nekoruri · August 29, 2015 14:15 · nekoruri · Feb 19, 2015 · nekoruri · Feb 19, 2015
diff --git a/superfish_verify.txt b/superfish_verify.txt
 # SuperfishのCA証明書
 % cat superfish_ca.pem
 -----BEGIN CERTIFICATE-----
 MIIC9TCCAl6gAwIBAgIJANL8E4epRNznMA0GCSqGSIb3DQEBBQUAMFsxGDAWBgNV
 BAoTD1N1cGVyZmlzaCwgSW5jLjELMAkGA1UEBxMCU0YxCzAJBgNVBAgTAkNBMQsw
 CQYDVQQGEwJVUzEYMBYGA1UEAxMPU3VwZXJmaXNoLCBJbmMuMB4XDTE0MDUxMjE2
 MjUyNloXDTM0MDUwNzE2MjUyNlowWzEYMBYGA1UEChMPU3VwZXJmaXNoLCBJbmMu
 MQswCQYDVQQHEwJTRjELMAkGA1UECBMCQ0ExCzAJBgNVBAYTAlVTMRgwFgYDVQQD
 Ew9TdXBlcmZpc2gsIEluYy4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOjz
 Shh2Xxk/sc9Y6X9DBwmVgDXFD/5xMSeBmRImIKXfj2r8QlU57gk4idngNsSsAYJb
 1Tnm+Y8HiN/+7vahFM6pdEXY/fAXVyqC4XouEpNarIrXFWPRt5tVgA9YvBxJ7SBi
 3bZMpTrrHD2g/3pxptMQeDOuS8Ic/ZJKocPnQaQtAgMBAAGjgcAwgb0wDAYDVR0T
 BAUwAwEB/zAdBgNVHQ4EFgQU+5izU38URC7o7tUJml4OVoaoNYgwgY0GA1UdIwSB
 hTCBgoAU+5izU38URC7o7tUJml4OVoaoNYihX6RdMFsxGDAWBgNVBAoTD1N1cGVy
 ZmlzaCwgSW5jLjELMAkGA1UEBxMCU0YxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJV
 UzEYMBYGA1UEAxMPU3VwZXJmaXNoLCBJbmMuggkA0vwTh6lE3OcwDQYJKoZIhvcN
 AQEFBQADgYEApHyg7ApKx3DEcWjzOyLi3JyN0JL+c35yK1VEmxu0Qusfr76645Oj
 1IsYwpTws6a9ZTRMzST4GQvFFQra81eLqYbPbMPuhC+FCxkUF5i0DNSWi+kczJXJ
 TtCqSwGl9t9JEoFqvtW+znZ9TqyLiOMw7TGEUI+88VAqW0qmXnwPcfo=
 -----END CERTIFICATE-----

 # 上記で署名された証明書っぽいやつ
 # http://pastebin.com/hJvXCFQP
 # 現時点でfakehost.lenovo.comというサイトは無いので、Superfishの通常の使い方の範疇ではこの証明書は発行されないはず。
 % openssl x509 -in faked.pem -text
 Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            95:37:4e:b4:60:08:7a:e3
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=Superfish, Inc., L=SF, ST=CA, C=US, CN=Superfish, Inc.
