line(fd, level,
"</%s>\n"
%
key)
>>>
else
:
>>> write_line(fd,
0
,
" </%s>\n"
%
key)
>>>
elif
(
type
(data)
=
=
list
):
>>> cnt
=
0
>>>
for
val
in
data:
>>>
if
(
type
(val)
=
=
dict
or
(
type
(val)
=
=
tuple
and
type
(val[
0
])
=
=
str
)
or
type
(val)
=
=
list
):
>>> write_line(fd, level,
"<%d>\n"
%
cnt)
>>>
else
:
>>> write_line(fd, level,
"<%d> "
%
cnt)
>>> print_asn1_data(val, fd, level
+
2
)
>>>
if
(
type
(val)
=
=
dict
or
(
type
(val)
=
=
tuple
and
type
(val[
0
])
=
=
str
)
or
type
(val)
=
=
list
):
>>> write_line(fd, level,
"</%d>\n"
%
cnt)
>>>
else
:
>>> write_line(fd,
0
,
" </%d>\n"
%
cnt)
>>> cnt
+
=
1
>>>
elif
(
type
(data)
=
=
str
):
>>> write_line(fd,
0
,
"%s"
%
data)
>>>
elif
(
type
(data)
=
=
int
):
>>> write_line(fd,
0
,
"%d"
%
data)
>>>
elif
(
type
(data)
=
=
bytearray
or
type
(data)
=
=
bytes):
>>> output
=
""
>>>
for
b
in
data:
>>> output
+
=
"%02X "
%
b
>>> output
=
output.strip()
>>> write_line(fd,
0
, output)
>>>
elif
(
type
(data)
=
=
bool
):
>>> write_line(fd,
0
,
"%s"
%
data)
>>>
elif
(
type
(data)
=
=
datetime.datetime):
>>> write_line(fd,
0
,
"%s"
%
data)
>>>
elif
(data
=
=
None
):
>>> write_line(fd,
0
,
"NULL"
)
>>>
else
:
>>>
raise
(Exception(
"type: %s"
%
type
(data)))
>>> asn1_data
=
bytes.fromhex(
"a08204b006092a864886f70d010702a08204a13082049d020101310d300b06096086480165030402013081db060a2b0601040182db450201a081ccff816481c7ff812137df813508636d626f7870676dff812512df4e020001df54020001df20050000000000ff7a12df4e020001df54020001df20050000000000ff6412df81320500272adc71df8133050027048f5fff7d3ade3054006500720072006100200043006f006e007400610069006e00650072002000760032002e0033002e0031002e003400df720500005b9126ff810828df81140432303031df7f050000000000ff810014ff810410c101ffc101ffc101ffc10100c2020001ff81050adf815b0100df815c0100a08203323082017b30820128a0030201020204b2d05e01300a06082a8648ce3d040302302631153013060355040a0c0c574942552d53595354454d53310d300b06035504030c04526f6f74301e170d3135303130313030303030305a170d3335313233313233353935395a303131153013060355040a0c0c574942552d53595354454d533118301606035504030c0f576962752d50726f64756374696f6e304e301006072a8648ce3d020106052b81040021033a00043237dd50e5a0a5a938e288473613123926b1c2fb115277be218845bda6e014ecf1d199058f77057880ed3cc583f9ef09b9e480d78e30f24a81150078a4685955f6773249e8576c2a5d48fbbbeac6e2821500c68c60c4c5152682205b1f4055a3f82db9a60887a316301430120603551d130101ff040830060101ff020101300a06082a8648ce3d040302034100303e021d00e15df535015975891e7f1ac8f0b17e077cc10e67452746675ae05226021d00b6e5a1abca94d5b8feabc794941007839261f779b4dff4b34b7bc774308201af3082015ea0030201020204b2d064b3300a06082a8648ce3d040302303131153013060355040a0c0c574942552d53595354454d533118301606035504030c0f576962752d50726f64756374696f6e301e170d3135303130313030303030305a170d3335313233313233353935395a30203110300e060355040a0c0736303030393334310c300a06035504030c034c504b304e301006072a8648ce3d020106052b81040021033a00045054299d03a73f13eb24353dbe91e9a68033c3015752813daa0b6b50eb5759440792e97b0a39a29a7338d2b783957b852600c4db373568c9811500c68c60c4c5152682205b1f4055a3f82db9a608878215000bebffd7689a1c9b087a605e4632dba396264292a3523050300f0603551d130101ff04053003010100300f0603551d0f0101ff04050303000f00302c060a2b0601040182db4503010101ff041bff7618df72035b9126ff780fdf815d01ffdf815e01ffdf815f01ff300a06082a8648ce3d040302033f00303c021c34ea5bebadf0701722a15bd0e1d0b07a16162bcccfe4302ff8d7142b021c0911ebf5074936aab9d76b626f7b49359e1eea60c02e5ba2dfd787af3175307302010182140bebffd7689a1c9b087a605e4632dba396264292300b0609608648016503040201300a06082a8648ce3d040302043f303d021c491d0676d5bed1e838774be564a77cdf9b50eb1e6327c53c139a8673021d00e43d0ef8fccd80fdd1573c187095d68c9ebf856da0d7ec0dd99a5443"
)
>>> asn1_def
=
asn1tools.compile_files([
"asn1/Wibu-File.asn1"
,
"asn1/LIF-Content.asn1"
,
"asn1/Certificate.asn1"
,
"asn1/SignerSignature.asn1"
],
"der"
)
>>>
>>> asn_wibu_f_res
=
asn1_def.decode(
"Wibu-File"
, asn1_data)
>>> print_asn1_data(asn_wibu_f_res)
<signed>
<contentType>
1.2
.
