注册流程
LOG
Successfully registered device:
No vendor metadata present!
No device metadata present!
Device transports: USB
Registration Request javascript demo
var request = {"appId":"https://localhost:8443","registeredKeys":[],"registerRequests":[{"version":"U2F_V2","challenge":"nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc","appId":"https://localhost:8443"}]};
setTimeout(function() {
u2f.register(
request.appId,
request.registerRequests,
request.registeredKeys,
function(data) {
var form = document.getElementById('form');
var reg = document.getElementById('tokenResponse');
if(data.errorCode) {
switch (data.errorCode) {
case 4:
alert("This device is already registered.");
break;
default:
alert("U2F failed with error: " + data.errorCode);
}
} else {
reg.value=JSON.stringify(data);
form.submit();
}
}
);
}, 1000);
Registration Response
{"registrationData":"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV","clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9"}
Registration data
DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3
SerialNumber: 33
IssuerDN: CN=Ledger FIDO Attestation CA 1
Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016
Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026
SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1
Public Key: EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
Signature Algorithm: SHA256WITHECDSA
Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e
3f6e3f72417c5968dba9407e60c46a140221008f
2aff7afeff55cf8fced7f579cfec9c87940aa544
2560c6e79f3da01aaa6a42
Extensions:
critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]
}
Navigation
Register
Login
注册验签流程
Base64 URL解码注册返回值Registration Response中的registrationData,得到
0504385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee98540eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e73082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a423045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315解析上面的值:
05 // reserved bytes
04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key
40 // key handle length
eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle
3082015d30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42 // attestation certificate,ledger设备内的证书
3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315 // signature组装要验签数据的原文:
00 // RFU
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter
// —–application parameter得到的过程———
// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E
// ———————————————
754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 // challenge parameter
// —–challenge parameter得到的过程———
// client data Base64Url解码后的字符串按照utf8编码进行sha256
// client data base64Url解码结果为:
// {“typ”:”navigator.id.finishEnrollment”,”challenge”:”nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc”,”origin”:”https://localhost:8443”,”cid_pubkey”:”unused”}
// 转为utf8编码的hex为:
// 7B22747970223A226E6176696761746F722E69642E66696E697368456E726F6C6C6D656E74222C226368616C6C656E6765223A226E48676C6E525F447676573038426F6A5132322D5261693032727454624E56655050775468684770726863222C226F726967696E223A2268747470733A2F2F6C6F63616C686F73743A38343433222C226369645F7075626B6579223A22756E75736564227D
// sha256的结果为: 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759
// ——————————————–
eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e7 // key handle
04385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key
组装后的结果:
00 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 754F2FD33DA3F7E0B89D8702AC28D1E89036A59818EACB005B073279260AA759 eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
结果做sha256:
4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B
将signature拆分为r和s
3045 0221 00933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d 0220 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
0221是长度,前面的00去掉
r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d
s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315使用ecc工具验签:
Qx= 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046 // 证书里面的公钥x
Qy= 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387 // 证书里面的公钥y
Hm= 4006D3FD69C519BAE1EF7C6F75ECA1036E87078F3BAC2A9F162B0C392716598B // 组装后的验签数据做sha256的结果
r= 933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d
s= 5f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。
用代码验证response结果是否正确
final String response = "{\"registrationData\":\"BQQ4UIiAZhalc13Bxhwu_DofZNrLSBsncFO5WxsW2zEO_Pr4nxu8ig3B6qCQSwPH10EWikYvi5fI4i5OJos3bumFQOrI8E1g6-q6hER5EB6u8Y7vIxJtYqyfeHVEIc06z57FOZp0q4B2imcsambi6DoqGTlW9uLq0KjwT-h2pG4A1ecwggFdMIIBA6ADAgECAgEhMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHExlZGdlciBGSURPIEF0dGVzdGF0aW9uIENBIDEwHhcNMTYwNzIxMTMzNjM3WhcNMjYwNzA5MTMzNjM3WjAwMS4wLAYDVQQDDCVMZWRnZXIgTmFuby1TIFUyRiBBdHRlc3RhdGlvbiBCYXRjaCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI8J_LIn2QsqirK_YkUx6ptPiwEs3El32mhaGcljsQEYwmAv4nEMs5onv7ARvWlz0YdAjNaCDhJh4YOH81wzTh6MXMBUwEwYLKwYBBAGC5RwCAQEEBAMCBSAwCgYIKoZIzj0EAwIDSAAwRQIgehonosveKXiCa-D9vUyoXj9uP3JBfFlo26lAfmDEahQCIQCPKv96_v9Vz4_O1_V5z-ych5QKpUQlYMbnnz2gGqpqQjBFAiEAkzvV7NJhADZ_ZZ9dvX-FlWGYIGuJiH9KlRYbmtTW1W0CIF9k8Znioi4ve_E56BEiYSCiY2T_-_XjwqaK7zOZadMV\",\"clientData\":\"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im5IZ2xuUl9EdnZXMDhCb2pRMjItUmFpMDJydFRiTlZlUFB3VGhoR3ByaGMiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9\"}";