        Validity
            Not Before: Feb 19 10:25:50 2015 GMT
            Not After : Mar 21 10:25:50 2015 GMT
        Subject: C=CN, ST=Some-State, O=Lenovo, CN=fakehost.lenovo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:bf:4f:1b:fa:c8:66:03:6f:b9:da:83:1f:d2:cf:
                    1b:2a:52:32:4e:a6:c4:45:c1:9c:9a:2d:7d:5b:97:
                    48:a9:58:14:cc:56:60:92:af:45:e2:19:ef:ab:1e:
                    13:1e:d6:5b:d0:e3:a6:f0:1f:d4:de:a4:13:02:32:
                    81:e2:02:0d:89:45:d6:14:d8:a9:fc:c8:d5:7d:bb:
                    aa:78:23:7b:f8:22:6e:4d:dc:40:c3:cd:c6:2c:78:
                    65:0f:8f:b1:ea:42:6b:9d:ca:88:b6:d0:33:57:dd:
                    6b:7a:91:49:4a:0b:3e:d8:5f:df:dc:dc:96:a2:6f:
                    9c:14:17:bb:47:8e:f6:9b:aa:17:3c:71:c8:63:34:
                    5e:1b:c2:2f:9a:7e:66:aa:3b:a7:1f:5e:7e:f1:f4:
                    22:88:38:57:8f:42:60:8c:db:9e:2e:d1:0b:32:53:
                    b3:7a:e2:27:dc:2b:a5:7c:8f:10:67:69:c2:07:10:
                    27:47:2f:88:c4:94:32:12:3c:fa:8f:a5:dd:68:db:
                    8b:ab:d2:e5:1e:9d:0d:ed:6a:1d:c4:20:71:00:fe:
                    65:42:a7:9e:c8:df:04:56:80:3c:da:6a:1a:d7:25:
                    80:20:b7:e7:9a:c8:dc:22:56:b9:06:b8:93:b1:5f:
                    e4:f4:ad:2f:24:da:6b:9f:eb:83:6f:09:e5:e1:b5:
                    eb:35
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
        49:dd:2b:75:36:9b:90:a4:73:a3:cc:89:bf:b6:70:74:75:35:
        15:b7:b9:f0:3b:06:2e:c7:e6:ed:f4:ca:34:a9:6b:39:2f:9d:
        1c:bc:2c:b4:dc:57:ed:73:61:06:04:03:71:b1:7b:b9:dc:b1:
        0c:19:7c:6a:55:1a:40:89:16:8d:54:0c:a9:e3:c2:dd:8a:2b:
        d0:76:f2:ab:4f:88:13:e4:1a:0b:7e:d1:c1:82:3c:d0:89:06:
        cf:08:e0:c7:cc:51:47:78:39:b0:5d:06:42:5a:72:a8:79:48:
        cc:7f:f3:98:4e:30:4b:9f:14:11:09:94:61:e8:06:ca:74:53:
        7e:16
 -----BEGIN CERTIFICATE-----
 MIICpzCCAhACCQCVN060YAh64zANBgkqhkiG9w0BAQsFADBbMRgwFgYDVQQKEw9T
 dXBlcmZpc2gsIEluYy4xCzAJBgNVBAcTAlNGMQswCQYDVQQIEwJDQTELMAkGA1UE
 BhMCVVMxGDAWBgNVBAMTD1N1cGVyZmlzaCwgSW5jLjAeFw0xNTAyMTkxMDI1NTBa
 Fw0xNTAzMjExMDI1NTBaMFExCzAJBgNVBAYTAkNOMRMwEQYDVQQIDApTb21lLVN0
 YXRlMQ8wDQYDVQQKDAZMZW5vdm8xHDAaBgNVBAMME2Zha2Vob3N0Lmxlbm92by5j
