IETF Logo Mail Archive

Re: [COSE] 802.1AR example

Esko Dijk <esko.dijk@iotconsultancy.nl> Tue, 07 November 2023 14:13 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7998AC17DBF7 for <cose@ietfa.amsl.com>; Tue, 7 Nov 2023 06:13:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jKS2wNRxFQQC for <cose@ietfa.amsl.com>; Tue, 7 Nov 2023 06:13:30 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2127.outbound.protection.outlook.com [40.107.20.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1926C17DC18 for <cose@ietf.org>; Tue, 7 Nov 2023 06:13:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jl8ySsa7/rYI4tD0vSjsXGXu32K5bGbwN6BKezAZ/T9qQXIFJq0kbIyxe21099ZVYi7oWPVSdBa6j82qnfEV0dYao5VZUJesFH48oPeIGwvXeHtqVlR1p45XZALAgrjjwn0CcSy2bCOACfHBRR9tVfcZECxAR8syBVe8pe59jYQTiopDaXDlBX267oeTvKRXh7s6W5brp5SySci75Ue76WEaQtKhwMmBH3XyMpeo0hn2IchPplItghIbMRG+YgVMeG38L4T7udp7YjSZ5H/dKCcowFdUyiCSvpN7Nd53ArqqCQOIx0s3cu0W4GP23i1l79p7zFTzQLybp72QP67New==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/NW81t6XzfgMntjim/Q8S7nu6yyDhoLPYzW3Hcf0Jj8=; b=G4yjQfV/DEwPXerti0NOgsdk2HAjB/LYzvzLhq/+s+jyYT1QfoBTM+UBPihLHYfOGeDLN6hD2iXzp4/Hf15eXXhv19BgxvQ9w4xok4Aaa8I1ZOal6w0n9zrcRjxtBfFOKT1yqWwJJzrZqmmciz40isE+6/BBDGAaCnbW7k0Q8lQ8S8YMp1hn28EDOez46WAtt6e3UnFF7VBaWr/NXQ6WWENBjcbL7WuwUmxqN3cGaLoY20O3RWEMq6VaqqXhLvD2r4NqNZAqOn1P/ae6ngWSASxwF99zu7DSgh/R7u8O74+MHtwB2PgDp6Yd5ilFLJm+MPugz1P2k2HQ2DdWijq6WA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/NW81t6XzfgMntjim/Q8S7nu6yyDhoLPYzW3Hcf0Jj8=; b=A0wTd8icUtnkYSP7rZ5T7UDphdUqITtEGFC4sazkC/m17tHVxwWNETWK7Z/2IzsvCbQnKCtzDM0iqBgmDtINq8SlvZWi8bIJDYd70+5r+bU8R5drCicMXKii/EC+QLx7q7pdKMRXZeOzg8DCg8rm0HETRsUs5URwXKI3p1X3zMc=
Received: from GV1P190MB1970.EURP190.PROD.OUTLOOK.COM (2603:10a6:150:56::7) by PAXP190MB1837.EURP190.PROD.OUTLOOK.COM (2603:10a6:102:28f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.27; Tue, 7 Nov 2023 14:13:20 +0000
Received: from GV1P190MB1970.EURP190.PROD.OUTLOOK.COM ([fe80::f031:11fa:59e3:278c]) by GV1P190MB1970.EURP190.PROD.OUTLOOK.COM ([fe80::f031:11fa:59e3:278c%3]) with mapi id 15.20.6954.028; Tue, 7 Nov 2023 14:13:19 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>, Robert Moskowitz <rgm-sec@htt-consult.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] 802.1AR example
Thread-Index: AQHaEXfYuIrQJHkmN0SgfTDc6KIbkbBu0E2AgAAK74CAAAmvMA==
Date: Tue, 07 Nov 2023 14:13:19 +0000
Message-ID: <GV1P190MB1970C3A461427E7597FD777EFDA9A@GV1P190MB1970.EURP190.PROD.OUTLOOK.COM>
References: <f91e0cf2-ddde-4567-ae03-47b08911f8e6@htt-consult.com> <f776ea81-e89b-49a3-b8a3-7dc8ecdd6f4d@htt-consult.com> <PAXPR07MB884402AAD0D9587CF11469E9F4A9A@PAXPR07MB8844.eurprd07.prod.outlook.com>
In-Reply-To: <PAXPR07MB884402AAD0D9587CF11469E9F4A9A@PAXPR07MB8844.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV1P190MB1970:EE_|PAXP190MB1837:EE_
x-ms-office365-filtering-correlation-id: 608ff834-e0db-4525-8424-08dbdf9bb1c4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nqZiqavcw2Y2/kOS6J45BD4zCx+n3C4CV2T6zazSySVPuQRY+TrYF0iouy0/vZUFg1AeoFxp1sfBXtCmRoz9yoJHqyWpZ+4WaxYtagrK0xeDjdvoWZEG20FoyYU1LtYB/wD8wU6VlSM0ACvmZcoN+cVSpitj3t2jeOaCY3xWV2rCm2YW4egpaGKFmyeTlwId+sEADmnUNNrDN9+tbBbvDm7Vgr+AcHkaRbtPjb9D6+Nm0upnse+fR1ydlK/MIz+fXo50Dpvu3IJ5W/njvlgx098HTkwWEANIDPYYvvESAVZLh60xUZDRtojRSj+XgbzruThFbQPTXXULNquzhFdqi6p+29OmkWzge5eofpBaiLu9OwxMXCA0JuRNVw7a4qhoapQPOeSmGmbr8w2zgRF97J5/UhoZCzBv3VVcvigiRmonoicwckkbewFZ+MuMbNYoOKain4aTKBsF4QZO7oq0fRRpYHGJNOHwA3oZ9ub6xddTyhr9pLmy+s+kczdHeHB1mcxjdgqyRPMN+qfJj/9jH1NLV8hUEs4N+ezC0TzK1q8Sxc0LX7eEMF1edD9WlCMRxnOQit0s3vNiq8W4efPgcyWU+2077lWYBp87A6MCqF3hpuUlj+a+dpFnqGTjK4lV29GudfOJQHuGt1X3OxSDH6EUPXIBviINQMoeGGcx3UY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV1P190MB1970.