verify ocsp manually

Gaardiolor gaardiolor at gmail.com
Tue Jul 20 22:04:44 UTC 2021 

Good day,

I don't fully understand ocsp certificate verification. In order to 
better understand it, I want to do it manually. I can already do that 
with certificates.

$ openssl s_client -connect openssl.org:443 -showcerts
# I save the server.crt and intermediate.crt

$ openssl verify -no-CApath -partial_chain -trusted intermediate.crt 
server.crt
server.crt: OK

Manually:
# Get the ASN id's of the TBS and Signature
$ asn=`openssl asn1parse -i -in server.crt |egrep -e '(^ .*: SEQUENCE|: 
BIT STRING)'`
$ asn_tbs=`echo "$asn" | head -1 | awk -F: '{print $1}' | sed 's/ //g'`
$ asn_sig=`echo "$asn" | tail -1 | awk -F: '{print $1}' | sed 's/ //g'`

# Get tbs
openssl asn1parse -in server.crt -strparse ${asn_tbs} -out server.tbs > 
/dev/null

# Hash tbs
$ cat server.tbs | openssl sha256 -binary > server.tbs.sha256

# Get signature (ignore 'header too long' error)
$ openssl asn1parse -in server.crt -strparse ${asn_sig} -out server.sig 
 > /dev/null

# Get public key of intermediate
$ openssl x509 -in intermediate.crt -noout -pubkey > intermediate.pub

# Recover (decrypt) the signature
$ openssl rsautl -inkey intermediate.pub -pubin -in server.sig -out 
server.sig.recovered

# Verify. Ignore the first line of server.sig.recovered, this is the 
hash algoritm designator
$ od -An -tx1 -w19 server.sig.recovered
  30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
  87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
  57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2
$ od -An -tx1 -w19 server.tbs.sha256
  87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
  57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2

Yay. Now how do I do that with OCSP ?

# Get OCSP
$ ocsp=`openssl x509 -noout -ocsp_uri -in server.crt`

# Verify
$ ocsp_response=`openssl ocsp -noverify -no_nonce -respout ocsp.resp 
-reqout ocsp.req -issuer intermediate.crt -cert server.crt -text -url $ocsp`
$ echo "$ocsp_response" | grep server.crt
server.crt: good

Manually:
# Get the signature. Can't find how to do this with asn1parse
$ for byte in `echo "$ocsp_response" | grep -A40 "    Signature 
Algorithm" | grep -B40 "server.crt" | egrep -ve '(Signature 
Algorithm|server.crt)' | sed -e 's/ //g' -e 's/:/ /g'`; do
     echo -ne "\x$byte"
   done > ocsp.resp.sig

# Recover (decrypt) the signature
$ openssl rsautl -inkey intermediate.pub -pubin -in ocsp.resp.sig -out 
ocsp.resp.sig.recovered

# Print the decrypted signature (looks good, first line is hash 
algorithm designator, length looks ok, no errors)
$ od -An -tx1 -w19 ocsp.resp.sig.recovered
  30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
  b4 83 f2 c3 4a 6c 1b 4e df 66 b4 d5 31 0b 58 c3 60 3c e9
  20 0f 4f b0 df 61 88 2f c0 e0 25 66 a8

But.. How to extract the tbs data from the response, so I can sha256 
that and compare ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210721/41f32446/attachment.html>

More information about the openssl-users mailing list