 b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Txv6yGYDb7nagx/S
 zxsqUjJOpsRFwZyaLX1bl0ipWBTMVmCSr0XiGe+rHhMe1lvQ46bwH9TepBMCMoHi
 Ag2JRdYU2Kn8yNV9u6p4I3v4Im5N3EDDzcYseGUPj7HqQmudyoi20DNX3Wt6kUlK
 Cz7YX9/c3Jaib5wUF7tHjvabqhc8cchjNF4bwi+afmaqO6cfXn7x9CKIOFePQmCM
 254u0QsyU7N64ifcK6V8jxBnacIHECdHL4jElDISPPqPpd1o24ur0uUenQ3tah3E
 IHEA/mVCp57I3wRWgDzaahrXJYAgt+eayNwiVrkGuJOxX+T0rS8k2muf64NvCeXh
 tes1AgMBAAEwDQYJKoZIhvcNAQELBQADgYEASd0rdTabkKRzo8yJv7ZwdHU1Fbe5
 8DsGLsfm7fTKNKlrOS+dHLwstNxX7XNhBgQDcbF7udyxDBl8alUaQIkWjVQMqePC
 3Yor0Hbyq0+IE+QaC37RwYI80IkGzwjgx8xRR3g5sF0GQlpyqHlIzH/zmE4wS58U
 EQmUYegGynRTfhY=
 -----END CERTIFICATE-----

 # 検証してみる
 % openssl verify -verbose -CAfile superfish_ca.pem faked.pem
 fakeroot.pem: OK

 # やった！
	# SuperfishのCA証明書
	% cat superfish_ca.pem
	-----BEGIN CERTIFICATE-----
	MIIC9TCCAl6gAwIBAgIJANL8E4epRNznMA0GCSqGSIb3DQEBBQUAMFsxGDAWBgNV
	BAoTD1N1cGVyZmlzaCwgSW5jLjELMAkGA1UEBxMCU0YxCzAJBgNVBAgTAkNBMQsw
	CQYDVQQGEwJVUzEYMBYGA1UEAxMPU3VwZXJmaXNoLCBJbmMuMB4XDTE0MDUxMjE2
	MjUyNloXDTM0MDUwNzE2MjUyNlowWzEYMBYGA1UEChMPU3VwZXJmaXNoLCBJbmMu
	MQswCQYDVQQHEwJTRjELMAkGA1UECBMCQ0ExCzAJBgNVBAYTAlVTMRgwFgYDVQQD
	Ew9TdXBlcmZpc2gsIEluYy4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOjz
	Shh2Xxk/sc9Y6X9DBwmVgDXFD/5xMSeBmRImIKXfj2r8QlU57gk4idngNsSsAYJb
	1Tnm+Y8HiN/+7vahFM6pdEXY/fAXVyqC4XouEpNarIrXFWPRt5tVgA9YvBxJ7SBi
	3bZMpTrrHD2g/3pxptMQeDOuS8Ic/ZJKocPnQaQtAgMBAAGjgcAwgb0wDAYDVR0T
	BAUwAwEB/zAdBgNVHQ4EFgQU+5izU38URC7o7tUJml4OVoaoNYgwgY0GA1UdIwSB
	hTCBgoAU+5izU38URC7o7tUJml4OVoaoNYihX6RdMFsxGDAWBgNVBAoTD1N1cGVy
	ZmlzaCwgSW5jLjELMAkGA1UEBxMCU0YxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJV
	UzEYMBYGA1UEAxMPU3VwZXJmaXNoLCBJbmMuggkA0vwTh6lE3OcwDQYJKoZIhvcN
	AQEFBQADgYEApHyg7ApKx3DEcWjzOyLi3JyN0JL+c35yK1VEmxu0Qusfr76645Oj
	1IsYwpTws6a9ZTRMzST4GQvFFQra81eLqYbPbMPuhC+FCxkUF5i0DNSWi+kczJXJ
	TtCqSwGl9t9JEoFqvtW+znZ9TqyLiOMw7TGEUI+88VAqW0qmXnwPcfo=
	-----END CERTIFICATE-----

	# 上記で署名された証明書っぽいやつ
	# http://pastebin.com/hJvXCFQP
	# 現時点でfakehost.lenovo.comというサイトは無いので、Superfishの通常の使い方の範疇ではこの証明書は発行されないはず。
	% openssl x509 -in faked.pem -text
	Certificate:
	Data:
	Version: 1 (0x0)
	Serial Number:
	95:37:4e:b4:60:08:7a:e3
	Signature Algorithm: sha256WithRSAEncryption
	Issuer: O=Superfish, Inc., L=SF, ST=CA, C=US, CN=Superfish, Inc.