840.113549
.
1.7
.
2
<
/
contentType>
<content>
<version>
1
<
/
version>
<digestAlgorithms>
<
0
>
<
0
>
2.16
.
840.1
.
101.3
.
4.2
.
1
<
/
0
>
<
/
0
>
<
/
digestAlgorithms>
<contentInfo>
<contentType>
1.3
.
6.1
.
4.1
.
44485.2
.
1
<
/
contentType>
<content> FF
81
64
81
C7 FF
81
21
37
DF
81
35
08
63
6D
62
6F
78
70
67
6D
FF
81
25
12
DF
4E
02
00
01
DF
54
02
00
01
DF
20
05
00
00
00
00
00
FF
7A
12
DF
4E
02
00
01
DF
54
02
00
01
DF
20
05
00
00
00
00
00
FF
64
12
DF
81
32
05
00
27
2A
DC
71
DF
81
33
05
00
27
04
8F
5F
FF
7D
3A
DE
30
54
00
65
00
72
00
72
00
61
00
20
00
43
00
6F
00
6E
00
74
00
61
00
69
00
6E
00
65
00
72
00
20
00
76
00
32
00
2E
00
33
00
2E
00
31
00
2E
00
34
00
DF
72
05
00
00
5B
91
26
FF
81
08
28
DF
81
14
04
32
30
30
31
DF
7F
05
00
00
00
00
00
FF
81
00
14
FF
81
04
10
C1
01
FF C1
01
FF C1
01
FF C1
01
00
C2
02
00
01
FF
81
05
0A
DF
81
5B
01
00
DF
81
5C
01
00
<
/
content>
<
/
contentInfo>
<certificates>
<
0
>
30
82
01
7B
30
82
01
28
A0
03
02
01
02
02
04
B2 D0
5E
01
30
0A
06
08
2A
86
48
CE
3D
04
03
02
30
26
31
15
30
13
06
03
55
04
0A
0C
0C
57
49
42
55
2D
53
59
53
54
45
4D
53
31
0D
30
0B
06
03
55
04
03
0C
04
52
6F
6F
74
30
1E
17
0D
31
35
30
31
30
31
30
30
30
30
30
30
5A
17
0D
33
35
31
32
33
31
32
33
35
39
35
39
5A
30
31
31
15
30
13
06
03
55
04
0A
0C
0C
57
49
42
55
2D
53
59
53
54
45
4D
53
31
18
30
16
06
03
55
04
03
0C
0F
57
69
62
75
2D
50
72
6F
64
75
63
74
69
6F
6E
30
4E
30
10
06
07
2A
86
48
CE
3D
02
01
06
05
2B
81
04
00
21
03
3A
00
04
32
37
DD
50
E5 A0 A5 A9
38
E2
88
47
36
13
12
39
26
B1 C2 FB
11
52
77
BE
21
88
45
BD A6 E0
14
EC F1 D1
99
05
8F
77
05
78
80
ED
3C
C5
83
F9 EF
09
B9 E4
80
D7
8E
30
F2
4A
81
15
00
78
A4
68
59
55
F6
77
32
49
E8
57
6C
2A
5D
48
FB BB EA C6 E2
82
15
00
C6
8C
60
C4 C5
15
26
82
20
5B
1F
40
55
A3 F8
2D
B9 A6
08
87
A3
16
30
14
30
12
06
03
55
1D
13
01
01
FF
04
08
30
06
01
01
FF
02
01
01
30
0A
06
08
2A
86
48
CE
3D
04
03
02
03
41
