plugin-power helper

A script that can generate signed data and use with plugin-power, mirror.

中文说明

生成 plugin-power 可用的配置文件。

使用方法：参考 config.example.yml 创建 config.example.yml，先运行 cert.py 生成证书可私钥，然后运行 sign.py 生成签名的数据（YAML 转换为 JSON 数据签名）。

配置文件 output 为 文件名->文件内容的映射，文件内容可参考以下变量替换。

配置文件 data 为需要签名的 JSON 数据。

• data_b64 配置文件中 data 选项转换为 JSON，64 进制编码
• data_signature_b64 JSON 数据的签名，64 进制编码
• cert_b64 用来签名的证书数据，DER格式，64 进制编码
• cert_hash 证书的哈希摘要值（整数），用于生成最终证书的签名
• cert_signature 证书的签名值（整数）

Introduction

• cert.py will generate a 4096-bit RSA key (CA signing key), a 2048-bit RSA key (data signing key) and a certificate. The certificate will have the issuer CN configured as issuer_common_name config value.

• sign.py will sign the data given in the config (convert to compact JSON first) using the private key and output the value into files configured in config.yml.

Output template variables

• All values given in data.
• data_b64 The data converted to compact JSON and base64 encoded.
• data_signature_b64 The data converted to compact JSON and signature generated by the private key, base64 encoded.
• cert_b64 Certificate itself encoded in DER format and base64 encoded.
• cert_hash Integer value of the hash of the certificate, used to generate the cert_signature.
• cert_signature Integer value of the certificate's signature.

Use with plugin-power

To spoof the certificate to be signed by another (legit) CA, find the modulus (integer) of the real CA certificate, and configure output as follows (replace [ca public key modulus] with the actual value):

output:
  power.conf: |
    [Result]
    EQUAL,{cert_signature},65537,[ca public key modulus]->{cert_hash}

Then it will save a power.conf that can be used with plugin-power.