	Validity
	Not Before: Feb 19 10:25:50 2015 GMT
	Not After : Mar 21 10:25:50 2015 GMT
	Subject: C=CN, ST=Some-State, O=Lenovo, CN=fakehost.lenovo.com
	Subject Public Key Info:
	Public Key Algorithm: rsaEncryption
	RSA Public Key: (2048 bit)
	Modulus (2048 bit):
	00:bf:4f:1b:fa:c8:66:03:6f:b9:da:83:1f:d2:cf:
	1b:2a:52:32:4e:a6:c4:45:c1:9c:9a:2d:7d:5b:97:
	48:a9:58:14:cc:56:60:92:af:45:e2:19:ef:ab:1e:
	13:1e:d6:5b:d0:e3:a6:f0:1f:d4:de:a4:13:02:32:
	81:e2:02:0d:89:45:d6:14:d8:a9:fc:c8:d5:7d:bb:
	aa:78:23:7b:f8:22:6e:4d:dc:40:c3:cd:c6:2c:78:
	65:0f:8f:b1:ea:42:6b:9d:ca:88:b6:d0:33:57:dd:
	6b:7a:91:49:4a:0b:3e:d8:5f:df:dc:dc:96:a2:6f:
	9c:14:17:bb:47:8e:f6:9b:aa:17:3c:71:c8:63:34:
	5e:1b:c2:2f:9a:7e:66:aa:3b:a7:1f:5e:7e:f1:f4:
	22:88:38:57:8f:42:60:8c:db:9e:2e:d1:0b:32:53:
	b3:7a:e2:27:dc:2b:a5:7c:8f:10:67:69:c2:07:10:
	27:47:2f:88:c4:94:32:12:3c:fa:8f:a5:dd:68:db:
	8b:ab:d2:e5:1e:9d:0d:ed:6a:1d:c4:20:71:00:fe:
	65:42:a7:9e:c8:df:04:56:80:3c:da:6a:1a:d7:25:
	80:20:b7:e7:9a:c8:dc:22:56:b9:06:b8:93:b1:5f:
	e4:f4:ad:2f:24:da:6b:9f:eb:83:6f:09:e5:e1:b5:
	eb:35
	Exponent: 65537 (0x10001)
	Signature Algorithm: sha256WithRSAEncryption
	49:dd:2b:75:36:9b:90:a4:73:a3:cc:89:bf:b6:70:74:75:35:
	15:b7:b9:f0:3b:06:2e:c7:e6:ed:f4:ca:34:a9:6b:39:2f:9d:
	1c:bc:2c:b4:dc:57:ed:73:61:06:04:03:71:b1:7b:b9:dc:b1:
	0c:19:7c:6a:55:1a:40:89:16:8d:54:0c:a9:e3:c2:dd:8a:2b:
	d0:76:f2:ab:4f:88:13:e4:1a:0b:7e:d1:c1:82:3c:d0:89:06:
	cf:08:e0:c7:cc:51:47:78:39:b0:5d:06:42:5a:72:a8:79:48:
	cc:7f:f3:98:4e:30:4b:9f:14:11:09:94:61:e8:06:ca:74:53:
	7e:16
	-----BEGIN CERTIFICATE-----
	MIICpzCCAhACCQCVN060YAh64zANBgkqhkiG9w0BAQsFADBbMRgwFgYDVQQKEw9T
	dXBlcmZpc2gsIEluYy4xCzAJBgNVBAcTAlNGMQswCQYDVQQIEwJDQTELMAkGA1UE
	BhMCVVMxGDAWBgNVBAMTD1N1cGVyZmlzaCwgSW5jLjAeFw0xNTAyMTkxMDI1NTBa
	Fw0xNTAzMjExMDI1NTBaMFExCzAJBgNVBAYTAkNOMRMwEQYDVQQIDApTb21lLVN0
	YXRlMQ8wDQYDVQQKDAZMZW5vdm8xHDAaBgNVBAMME2Zha2Vob3N0Lmxlbm92by5j
	b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Txv6yGYDb7nagx/S
	zxsqUjJOpsRFwZyaLX1bl0ipWBTMVmCSr0XiGe+rHhMe1lvQ46bwH9TepBMCMoHi
	Ag2JRdYU2Kn8yNV9u6p4I3v4Im5N3EDDzcYseGUPj7HqQmudyoi20DNX3Wt6kUlK
	Cz7YX9/c3Jaib5wUF7tHjvabqhc8cchjNF4bwi+afmaqO6cfXn7x9CKIOFePQmCM
	254u0QsyU7N64ifcK6V8jxBnacIHECdHL4jElDISPPqPpd1o24ur0uUenQ3tah3E
	IHEA/mVCp57I3wRWgDzaahrXJYAgt+eayNwiVrkGuJOxX+T0rS8k2muf64NvCeXh
	tes1AgMBAAEwDQYJKoZIhvcNAQELBQADgYEASd0rdTabkKRzo8yJv7ZwdHU1Fbe5
	8DsGLsfm7fTKNKlrOS+dHLwstNxX7XNhBgQDcbF7udyxDBl8alUaQIkWjVQMqePC
	3Yor0Hbyq0+IE+QaC37RwYI80IkGzwjgx8xRR3g5sF0GQlpyqHlIzH/zmE4wS58U
	EQmUYegGynRTfhY=
	-----END CERTIFICATE-----

	# 検証してみる
	% openssl verify -verbose -CAfile superfish_ca.pem faked.pem
	fakeroot.pem: OK

	# やった！