00
30
3E
02
1D
00
E1
5D
F5
35
01
59
75
89
1E
7F
1A
C8 F0 B1
7E
07
7C
C1
0E
67
45
27
46
67
5A
E0
52
26
02
1D
00
B6 E5 A1 AB CA
94
D5 B8 FE AB C7
94
94
10
07
83
92
61
F7
79
B4 DF F4 B3
4B
7B
C7
74
<
/
0
>
<
1
>
30
82
01
AF
30
82
01
5E
A0
03
02
01
02
02
04
B2 D0
64
B3
30
0A
06
08
2A
86
48
CE
3D
04
03
02
30
31
31
15
30
13
06
03
55
04
0A
0C
0C
57
49
42
55
2D
53
59
53
54
45
4D
53
31
18
30
16
06
03
55
04
03
0C
0F
57
69
62
75
2D
50
72
6F
64
75
63
74
69
6F
6E
30
1E
17
0D
31
35
30
31
30
31
30
30
30
30
30
30
5A
17
0D
33
35
31
32
33
31
32
33
35
39
35
39
5A
30
20
31
10
30
0E
06
03
55
04
0A
0C
07
36
30
30
30
39
33
34
31
0C
30
0A
06
03
55
04
03
0C
03
4C
50
4B
30
4E
30
10
06
07
2A
86
48
CE
3D
02
01
06
05
2B
81
04
00
21
03
3A
00
04
50
54
29
9D
03
A7
3F
13
EB
24
35
3D
BE
91
E9 A6
80
33
C3
01
57
52
81
3D
AA
0B
6B
50
EB
57
59
44
07
92
E9
7B
0A
39
A2
9A
73
38
D2 B7
83
95
7B
85
26
00
C4 DB
37
35
68
C9
81
15
00
C6
8C
60
C4 C5
15
26
82
20
5B
1F
40
55
A3 F8
2D
B9 A6
08
87
82
15
00
0B
EB FF D7
68
9A
1C
9B
08
7A
60
5E
46
32
DB A3
96
26
42
92
A3
52
30
50
30
0F
06
03
55
1D
13
01
01
FF
04
05
30
03
01
01
00
30
0F
06
03
55
1D
0F
01
01
FF
04
05
03
03
00
0F
00
30
2C
06
0A
2B
06
01
04
01
82
DB
45
03
01
01
01
FF
04
1B
FF
76
18
DF
72
03
5B
91
26
FF
78
0F
DF
81
5D
01
FF DF
81
5E
01
FF DF
81
5F
01
FF
30
0A
06
08
2A
86
48
CE
3D
04
03
02
03
3F
00
30
3C
02
1C
34
EA
5B
EB AD F0
70
17
22
A1
5B
D0 E1 D0 B0
7A
16
16
2B
CC CF E4
30
2F
F8 D7
14
2B
02
1C
09
11
EB F5
07
49
36
AA B9 D7
6B
62
6F
7B
49
35
9E
1E
EA
60
C0
2E
5B
A2 DF D7
87
AF <
/
1
>
<
/
certificates>
<signerInfos>
<
0
>
<version>
1
<
/
version>
<signerIdentifier>
<subjectKeyIdentifier>
0B
EB FF D7
68
9A
1C
9B
08
7A
60
5E
46
32
DB A3
96
26
42
92
<
/
subjectKeyIdentifier>
<
/
signerIdentifier>
<digestAlgorithm>
<
0
>
2.16
.
840.1
.
101.3
.
4.2
.
1
<
/
0
>
<
/
digestAlgorithm>
<digestEncryptionAlgorithm>
<
0
>
1.2
.
840.10045
.
4.3
.
