验证实例身份文档签名
操作场景
实例标识签名,包含实例身份文档签名(signature)、实例身份文档(document)和签名证书(server.pem)。
- 实例身份文档签名(signature),用于供第三方验证实例标识文档的真实性和内容。
实例标识签名采用PKCS #7格式加密,纯数字化,安全可靠。
实例标识签名支持传入自定义audience参数,用于防止签名被非法冒用。audience参数可以是随机字符串、时间戳、规律性变化的信息或者根据算法生成的数据。传入audience参数后,即使他人获取了标识文档和标识签名的部分信息,也很难猜测到audience参数的取值。
通过audience参数实现鉴权,具体使用方法,请参见ECS实例身份文档(华为云元数据类型的API)和ECS实例身份文档签名(华为云元数据类型的API)。
- 实例身份文档(document),用于提供实例的身份信息,包括实例ID、IP地址等,包含的属性如表1所示。
- 签名证书(server.pem),用于验证签名合法性。
操作步骤
- 执行以下命令,获取实例身份文档签名,并保存至signer.p7b。
curl http://169.254.169.254/meta-data/latest/instance-identity/signature > signer.p7b
root.crt证书
-----BEGIN CERTIFICATE----- MIIF9zCCA9+gAwIBAgIKBEnIQUn/qRh2SjANBgkqhkiG9w0BAQsFADCBhjELMAkG A1UEBhMCQ04xCjAIBgNVBAgMAS0xCjAIBgNVBAcMAS0xHDAaBgNVBAoME0h1YXdl aSBUZWNobm9sb2dpZXMxFTATBgNVBAsMDEh1YXdlaSBDbG91ZDEqMCgGA1UEAwwh SHVhd2VpIENsb3VkIEluc3RhbmNlIE1ldGFkYXRhIENBMCAXDTI1MDUwODE0NDkw MloYDzIwNTUwNTA4MTQ0OTAyWjCBhjELMAkGA1UEBhMCQ04xCjAIBgNVBAgMAS0x CjAIBgNVBAcMAS0xHDAaBgNVBAoME0h1YXdlaSBUZWNobm9sb2dpZXMxFTATBgNV BAsMDEh1YXdlaSBDbG91ZDEqMCgGA1UEAwwhSHVhd2VpIENsb3VkIEluc3RhbmNl IE1ldGFkYXRhIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArulD 1aDj9Q5op4MKOOcYnrf+txrO05ecSNtKBFrazmmB2uB3/NIF4kg5tycBdNqO+qgp b4lAhih6EOM1cl21Pfk27Gzr2WML91GCG5pDpc42pn/yMyuupjGA0HH1Pp/lrdPj JmG0E9HUXgyJ+lIVo9OrnrLTP7URkFjE+dEoDBtTHD7SaTiK48ssYXAYrLUS9RZA 6wZ+WVIdTY6/io3gROMKRQT5EK2Ny4H7ZUmZe1CPYWLZsNsRYQ3+GiMcB7DG9R4C xs4inp0Rq3Fsr2RLXwyA7V9AI2YNKa1bEy3/TE/qSQFWs5KrYxj8rVw+fhhpOGjU FrIQOY89rgUhfk2SdsRspBLqzlX5dMDYrMDOChS9LdIc6w990U7CYkfxToc7oQ/y LOiCbcXvwezX+wfXmIUIsJo2kr5MJ41Fsp1C+oeBUCenJuyrcgw2ZSlfPCe6NVJW zFp5FOo+SnBwXqgo+Ec63fkCkEwuRghhQtYZlvFROkKpjBi8zdJ0O0pvQKQpmc1O jbxZBeiC4dFLOyWbmghfPDhA7eG6o0om3drIq2hd9Z7HDEqc6GlgX3rCyy0YcQn1 wiqYZE/73m3n3JsvqRXbnGxJ1SZkod/yGmowOtZ731HQ/Bw5itMOrOZFNtWhXB1e PTwNDWzZxULJXctIpCtwRYZ9tn8pn6GvDCAv2o0CAwEAAaNjMGEwHwYDVR0jBBgw FoAU8oc+3dg4k8Hkc7nZJAeYgPElayMwHQYDVR0OBBYEFPKHPt3YOJPB5HO52SQH mIDxJWsjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4ICAQAx+RLlG6d0Z5jpj1ctBCh38nU4SNh2ftChTGRfvI2Een68YYys 0kigq5LlrkHSrepFgF8rxGkDIqBUH58sQn/McisZ51nxzUKTw4uc806wq1K4P+B5 t55Qz3fmXWn0wfv1bGonRugKaY2CcKhfCRbCOBJ5XIogC/Fw+ovzQK88gCGYUD+h 8rJnu4PtaRUXBkrcCWkf2KcpdA9g2NICFsIqqoaCoEfGQIF9tpnzZ8WMCPcDNaVR JbwaGlCCs/x1lpVrzbzoNOoniqE7z0F9rgD/hV9Phpmlry3AknU5hB557VjINhlW D61LXbbr8V9Oykpod0/utsEGb32O4Ic1NrrFHyULIuturVsHkZny7JHSiy+MhQ06 sHV1aq2kwXV0PuaSOLObpq+RDLGq7N5pPHxIkZclL51VixZiqjaXPbn0aKPiJ08Z HQ+sLzhZJ6mx5mEaQj/ZdvPO3q00WhJds5K9wI5r8FL6Ao7BM4+limr4WrxNm277 rMoD+QVMKnYaNFFsyYVKE4VUNPRBjZORxVHRVvCfJ9mpBIllqfTqqgggRB7EVbwm Xf6byLx89oelBmbfzd5k0AlDSz+W/7tsGKUzVGgL5vbM98vBkh8cJM8tkadhkfxe JQX3PqFvj2MNOZeb95SFOQRLqCe+Ge+uC1u1ShfT6e1TNJTFunb9iXFOCw== -----END CERTIFICATE-----