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366004)(136003)(346002)(376002)(39830400003)(396003)(230922051799003)(451199024)(1800799009)(64100799003)(186009)(38070700009)(166002)(122000001)(55016003)(966005)(478600001)(64756008)(66556008)(53546011)(9686003)(110136005)(76116006)(66476007)(66946007)(66446008)(33656002)(86362001)(7696005)(6506007)(71200400001)(52536014)(316002)(38100700002)(8676002)(2906002)(5660300002)(41300700001)(44832011)(8936002)(9326002)(414714003)(473944003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: hKJlb4iQSTuBLuW4uwZFAbNk4dP8Z0dVEC0DA8FZbTM7UeiIVXbcvSbHz432g3YaLY24baDXfoxSn/t0BgqI8LmgNy/ccR57FXhKW0bEEn12nyXrnbEKTM0/q/N8GjI3FB6tTDmaeIWCvppQ4Op7EnlFw5L516RIpTeOZN4uDbdNucIMQyFf2H8r+xoSFgSSPHVBWQ3vYFDBsKJI3DoDVz7S8tdmjB2OU69UkxMkIV/8T5oF57TjhmY3B4jXt6EEtDzanJRq22NZoAlmU1rxxrA/qG0EWbftFis9349zyUDXsxcT7QiahMScsZR8t/1zrRKtwRz5fmERtq7AQPwuWLV1RBpR9iXh9KDp/P6QBHjAGXyeftfjWV8N5o033b2rP2GFCKb3W075ItCIVwvujkTVsO1iSd5lVDDPpoji2vGKbKttzOf4t0/AkBaHD4jwJwYIvMiMF7WgxxmVcb8LzGZrEPju550X9mEiT2HZt91SVH1NbIkVGt5ka1vzv7DrTelOehwQoOO620tkWMwho1E4CS9JWGy7lfiKiGS9v0shYvFapOXv5c1GgRZ0APTWlB8W4aUgrYQiFbQcK3LGhlg3y2JcdgXY1BlWFKNiAmu8XfgNbT/oTTEeA4ZScuj2EHwR64nE24SgrdHaRPoDr0hsMEiRDa8zJIcUswvT9UfSFu5/czcOgZxdHvRb6gNtACrsAwGAIYwYHPueO4g1WlqgH6t/ez1f6R2DSZuilDeIZiajvwCXKUkl28uwufpTxU6FCn0+rQ9lUOxnZNYbVFqbx8bgIHk3ZHqdWaMuwQJZ5ZUbeAFDoIjLFXubPoPDM0AxYEsen0pMdCP1XthCqzp7BeI+AUKws7Exr+TKJpv5vZgkHZYTRAZEj51t2hUafz41l+g/ar9H0ToWYjo6hIzI32lV8oIklk4eUdpVCDXrLBALkFDLbFRfdNBkwigAKgzNwmSDubbabxZ36OkYKa6w9CGp16fy8mb87Gy+53Jw9mvoW5d5qykTa4P//R32aLbNsW4u3FYX+M88QqdKa070EC4MIsUjX9xOXurm9Ptzr8bGYxRM1cCYfSIGKNkCFr1JG/rNCQMTUHNVnAh1OhLwh3Ob/DDJX2saWZ7MXcJ8v9gHCTHY0tnpv9Fs82DeTgKirVVPyWK1Ixlo1iUDZE6/zqB7Vt1wVjm6vKGZNUnal7x+7Qs9+DbETQbxJAsoml0eqRQLEuMHRRI3Q3MzGHRf6di6mCaHnv545xqfc8qoETON7b0JH7ca9YFOsdVHQdlqmsj+VNdebdr10qrbNqDBYY4HdlAqgzpDsf1aX3DfQOpttQv8lfVIL+8rv6ccxRccCuo01DEDrG5qB9b2jBYE6bcjcfJXydGhrvfAyVClxWgKfZZ9sfigKZgd57anL2+xylKs60C515ZzN1K0SxNuaw6cMUeTMwFzsZ/rPiDFiROYX29cH6udBhhnBd572KjVDOM+cKABY9UNvq8g/WFbza4BCl4KIkRQKgTSG4NEtpEQpaLa7UqZiqPHEdfJachf9sm1uwBeJ4lde7CcNfZxiStRDAd/IDgOmWgBDmZfTdCq51t8HWjogi429MrkTCu80Y9wM0l3lK/nggYJpYROdiAltY2AitrF5o83RZgHIDqqErzyS7I7wAinnm6v9Gx8BzhxvMLL02zZ8Z8soQ==
Content-Type: multipart/alternative; boundary="_000_GV1P190MB1970C3A461427E7597FD777EFDA9AGV1P190MB1970EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV1P190MB1970.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 608ff834-e0db-4525-8424-08dbdf9bb1c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2023 14:13:19.7857 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kJF8OrTf7dzvNe1LI4LEWt+iNgpg51fym/jyLziwE3bSA3Rf+SVWA7dVaZvypsNqbt0uB3rxXBTbsZYVzA7nopAwzeMgvqFn5FDGDu30QYM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP190MB1837
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/Ve4GcpZI2jSa3qlwTPGnMKETrJ0>
Subject: Re: [COSE] 802.1AR example
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2023 14:13:32 -0000