final String appId = "https://localhost:8443";
final String challenge = "nHglnR_DvvW08BojQ22-Rai02rtTbNVePPwThhGprhc";
RegisterResponse registerResponse = RegisterResponse.fromJson(response);
final RegisterRequest registerRequest = new RegisterRequest(challenge, appId);
List<RegisterRequest> registerRequestList = new ArrayList<RegisterRequest>(1) {
{
add(registerRequest);
}
};
RegisterRequestData registerRequestData = new RegisterRequestData("https://localhost:8443", null, registerRequestList);
U2F u2f = new U2F();
DeviceRegistration registration = u2f.finishRegistration(registerRequestData, registerResponse);
System.out.println("-------registration------\n" + registration);
如果代码出现错误会报异常,需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"
代码输出:
---hash---
bytes=68747470733a2f2f6c6f63616c686f73743a38343433
---hash---
bytes=7b22747970223a226e6176696761746f722e69642e66696e697368456e726f6c6c6d656e74222c226368616c6c656e6765223a226e48676c6e525f447676573038426f6a5132322d5261693032727454624e56655050775468684770726863222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d
---checkSignature---
publicKey toString=EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
publicKey getFormat=X.509
signedBytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
---hash---
bytes=008d25ae631d8858ff58e46467e730b22e5bf728f96853c59383aaf3f1b5cb1b3e754f2fd33da3f7e0b89d8702ac28d1e89036a59818eacb005b073279260aa759eac8f04d60ebeaba844479101eaef18eef23126d62ac9f78754421cd3acf9ec5399a74ab80768a672c6a66e2e83a2a193956f6e2ead0a8f04fe876a46e00d5e704385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efcfaf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985
signedBytes sha256=4006d3fd69c519bae1ef7c6f75eca1036e87078f3bac2a9f162b0c392716598b
signature=3045022100933bd5ecd26100367f659f5dbd7f85956198206b89887f4a95161b9ad4d6d56d02205f64f199e2a22e2f7bf139e811226120a26364fffbf5e3c2a68aef339969d315
-------registration------
DeviceRegistration{Key handle=6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w, Public key=BDhQiIBmFqVzXcHGHC78Oh9k2stIGydwU7lbGxbbMQ78-vifG7yKDcHqoJBLA8fXQRaKRi-Ll8jiLk4mizdu6YU, Counter=-1, Attestation certificate= [0] Version: 3
SerialNumber: 33
IssuerDN: CN=Ledger FIDO Attestation CA 1
Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016
Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026
SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1
Public Key: EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
Signature Algorithm: SHA256WITHECDSA
Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e
3f6e3f72417c5968dba9407e60c46a140221008f
2aff7afeff55cf8fced7f579cfec9c87940aa544
2560c6e79f3da01aaa6a42
Extensions:
critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]
}
如何用代码解析证书内容并打印
X509Certificate certificate = CertificateParser.parseDer(ByteUtil.fromHex("3082015d 30820103a003020102020121300a06082a8648ce3d04030230273125302306035504030c1c4c6564676572204649444f204174746573746174696f6e2043412031301e170d3136303732313133333633375a170d3236303730393133333633375a3030312e302c06035504030c254c6564676572204e616e6f2d5320553246204174746573746174696f6e20426174636820313059301306072a8648ce3d020106082a8648ce3d0301070342000423c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec404630980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387a31730153013060b2b0601040182e51c020101040403020520300a06082a8648ce3d040302034800304502207a1a27a2cbde2978826be0fdbd4ca85e3f6e3f72417c5968dba9407e60c46a140221008f2aff7afeff55cf8fced7f579cfec9c87940aa5442560c6e79f3da01aaa6a42"));
System.out.println("parse cer----------\n" + certificate + "\n-----------");
需要依赖u2flib-server-core,gradle配置为: compile "com.yubico:u2flib-server-core:0.19.0"
输出为:
parse cer----------
[0] Version: 3
SerialNumber: 33
IssuerDN: CN=Ledger FIDO Attestation CA 1
Start Date: Thu Jul 21 21:36:37 GMT+08:00 2016
Final Date: Thu Jul 09 21:36:37 GMT+08:00 2026
SubjectDN: CN=Ledger Nano-S U2F Attestation Batch 1
Public Key: EC Public Key
X: 23c27f2c89f642caa2acafd8914c7aa6d3e2c04b37125df69a16867258ec4046
Y: 30980bf89c432ce689efec046f5a5cf461d02335a08384987860e1fcd70cd387
Signature Algorithm: SHA256withECDSA
Signature: 304502207a1a27a2cbde2978826be0fdbd4ca85e
3f6e3f72417c5968dba9407e60c46a140221008f
2aff7afeff55cf8fced7f579cfec9c87940aa544
2560c6e79f3da01aaa6a42
Extensions:
critical(false) 1.3.6.1.4.1.45724.2.1.1 value = DER Bit String[1, 5]
-----------
登录流程
LOG
Successfully authenticated!