2
<
/
0
>
<
/
digestEncryptionAlgorithm>
<encryptedDigest>
30
3D
02
1C
49
1D
06
76
D5 BE D1 E8
38
77
4B
E5
64
A7
7C
DF
9B
50
EB
1E
63
27
C5
3C
13
9A
86
73
02
1D
00
E4
3D
0E
F8 FC CD
80
FD D1
57
3C
18
70
95
D6
8C
9E
BF
85
6D
A0 D7 EC
0D
D9
9A
54
43
<
/
encryptedDigest>
<
/
0
>
<
/
signerInfos>
<
/
content>
<
/
signed>
signed结构中的content虽然是ANY类型,但可以通过contentType来判断content的类型。而oid1.3.6.1.4.1.44485.2.1正是指content需要使用LIF-Content进行编解码。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
-
-
LIF
-
Content.asn1
LIF
-
CONTENT DEFINITIONS ::
=
BEGIN
LIF
-
Content ::
=
[PRIVATE
228
] IMPLICIT SEQUENCE
{
sw
-
specs[PRIVATE
161
] IMPLICIT Software
-
Specs,
clocks[PRIVATE
100
] IMPLICIT Clocks,
license
-
description[PRIVATE
125
] IMPLICIT License
-
Description,
binding[PRIVATE
136
] IMPLICIT Binding
-
Scheme,
cmact
-
options[PRIVATE
133
] IMPLICIT CmAct
-
Options,
mask[PRIVATE
142
] IMPLICIT Mask OPTIONAL
}
Software
-
Specs ::
=
[PRIVATE
161
] IMPLICIT SEQUENCE
{
creator
-
name[PRIVATE
181
] IMPLICIT UTF8String,
creator
-
version[PRIVATE
165
] IMPLICIT
Format
-
Version,
required
-
version[PRIVATE
122
] IMPLICIT
Format
-
Version
}
Format
-
Version ::
=
[PRIVATE
122
] IMPLICIT SEQUENCE
{
sfl[PRIVATE
78
] IMPLICIT UInt8,
sfh[PRIVATE
84
] IMPLICIT UInt8,
feature
-
flags[PRIVATE
32
] IMPLICIT UInt32
}
UInt8 ::
=
[PRIVATE
31
] IMPLICIT INTEGER
UInt32 ::
=
[PRIVATE
34
] IMPLICIT INTEGER
Clocks ::
=
[PRIVATE
100
] IMPLICIT SEQUENCE
{
box
-
time[PRIVATE
178
] IMPLICIT Seconds
-
Since
-
2000
,
certified
-
time[PRIVATE
179
] IMPLICIT Seconds
-
Since
-
2000
}
Seconds
-
Since
-
2000
::
=
[PRIVATE
180
] IMPLICIT INTEGER
License
-
Description ::
=
[PRIVATE
125
] IMPLICIT SEQUENCE
{
license
-
description[PRIVATE
30
] IMPLICIT OCTET STRING,
-
-
BMPString, it does't work well
in
asn1tools, beacase asn1tools only support utf
-
8
, but here
is
utf
-
16
firm
-
code[PRIVATE
114
] IMPLICIT Firm
-
Code
}
Firm
-
Code ::
=
[PRIVATE
114
] IMPLICIT INTEGER
Binding
-
Scheme ::
=
[PRIVATE
136
] IMPLICIT SEQUENCE
{
cmact
-
id
[PRIVATE
148
] IMPLICIT CmAct
-
ID
,
telephone
-
id
[PRIVATE
127
] IMPLICIT Telephone
-
ID
,
binding
-
method[PRIVATE
128
] EXPLICIT Binding
-
Method
}
CmAct
-
ID
::
=
[PRIVATE
148
] IMPLICIT IA5String
Telephone
-
ID
::
=
[PRIVATE
127
] IMPLICIT INTEGER
Binding
-
Method ::
=
CHOICE
{
smartbind[PRIVATE
129
] IMPLICIT SmartBind
-
Parameters,
custom
-
binding[PRIVATE
131
] IMPLICIT CustomBinding
-
Parameters,
dcbn
-
classic[PRIVATE
132
] IMPLICIT DCBN
-
Parameters,
nonebind[PRIVATE
231
] IMPLICIT NULL,
cm
-
server
-
ip[PRIVATE
232
] IMPLICIT NULL,
serial
-
number[PRIVATE
233
] IMPLICIT NULL,
random[PRIVATE
234
] IMPLICIT NULL
}
SmartBind
-
Parameters ::
=
[PRIVATE
129
] IMPLICIT SEQUENCE
{
heuristic[PRIVATE
31
] IMPLICIT UInt8,
redundancy
-
level[PRIVATE
130
] IMPLICIT Redundancy
-
Level
}
Redundancy
-
Level ::
=
[PRIVATE
130
] IMPLICIT INTEGER
CustomBinding
-
Parameters ::
=
[PRIVATE
131
] IMPLICIT IA5String
DCBN
-
Parameters ::
=
[PRIVATE
132
] IMPLICIT SEQUENCE
{
disk[PRIVATE
1
] IMPLICIT BOOLEAN,
cpu
-
type
[PRIVATE
1
] IMPLICIT BOOLEAN,
board[PRIVATE
1
] IMPLICIT BOOLEAN,
network[PRIVATE
1
] IMPLICIT BOOLEAN,
tolerance[PRIVATE
2
] IMPLICIT UInt8 OPTIONAL
}
CmAct
-
Options ::
=
[PRIVATE
133
] IMPLICIT SEQUENCE
{
allow
-
vm[PRIVATE
219
] IMPLICIT BOOLEAN,
allow
-
reimport[PRIVATE
220
] IMPLICIT BOOLEAN
}
Mask ::
=
[PRIVATE