Hi Göran,

In case it’s useful: there’s more X.509 examples including one IDevID in our draft: https://datatracker.ietf.org/doc/html/draft-ietf-anima-constrained-voucher#appendix-C.2
(For the IDevID, the “NotAfter” field wasn’t set to the max value because I couldn’t easily get OpenSSL to do this. In C509 this should become the ‘null’ value actually.)

It’s not a real device example, but a best-effort approximation of the 802.1AR standard.

Esko

From: COSE <cose-bounces@ietf.org> On Behalf Of Göran Selander
Sent: Tuesday, November 7, 2023 14:34
To: Robert Moskowitz <rgm-sec@htt-consult.com>; cose@ietf.org
Subject: Re: [COSE] 802.1AR example

Thanks, Bob!

I wasn’t clear in the meeting what we have and what we may be missing.

In section A.2 of C509 (https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-07#name-example-ieee-8021ar-profile) we are referring to section A.2 / C.2 in RFC 9148, which has similar certificates to the once you just sent. Very similar indeed, they are also made with your script 😊.

The open issue was whether we should go with these or try to find deployed IDevID certificates from some device.

Let’s continue the discussion offlist!

Göran





From: COSE <cose-bounces@ietf.org<mailto:cose-bounces@ietf.org>> on behalf of Robert Moskowitz <rgm-sec@htt-consult.com<mailto:rgm-sec@htt-consult.com>>
Date: Tuesday, 7 November 2023 at 13:55
To: cose@ietf.org<mailto:cose@ietf.org> <cose@ietf.org<mailto:cose@ietf.org>>
Subject: Re: [COSE] 802.1AR example


