When you come to the front-end login interface as follows, you need to enter the user name, user certificate file and the private key corresponding to the certificate.
Judging from the prompt, the certificate file requires a PEM format certificate and base64 encoding. The others are not known yet. Don't rush to read on, the answers should be hidden in the clues given.
Obtain a "digitally signed front-end system debugging data package.pcapng" file, which contains the following digital certificate content. Copy this content and keep it as cer1.crt file.
-----BEGIN CERTIFICATE-----
MIIBpjCCAUugAwIBAgIRAIQyrttkXywULI3KhGNxYFYwCgYIKoEcz1UBg3UwPjEO
MAwGA1UEChMFQkNTWVMxDjAMBgNVBAMTBUJDU1lTMQ8wDQYDVQQqEwZHb3BoZXIx
CzAJBgNVBAYTAk5MMB4XDTIzMDcxNzAzMjMyNVoXDTI0MDcxNzAzMjMyNVowNTEV
MBMGA1UEChMMRXhhbXBsZSBJbmMuMQswCQYDVQQLEwJJVDEPMA0GA1UEAxMGYWRt
aW4xMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEdTKwJfeYUBsH3rw8KlRiabJX
z3KxNcH2MuYl7ol27RLS5/nVvvlrY2iw2Ylni+CS+htLoScXpEBsuMzkPjG3VKMz
MDEwDgYDVR0PAQH/BAQDAgKkMAwGA1UdEwEB/wQCMAAwEQYDKgMEBApxd2VydHl1
aW9wMAoGCCqBHM9VAYN1A0kAMEYCIQCP9wit9wKLNhDB7qzK50PuMldu0WhEFRuk
ZDXegNcpjQIhAK+fiviPZu53F7cAGck8VijLOJFfN0q7xJIqJ4T+nujr
-----END CERTIFICATE-----
Open the cer1.crt certificate in the windows system and the specific content will appear. According to the fields in the certificate, the user can be instructed to be admin1 and the public key algorithm used is SM2. Therefore, the user name used for front-end login is admin1, and the certificate file is naturally modified from cer1.crt. As for the private key corresponding to the certificate, it is certainly impossible to obtain it through the public key. One possible way is to construct a public-private key pair. Replace the public key in the original certificate. Of course, the public key in the certificate cannot be replaced. The fingerprint (CA's signature) verification in the certificate will ensure the integrity and authenticity of the digital certificate. Unless the application system implementation does not correctly verify the validity of the digital certificate, then look at the background verification process code.
A "login.go" background login handler source code file was obtained. After analysis, it was found that the background did not verify the validity of the certificate signature, which means that the public key of this certificate can be replaced without being noticed. So here we use the SM2 algorithm tool to generate a public-private key pair, as follows. The private key here is the third parameter to be filled in on the login interface.
Private key: 2923BE84E16CD6AE529049F1F1BBE9EBB3A6DB3C870C3E99245E0D1C06B747DE
Public key: C4758AF4FAE1A4991C5D0DC80F3E3ADD8E4A20CE4AC3F1447EA27C2BC70B51CADAB2ACFF2E63638FA4124A8BB776B2AF821FA128FDEA97732E58021BBDA5A1A9
Now, there is only the last step left, which is to replace the public key of cer1.crt with the constructed public key. The specific process can be to convert the base64-encoded digital certificate into hex format, find 0475...B754, and replace it with 04C4...A1A9.
It is explained here that the public key information encoding in the digital certificate is 04+64 bytes of the public key, which is the uncompressed mode of the SM2 public key.
Then convert the hex back to base64 encoding (conversion tool Base64 ) and save it as a cer2.crt certificate file. At this point, all the information required for the login interface has been successfully obtained.
Username: admin1
Public key file: cer2.crt
Private key information: KSO+hOFs1q5SkEnx8bvp67Om2zyHDD6ZJF4NHAa3R94=