How to Decode Certificate Signature?

[obahareth]

Hey all,

I am not sure if this is currently possible or not but I want to be able to view the signature of a certificate, something like:

cert = R509::Cert.load_from_file("/path/to/certificate.pem")
cert.signature

Where it would be able to extract of this OpenSSL command as an array of bytes I think?

openssl x509 -in /path/to/certificate.pem -text -noout -certopt ca_default -certopt no_validity -certopt no_serial -certopt no_subject -certopt no_extensions -certopt no_signame
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:ee:61:d3:eb:28:3c:e6:3b:50:19:6a:77:33:
         bb:4f:4f:b2:64:db:ec:ec:bd:51:c6:b3:76:d4:e5:9e:d8:13:
         af:02:21:00:fa:d1:e6:d0:6a:66:23:62:f7:5e:6e:71:63:35:
         fc:78:5f:87:68:a7:b2:ec:10:11:42:35:2b:0b:63:42:05:69

I was trying to traverse the ASN1 myself but didn't manage to get that yet.

[reaperhulk]

This project isn't active, but I would be surprised if the underlying OpenSSL::X509::Certificate (If I remember that hierarchy correctly...) doesn't have a .signature property or some other mechanism for getting the signature bytes.

[reaperhulk]

Unfortunately it appears I would be wrong https://docs.ruby-lang.org/en/2.6.0/OpenSSL/X509/Certificate.html

You can definitely get it through the ASN.1 parser -- RFC 5280 may be helpful for understanding the shape of the DER.