On 11/7/23 07:41, Robert Moskowitz wrote:
> I just checke my draft:
>
> draft-moskowitz-ec-pki/draft-moskowitz-ec-pki
>
> And there are no actual examples.  So I looked in my files where I did
> the testing for writing this and here is a 1AR DER:
>
> -----BEGIN CERTIFICATE-----
> MIICYzCCAgmgAwIBAgIIUQ3O0GPrmkYwCgYIKoZIzj0EAwIwWDELMAkGA1UEBhMC
> VVMxCzAJBgNVBAgMAk1JMREwDwYDVQQHDAhPYWsgUGFyazEXMBUGA1UECgwOSFRU
> IENvbnN1bHRpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwIBcNMTcwODE4MTg0MTExWhgP
> OTk5OTEyMzEyMzU5NTlaMDwxFzAVBgNVBAoMDkhUVCBDb25zdWx0aW5nMRAwDgYD
> VQQLDAdEZXZpY2VzMQ8wDQYDVQQFEwZXdDEyMzQwWTATBgcqhkjOPQIBBggqhkjO
> PQMBBwNCAASDND5LR1ti1BF1Cie7sbvYtPxKA55xDVr6SbUPtfkQlux/3G7ld1f7
> E6QstR43jNftY2r3Fewa9h+5NVcAkhSZo4HWMIHTMAkGA1UdEwQCMAAwgYkGA1Ud
> IwSBgTB/gBQm/YWlGql/tNedOcaEzHx40Ur/gqFcpFowWDELMAkGA1UEBhMCVVMx
> CzAJBgNVBAgMAk1JMREwDwYDVQQHDAhPYWsgUGFyazEXMBUGA1UECgwOSFRUIENv
> bnN1bHRpbmcxEDAOBgNVBAMMB1Jvb3QgQ0GCCQDyYdUCUKbOqjAOBgNVHQ8BAf8E
> BAMCBaAwKgYDVR0RBCMwIaAfBggrBgEFBQcIBKATMBEGCSsGAQQBtDsKAQQEAQID
> BDAKBggqhkjOPQQDAgNIADBFAiEAz/lrMNjZO+aaGi+sdsmHwSQWJjaEiBnCyJq5
> 7jiZb3ACIGvMYqqrtgnDPOM/tDQ9UAm2zEzNmrLmGC+6xJDLxqTG
> -----END CERTIFICATE-----
>
>
> See what you get when you cbor it!

openssl x509 -noout -text -in
/home/rgm/data/ca/8021ARintermediate/certs/Wt1234.cert.pem
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 5840551686194305606 (0x510dced063eb9a46)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = MI, L = Oak Park, O = HTT Consulting, CN =
Root CA
         Validity
             Not Before: Aug 18 18:41:11 2017 GMT
             Not After : Dec 31 23:59:59 9999 GMT
         Subject: O = HTT Consulting, OU = Devices, serialNumber = Wt1234
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
                     04:83:34:3e:4b:47:5b:62:d4:11:75:0a:27:bb:b1:
                     bb:d8:b4:fc:4a:03:9e:71:0d:5a:fa:49:b5:0f:b5:
                     f9:10:96:ec:7f:dc:6e:e5:77:57:fb:13:a4:2c:b5:
                     1e:37:8c:d7:ed:63:6a:f7:15:ec:1a:f6:1f:b9:35:
                     57:00:92:14:99
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Authority Key Identifier:
keyid:26:FD:85:A5:1A:A9:7F:B4:D7:9D:39:C6:84:CC:7C:78:D1:4A:FF:82
                 DirName:/C=US/ST=MI/L=Oak Park/O=HTT Consulting/CN=Root CA
                 serial:F2:61:D5:02:50:A6:CE:AA
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment
             X509v3 Subject Alternative Name:
                 othername: 1.3.6.1.5.5.7.8.4::<unsupported>
     Signature Algorithm: ecdsa-with-SHA256
     Signature Value:
         30:45:02:21:00:cf:f9:6b:30:d8:d9:3b:e6:9a:1a:2f:ac:76:
         c9:87:c1:24:16:26:36:84:88:19:c2:c8:9a:b9:ee:38:99:6f:
         70:02:20:6b:cc:62:aa:ab:b6:09:c3:3c:e3:3f:b4:34:3d:50:
         09:b6:cc:4c:cd:9a:b2:e6:18:2f:ba:c4:90:cb:c6:a4:c6