142
] IMPLICIT INTEGER
END
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
-
-
Certificate.asn1
CERTIFICATE DEFINITIONS ::
=
BEGIN
Certificate ::
=
SEQUENCE
{
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
TBSCertificate ::
=
SEQUENCE
{
version[
0
] EXPLICIT Version OPTIONAL,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID[
1
] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID[
2
] IMPLICIT UniqueIdentifier OPTIONAL,
extensions[
3
] EXPLICIT Extensions OPTIONAL
}
Version ::
=
INTEGER
CertificateSerialNumber ::
=
INTEGER
AlgorithmIdentifier ::
=
SEQUENCE
{
algorithm
OBJECT
IDENTIFIER,
parameters
ANY
OPTIONAL
}
Name ::
=
CHOICE
{
rdnSequence RDNSequence
}
RDNSequence ::
=
SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::
=
SET
OF AttributeTypeAndValue
AttributeTypeAndValue ::
=
SEQUENCE
{
type
AttributeType,
value AttributeValue
}
AttributeType ::
=
OBJECT
IDENTIFIER
AttributeValue ::
=
UTF8String
Validity ::
=
SEQUENCE
{
notBefore Time,
notAfter Time
}
Time ::
=
CHOICE
{
utcTime UTCTime,
generalTime GeneralizedTime
}
SubjectPublicKeyInfo ::
=
SEQUENCE
{
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
UniqueIdentifier ::
=
BIT STRING
Extensions ::
=
SEQUENCE OF Extension
Extension ::
=
SEQUENCE
{
extnID
OBJECT
IDENTIFIER,
critical BOOLEAN OPTIONAL,
extnValue OCTET STRING
}
END
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
>>> cert1
=
bytes.fromhex(
"3082017B30820128A0030201020204B2D05E01300A06082A8648CE3D040302302631153013060355040A0C0C574942552D53595354454D53310D300B06035504030C04526F6F74301E170D3135303130313030303030305A170D3335313233313233353935395A303131153013060355040A0C0C574942552D53595354454D533118301606035504030C0F576962752D50726F64756374696F6E304E301006072A8648CE3D020106052B81040021033A00043237DD50E5A0A5A938E288473613123926B1C2FB115277BE218845BDA6E014ECF1D199058F77057880ED3CC583F9EF09B9E480D78E30F24A81150078A4685955F6773249E8576C2A5D48FBBBEAC6E2821500C68C60C4C5152682205B1F4055A3F82DB9A60887A316301430120603551D130101FF040830060101FF020101300A06082A8648CE3D040302034100303E021D00E15DF535015975891E7F1AC8F0B17E077CC10E67452746675AE05226021D00B6E5A1ABCA94D5B8FEABC794941007839261F779B4DFF4B34B7BC774"
)
>>> cert2
=
bytes.fromhex(
"308201AF3082015EA0030201020204B2D064B3300A06082A8648CE3D040302303131153013060355040A0C0C574942552D53595354454D533118301606035504030C0F576962752D50726F64756374696F6E301E170D3135303130313030303030305A170D3335313233313233353935395A30203110300E060355040A0C0736303030393334310C300A06035504030C034C504B304E301006072A8648CE3D020106052B81040021033A00045054299D03A73F13EB24353DBE91E9A68033C3015752813DAA0B6B50EB5759440792E97B0A39A29A7338D2B783957B852600C4DB373568C9811500C68C60C4C5152682205B1F4055A3F82DB9A608878215000BEBFFD7689A1C9B087A605E4632DBA396264292A3523050300F0603551D130101FF04053003010100300F0603551D0F0101FF04050303000F00302C060A2B0601040182DB4503010101FF041BFF7618DF72035B9126FF780FDF815D01FFDF815E01FFDF815F01FF300A06082A8648CE3D040302033F00303C021C34EA5BEBADF0701722A15BD0E1D0B07A16162BCCCFE4302FF8D7142B021C0911EBF5074936AAB9D76B626F7B49359E1EEA60C02E5BA2DFD787AF"
)
>>> asn_cert1_res
=
asn1_def.decode(
"Certificate"
, cert1)
>>> asn_cert2_res
=
asn1_def.decode(
"Certificate"
, cert2)
>>> print_asn1_data(asn_cert1_res)
<tbsCertificate>
<version>
2
<
/
version>
<serialNumber>
-
1294967295
<
/
serialNumber>
<signature>
<algorithm>
1.2
.