Sign Request javascript demo
var request = {"appId":"https://localhost:8443","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","signRequests":[{"version":"U2F_V2","challenge":"rGl4xDEPQg5lVdtktr2nOygEh0dP9I9WsdBLW1hpjzI","appId":"https://localhost:8443","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}]};
setTimeout(function() {
if (request.signRequests.length > 0) {
u2f.sign(
request.appId,
request.challenge,
request.signRequests,
function(data) {
if(data.errorCode) {
switch (data.errorCode) {
case 4:
alert("This device is not registered for this account.");
break;
default:
alert("U2F failed with error code: " + data.errorCode);
}
return;
} else {
document.getElementById('tokenResponse').value = JSON.stringify(data);
document.getElementById('form').submit();
}
}
);
}
}, 1000);
Sign response
{"clientData":"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoickdsNHhERVBRZzVsVmR0a3RyMm5PeWdFaDBkUDlJOVdzZEJMVzFocGp6SSIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0Ojg0NDMiLCJjaWRfcHVia2V5IjoidW51c2VkIn0","signatureData":"AQAAABMwRQIhAKpHI3mf1iCP3gb_63CxVH3M3nOPiOg3CHyHS9xc8kRxAiB6YJ0jQfmSQn1AAo7HSIDGDQ0zhI5JVyUZyQV2qlfP7A","keyHandle":"6sjwTWDr6rqERHkQHq7xju8jEm1irJ94dUQhzTrPnsU5mnSrgHaKZyxqZuLoOioZOVb24urQqPBP6HakbgDV5w"}
Navigation
Register
Login
登录验签过程
- 将signatureData进行base64Url解码:
01000000133045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
解析:
01 // user presence
00000013 // counter
3045022100aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf2447102207a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec // signature
- 验签原数据组织:
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E // application parameter
// —–application parameter得到的过程———
// https://localhost:8443 (utf8 -> hex) 68747470733A2F2F6C6F63616C686F73743A38343433 (sha256) 8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E
// ———————————————
01 // user presence
00000013 // counter
54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388 // challenge parameter
// —–challenge parameter得到的过程———
// 将clientData进行base64Url解码为hex:
// 7b22747970223a226e6176696761746f722e69642e676574417373657274696f6e222c226368616c6c656e6765223a2272476c34784445505167356c5664746b7472326e4f79674568306450394939577364424c573168706a7a49222c226f726967696e223a2268747470733a2f2f6c6f63616c686f73743a38343433222c226369645f7075626b6579223a22756e75736564227d
// 将hex进行sha256:
// 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388
// ——————————————–
组装起来:
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E 01 00000013 54E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388
8D25AE631D8858FF58E46467E730B22E5BF728F96853C59383AAF3F1B5CB1B3E010000001354E97D96C213D1D31DE579D21248D9AC59E9A8E98DE371C4A97395D272C06388
进行sha256:
BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275
注册时的user public key信息
04 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985从signature中解析r和s
3045 0221 00aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471 0220 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
0221是长度,前面的00去掉
r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471
s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec使用ecc工具验签:
Qx= 385088806616a5735dc1c61c2efc3a1f64dacb481b277053b95b1b16db310efc // user public key x,这个数据从注册时的信息得来
Qy= faf89f1bbc8a0dc1eaa0904b03c7d741168a462f8b97c8e22e4e268b376ee985 // user public key y
Hm= BBC5EE15179D8D1F7A863D5AF9472B310F596FE22748445D309BF5058ABC7275 // 组装后的验签数据做sha256的结果
r= aa4723799fd6208fde06ffeb70b1547dccde738f88e837087c874bdc5cf24471
s= 7a609d2341f992427d40028ec74880c60d0d33848e49572519c90576aa57cfec
使用ECC Tool工具,曲线选择Secp256r1,进行验签,通过。
文档信息
- 本文作者:itlgl
- 本文链接:https://itlgl.com/note/2018/05/24/issues-18/
- 版权声明:自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)