zcertificate
zcertificate copied to clipboard
zmap
Command line utility for parsing certificates
The signature value e.g., `ut4t+t+vs8ibsc4zncmvk6huidj0fmbfdlm48hawqjy2rmmvhjqn6unxywn/ofpekotvqwtd6zkun1kaeg/4yql4fpvefzofgqf6yti4av5b6kp96gg60g7xsb2ojjxzdzo7c4mxa7g8yxbdmfnjj5us5i0ayj7gsbtxzwd4new=` output by ZCertificate is different from that e.g., `ba:de:13:f9:3f:af:4b:c2:01:48:2e:33:9c:23:15:93:a1:d4:21:d8:f4:14:c0:5f:0e:53:38:f2:16:96:a8:9c:b6:ae:69:af:1c:94:27:ea:e3:71:63:03:7f:38:53:de:28:e4:ef:ab:04:dd:eb:39:2e:9f:59:1a:12:0f:f8:61:09:78:16:95:44:7f:3a:05:81:01:7a:ca:d2:38:69:5e:41:e8:aa:7d:ea:01:ba:d2:0e:d7:49:bd:8e:8e:35:d9:77:3a:3b:0b:89:97:03:b8:3c:c9:70:43:99:f9:c9:8f:95:2c:e6:2d:1a:60:9e:c6:b1:b4:d7:cf:07:78:35:ec` output by OpenSSL. The signature values output by ZCertificate looks like base64. However, the base64-encoded `ba:de:13:f9:3f:af:4b:c2:01:48:2e:33:9c:23:15:93:a1:d4:21:d8:f4:14:c0:5f:0e:53:38:f2:16:96:a8:9c:b6:ae:69:af:1c:94:27:ea:e3:71:63:03:7f:38:53:de:28:e4:ef:ab:04:dd:eb:39:2e:9f:59:1a:12:0f:f8:61:09:78:16:95:44:7f:3a:05:81:01:7a:ca:d2:38:69:5e:41:e8:aa:7d:ea:01:ba:d2:0e:d7:49:bd:8e:8e:35:d9:77:3a:3b:0b:89:97:03:b8:3c:c9:70:43:99:f9:c9:8f:95:2c:e6:2d:1a:60:9e:c6:b1:b4:d7:cf:07:78:35:ec`...
ZCertificate lists unknown extensions at the level same to X.509v3 extensions. It is not proper since v1 and v2 X.509 certificate have no extension. Unknown extensions should be listed in...
In the JSON output, ZCertificate uses the type dict to store extensions of certificates. It is not proper to use such unique key type since it cannot store two extensions...
ZCertificate uses MD5 to hash modulus and signature value in the parsed certificate again. It is not proper since SHA1-RSA alike has been declared in the original certificate file and...
In the JSON output of ZCertificate, all fields are placed in a dict. The key "signature" is placed at the level same to that of keys like "version". This does...
Once https://github.com/zmap/zcrypto/issues/91 and https://github.com/zmap/zcrypto/issues/92 land, we'll want to add relevant command line flags.
I'd like to be able to simply run: `zcertificate test.pem`
Current result: ``` "e_cab_dv_conflicts_with_province": { "result": 1 }, "e_cab_dv_conflicts_with_street": { "result": 1 }, "e_cert_policy_iv_requires_country": { "result": 1 }, "e_cert_policy_iv_requires_province_or_locality": { "result": 1 }, "e_cert_policy_ov_requires_country": { "result": 1 }, ``` Desired:...
``` $ go get github.com/zmap/zcrypto@latest $ go get github.com/zmap/zlint/v3@latest ```
OpenSSL and GnuTLS parsed a cert without error. But ZCertificate reported the error that the modulus is not a positive number.The actual result is that OpenSSL and GnuTLS have no...