840.10045
.
4.3
.
2
<
/
algorithm>
<
/
signature>
<issuer>
<rdnSequence>
<
0
>
<
0
>
<
type
>
2.5
.
4.10
<
/
type
>
<value> WIBU
-
SYSTEMS <
/
value>
<
/
0
>
<
/
0
>
<
1
>
<
0
>
<
type
>
2.5
.
4.3
<
/
type
>
<value> Root <
/
value>
<
/
0
>
<
/
1
>
<
/
rdnSequence>
<
/
issuer>
<validity>
<notBefore>
<utcTime>
2015
-
01
-
01
00
:
00
:
00
<
/
utcTime>
<
/
notBefore>
<notAfter>
<utcTime>
2035
-
12
-
31
23
:
59
:
59
<
/
utcTime>
<
/
notAfter>
<
/
validity>
<subject>
<rdnSequence>
<
0
>
<
0
>
<
type
>
2.5
.
4.10
<
/
type
>
<value> WIBU
-
SYSTEMS <
/
value>
<
/
0
>
<
/
0
>
<
1
>
<
0
>
<
type
>
2.5
.
4.3
<
/
type
>
<value> Wibu
-
Production <
/
value>
<
/
0
>
<
/
1
>
<
/
rdnSequence>
<
/
subject>
<subjectPublicKeyInfo>
<algorithm>
<algorithm>
1.2
.
840.10045
.
2.1
<
/
algorithm>
<parameters>
06
05
2B
81
04
00
21
<
/
parameters>
<
/
algorithm>
<subjectPublicKey>
04
32
37
DD
50
E5 A0 A5 A9
38
E2
88
47
36
13
12
39
26
B1 C2 FB
11
52
77
BE
21
88
45
BD A6 E0
14
EC F1 D1
99
05
8F
77
05
78
80
ED
3C
C5
83
F9 EF
09
B9 E4
80
D7
8E
30
F2
4A
<
/
subjectPublicKey>
<
/
subjectPublicKeyInfo>
<issuerUniqueID>
78
A4
68
59
55
F6
77
32
49
E8
57
6C
2A
5D
48
FB BB EA C6 E2 <
/
issuerUniqueID>
<subjectUniqueID> C6
8C
60
C4 C5
15
26
82
20
5B
1F
40
55
A3 F8
2D
B9 A6
08
87
<
/
subjectUniqueID>
<extensions>
<
0
>
<extnID>
2.5
.
29.19
<
/
extnID>
<critical>
True
<
/
critical>
<extnValue>
30
06
01
01
FF
02
01
01
<
/
extnValue>
<
/
0
>
<
/
extensions>
<
/
tbsCertificate>
<signatureAlgorithm>
<algorithm>
1.2
.
840.10045
.
4.3
.
2
<
/
algorithm>
<
/
signatureAlgorithm>
<signature>
30
3E
02
1D
00
E1
5D
F5
35
01
59
75
89
1E
7F
1A
C8 F0 B1
7E
07
7C
C1
0E
67
45
27
46
67
5A
E0
52
26
02
1D
00
B6 E5 A1 AB CA
94
D5 B8 FE AB C7
94
94
10
07
83
92
61
F7
79
B4 DF F4 B3
4B
7B
C7
74
<
/
signature>
>>> print_asn1_data(asn_cert2_res)
<tbsCertificate>
<version>
2
<
/
version>
<serialNumber>
-
1294965581
<
/
serialNumber>
<signature>
<algorithm>
1.2
.
