1This test data was produced by creating a self-signed RSA cert using OpenSSL, 2and then extracting the relevant fields. 3 4It uses RSA PKCS#1 v1.5 with SHA-512 and a 2048-bit key. 5 6(1) Generate self-signed certificate 7 8 openssl genrsa -out rsa_key.pem 2048 9 openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -sha512 -out cert.pem 10 11(2) Extract public key 12 13 openssl x509 -in cert.pem -pubkey -noout > pubkey.pem 14 cat pubkey.pem 15 16(3) Extract signed data (tbsCertificate) 17 18 openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 19 base64 tbs 20 21(4) Extract signature algorithm 22 23 # Find the offset of the signature algorithm near the end (589 in this case) 24 openssl asn1parse -in cert.pem 25 26 openssl asn1parse -in cert.pem -out alg -noout -strparse 589 27 base64 alg 28 29(5) Extract the signature 30 31 # Find the final offset of BIT STRING (506 in this case) 32 openssl asn1parse -in cert.pem 33 34 openssl asn1parse -in cert.pem -out sig -noout -strparse 506 35 base64 sig 36 37 38 39-----BEGIN PUBLIC KEY----- 40MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcu2shJRrXFAwMkf30y2AY1zIg9VF/h 41egYcejzdR2AzUb8vU2TXld2i8pp44l+DrvtqmzS7G+yxx3uOx+zsoqBaUT0c9HfkbE+IRmcLkQF 42vYpSpm6Eu8OS14CSmEtiR91Et8LR0+bd0Gn3pgmb+epFJBaBPeDSiI/smqKCs7yP04+tS4Q4r47 43G04LhSp4/hmqH32b4Gcm9nsihHV9FfPfVdxDQUEJp3AgyBPwhPZEAyhoQS73TjjxXHqJRSz37Sl 44ueMVPuNncqbT4nAMKz25J1CtRlQh21uZzfY2QRP3m6rAZquQUos1febC6A7qmhQljWKKmXtfVY+ 45fAamstdHrWwIDAQAB 46-----END PUBLIC KEY----- 47 48$ openssl asn1parse -i < [PUBLIC KEY] 49 0:d=0 hl=4 l= 290 cons: SEQUENCE 50 4:d=1 hl=2 l= 13 cons: SEQUENCE 51 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 52 17:d=2 hl=2 l= 0 prim: NULL 53 19:d=1 hl=4 l= 271 prim: BIT STRING 54 55 56 57-----BEGIN ALGORITHM----- 58MA0GCSqGSIb3DQEBDQUA 59-----END ALGORITHM----- 60 61$ openssl asn1parse -i < [ALGORITHM] 62 0:d=0 hl=2 l= 13 cons: SEQUENCE 63 2:d=1 hl=2 l= 9 prim: OBJECT :sha512WithRSAEncryption 64 13:d=1 hl=2 l= 0 prim: NULL 65 66 67 68-----BEGIN DATA----- 69MIICRaADAgECAgkA7jWRLkwHvHswDQYJKoZIhvcNAQENBQAwRTELMAkGA1UEBhMCQVUxEzARBgN 70VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNT 71A3MjgwMjIyMzFaFw0xNjA3MjcwMjIyMzFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lL 72VN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB 73AQUAA4IBDwAwggEKAoIBAQDNy7ayElGtcUDAyR/fTLYBjXMiD1UX+F6Bhx6PN1HYDNRvy9TZNeV 743aLymnjiX4Ou+2qbNLsb7LHHe47H7OyioFpRPRz0d+RsT4hGZwuRAW9ilKmboS7w5LXgJKYS2JH 753US3wtHT5t3QafemCZv56kUkFoE94NKIj+yaooKzvI/Tj61LhDivjsbTguFKnj+GaoffZvgZyb2 76eyKEdX0V899V3ENBQQmncCDIE/CE9kQDKGhBLvdOOPFceolFLPftKW54xU+42dyptPicAwrPbkn 77UK1GVCHbW5nN9jZBE/ebqsBmq5BSizV95sLoDuqaFCWNYoqZe19Vj58Bqay10etbAgMBAAGjUDB 78OMB0GA1UdDgQWBBRsCPajkEscZM6SpLbNTa/7dY5azzAfBgNVHSMEGDAWgBRsCPajkEscZM6SpL 79bNTa/7dY5azzAMBgNVHRMEBTADAQH/ 80-----END DATA----- 81 82 83 84-----BEGIN SIGNATURE----- 85A4IBAQAhKSNq+X/CfzhtNsMo6MJpTBjJBV5fhHerIZr6e3ozCTBCR29vYsVnJ4/6i5lL1pNeOhM 86ldthnuSlMzTS1Zme1OqRWB3U8QmwCFwhDxW/i4fdT8kxDAmELNp4z0GcXbe27V895PE0R/m8P47 87B6xbra+SQlEMW12K1EndUqrO6vgLbobV14mveWdgc0KIOnDKgsTHV8NTV1w3qtp1ujfvizYfBZu 88yyMOA1yZPDpREZtClro7lufwDQ7+LgSdtNLMDAMzapfIjAEPVNVLmJzMgzaHqMsZM8gP8vWAdfc 89R4mCmWXVotrM6d1rjJGdRADAONYCC4/+d1IMkVGoVfpaej6I 90-----END SIGNATURE----- 91 92$ openssl asn1parse -i < [SIGNATURE] 93 0:d=0 hl=4 l= 257 prim: BIT STRING 94