证书 on 办公AI智能小助手 https://blog.qife122.com/tags/%E8%AF%81%E4%B9%A6/ Recent content in 证书 on 办公AI智能小助手 Hugo zh-cn qife Thu, 18 Sep 2025 16:58:06 +0800 火眼金睛:如何肉眼识别Base64编码的JSON、证书与私钥 https://blog.qife122.com/p/%E7%81%AB%E7%9C%BC%E9%87%91%E7%9D%9B%E5%A6%82%E4%BD%95%E8%82%89%E7%9C%BC%E8%AF%86%E5%88%ABbase64%E7%BC%96%E7%A0%81%E7%9A%84json%E8%AF%81%E4%B9%A6%E4%B8%8E%E7%A7%81%E9%92%A5/ Thu, 18 Sep 2025 16:58:06 +0800 https://blog.qife122.com/p/%E7%81%AB%E7%9C%BC%E9%87%91%E7%9D%9B%E5%A6%82%E4%BD%95%E8%82%89%E7%9C%BC%E8%AF%86%E5%88%ABbase64%E7%BC%96%E7%A0%81%E7%9A%84json%E8%AF%81%E4%B9%A6%E4%B8%8E%E7%A7%81%E9%92%A5/ <h1 id="火眼金睛如何肉眼识别base64编码的json证书与私钥">火眼金睛:如何肉眼识别Base64编码的JSON、证书与私钥</h1> <p>最后修改于2025年8月5日</p> <p>我在家庭实验室工作时,检查了一个本应包含加密内容的文件,该文件可以安全地提交到Github仓库。文件内容如下:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;serial&#34;</span><span class="p">:</span> <span class="mi">13</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;lineage&#34;</span><span class="p">:</span> <span class="s2">&#34;24d431ee-3da9-4407-b649-b0d2c0ca2d67&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;meta&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;key_provider.pbkdf2.password_key&#34;</span><span class="p">:</span> <span class="s2">&#34;eyJzYWx0IjoianpHUlpMVkFOZUZKcEpSeGo4UlhnNDhGZk9vQisrR0YvSG9ubTZzSUY5WT0iLCJpdGVyYXRpb25zIjo2MDAwMDAsImhhc2hfZnVuY3Rpb24iOiJzaGE1MTIiLCJrZXlfbGVuZ3RoIjozMn0=&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;encrypted_data&#34;</span><span class="p">:</span> <span class="s2">&#34;ONXZsJhz37eJA[...]&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;encryption_version&#34;</span><span class="p">:</span> <span class="s2">&#34;v0&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>嗯?密钥提供者?密码密钥?在加密文件中?这听起来不太对劲。问题是这个文件是通过获取密码、从中派生密钥,然后用该密钥加密内容生成的。我不知道派生密钥可能是什么样子,但它可能就是那个长的难以理解的字符串。</p>