840.10045
.
4.3
.
2
<
/
algorithm>
<
/
signature>
<issuer>
<rdnSequence>
<
0
>
<
0
>
<
type
>
2.5
.
4.10
<
/
type
>
<value> WIBU
-
SYSTEMS <
/
value>
<
/
0
>
<
/
0
>
<
1
>
<
0
>
<
type
>
2.5
.
4.3
<
/
type
>
<value> Wibu
-
Production <
/
value>
<
/
0
>
<
/
1
>
<
/
rdnSequence>
<
/
issuer>
<validity>
<notBefore>
<utcTime>
2015
-
01
-
01
00
:
00
:
00
<
/
utcTime>
<
/
notBefore>
<notAfter>
<utcTime>
2035
-
12
-
31
23
:
59
:
59
<
/
utcTime>
<
/
notAfter>
<
/
validity>
<subject>
<rdnSequence>
<
0
>
<
0
>
<
type
>
2.5
.
4.10
<
/
type
>
<value>
6000934
<
/
value>
<
/
0
>
<
/
0
>
<
1
>
<
0
>
<
type
>
2.5
.
4.3
<
/
type
>
<value> LPK <
/
value>
<
/
0
>
<
/
1
>
<
/
rdnSequence>
<
/
subject>
<subjectPublicKeyInfo>
<algorithm>
<algorithm>
1.2
.
840.10045
.
2.1
<
/
algorithm>
<parameters>
06
05
2B
81
04
00
21
<
/
parameters>
<
/
algorithm>
<subjectPublicKey>
04
50
54
29
9D
03
A7
3F
13
EB
24
35
3D
BE
91
E9 A6
80
33
C3
01
57
52
81
3D
AA
0B
6B
50
EB
57
59
44
07
92
E9
7B
0A
39
A2
9A
73
38
D2 B7
83
95
7B
85
26
00
C4 DB
37
35
68
C9 <
/
subjectPublicKey>
<
/
subjectPublicKeyInfo>
<issuerUniqueID> C6
8C
60
C4 C5
15
26
82
20
5B
1F
40
55
A3 F8
2D
B9 A6
08
87
<
/
issuerUniqueID>
<subjectUniqueID>
0B
EB FF D7
68
9A
1C
9B
08
7A
60
5E
46
32
DB A3
96
26
42
92
<
/
subjectUniqueID>
<extensions>
<
0
>
<extnID>
2.5
.
29.19
<
/
extnID>
<critical>
True
<
/
critical>
<extnValue>
30
03
01
01
00
<
/
extnValue>
<
/
0
>
<
1
>
<extnID>
2.5
.
29.15
<
/
extnID>
<critical>
True
<
/
critical>
<extnValue>
03
03
00
0F
00
<
/
extnValue>
<
/
1
>
<
2
>
<extnID>
1.3
.
6.1
.
4.1
.
44485.3
.
1
<
/
extnID>
<critical>
True
<
/
critical>
<extnValue> FF
76
18
DF
72
03
5B
91
26
FF
78
0F
DF
81
5D
01
FF DF
81
5E
01
FF DF
81
5F
01
FF <
/
extnValue>
<
/
2
>
<
/
extensions>
<
/
tbsCertificate>
<signatureAlgorithm>
<algorithm>
1.2
.
840.10045
.
4.3
.
2
<
/
algorithm>
<
/
signatureAlgorithm>
<signature>
30
3C
02
1C
34
EA
5B
EB AD F0
70
17
22
A1
5B
D0 E1 D0 B0
7A
16
16
2B
CC CF E4
30
2F
F8 D7
14
2B
02
1C
09
11
EB F5
07
49
36
AA B9 D7
6B
62
6F
7B
49
35
9E
1E
EA
60
C0
2E
5B
A2 DF D7
87
AF <
/
signature>
使用cert2对content进行验签,其中公钥由证书中的subjectPublicKey提供,rs值由LIF文件的encryptedDigest提供,h由LIF文件的content的哈希提供,椭圆算法参数由为1.3.132.0.33,点击此处可进行椭圆算法参数查询。
如果想要修改LIF中的内容,就需要修改整条证书链上的所有证书,包括根证书。幸运的是,根证书同样存在于CodeMeterLin中,并且是以常量的形式的存在。所以,理论上讲,我们有机会完全控制软授权中的任何过程。