openssl asn1parse -i -in
/home/rgm/data/ca/8021ARintermediate/certs/Wt1234.cert.pem
     0:d=0  hl=4 l= 611 cons: SEQUENCE
     4:d=1  hl=4 l= 521 cons:  SEQUENCE
     8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
    10:d=3  hl=2 l=   1 prim:    INTEGER           :02
    13:d=2  hl=2 l=   8 prim:   INTEGER           :510DCED063EB9A46
    23:d=2  hl=2 l=  10 cons:   SEQUENCE
    25:d=3  hl=2 l=   8 prim:    OBJECT            :ecdsa-with-SHA256
    35:d=2  hl=2 l=  88 cons:   SEQUENCE
    37:d=3  hl=2 l=  11 cons:    SET
    39:d=4  hl=2 l=   9 cons:     SEQUENCE
    41:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
    46:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :US
    50:d=3  hl=2 l=  11 cons:    SET
    52:d=4  hl=2 l=   9 cons:     SEQUENCE
    54:d=5  hl=2 l=   3 prim:      OBJECT :stateOrProvinceName
    59:d=5  hl=2 l=   2 prim:      UTF8STRING        :MI
    63:d=3  hl=2 l=  17 cons:    SET
    65:d=4  hl=2 l=  15 cons:     SEQUENCE
    67:d=5  hl=2 l=   3 prim:      OBJECT            :localityName
    72:d=5  hl=2 l=   8 prim:      UTF8STRING        :Oak Park
    82:d=3  hl=2 l=  23 cons:    SET
    84:d=4  hl=2 l=  21 cons:     SEQUENCE
    86:d=5  hl=2 l=   3 prim:      OBJECT :organizationName
    91:d=5  hl=2 l=  14 prim:      UTF8STRING        :HTT Consulting
   107:d=3  hl=2 l=  16 cons:    SET
   109:d=4  hl=2 l=  14 cons:     SEQUENCE
   111:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
   116:d=5  hl=2 l=   7 prim:      UTF8STRING        :Root CA
   125:d=2  hl=2 l=  32 cons:   SEQUENCE
   127:d=3  hl=2 l=  13 prim:    UTCTIME           :170818184111Z
   142:d=3  hl=2 l=  15 prim:    GENERALIZEDTIME   :99991231235959Z
   159:d=2  hl=2 l=  60 cons:   SEQUENCE
   161:d=3  hl=2 l=  23 cons:    SET
   163:d=4  hl=2 l=  21 cons:     SEQUENCE
   165:d=5  hl=2 l=   3 prim:      OBJECT :organizationName
   170:d=5  hl=2 l=  14 prim:      UTF8STRING        :HTT Consulting
   186:d=3  hl=2 l=  16 cons:    SET
   188:d=4  hl=2 l=  14 cons:     SEQUENCE
   190:d=5  hl=2 l=   3 prim:      OBJECT :organizationalUnitName
   195:d=5  hl=2 l=   7 prim:      UTF8STRING        :Devices
   204:d=3  hl=2 l=  15 cons:    SET
   206:d=4  hl=2 l=  13 cons:     SEQUENCE
   208:d=5  hl=2 l=   3 prim:      OBJECT            :serialNumber
   213:d=5  hl=2 l=   6 prim:      PRINTABLESTRING   :Wt1234
   221:d=2  hl=2 l=  89 cons:   SEQUENCE
   223:d=3  hl=2 l=  19 cons:    SEQUENCE
   225:d=4  hl=2 l=   7 prim:     OBJECT            :id-ecPublicKey
   234:d=4  hl=2 l=   8 prim:     OBJECT            :prime256v1
   244:d=3  hl=2 l=  66 prim:    BIT STRING
   312:d=2  hl=3 l= 214 cons:   cont [ 3 ]
   315:d=3  hl=3 l= 211 cons:    SEQUENCE
   318:d=4  hl=2 l=   9 cons:     SEQUENCE
   320:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Basic
Constraints
   325:d=5  hl=2 l=   2 prim:      OCTET STRING      [HEX DUMP]:3000
   329:d=4  hl=3 l= 137 cons:     SEQUENCE
   332:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Authority
Key Identifier
   337:d=5  hl=3 l= 129 prim:      OCTET STRING      [HEX
DUMP]:307F801426FD85A51AA97FB4D79D39C684CC7C78D14AFF82A15CA45A3058310B3009060355040613025553310B300906035504080C024D493111300F06035504070C084F616B205061726B31173015060355040A0C0E48545420436F6E73756C74696E673110300E06035504030C07526F6F74204341820900F261D50250A6CEAA
   469:d=4  hl=2 l=  14 cons:     SEQUENCE
   471:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Key Usage
   476:d=5  hl=2 l=   1 prim:      BOOLEAN           :255
   479:d=5  hl=2 l=   4 prim:      OCTET STRING      [HEX DUMP]:030205A0
   485:d=4  hl=2 l=  42 cons:     SEQUENCE
   487:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject
Alternative Name
   492:d=5  hl=2 l=  35 prim:      OCTET STRING      [HEX
DUMP]:3021A01F06082B06010505070804A013301106092B06010401B43B0A01040401020304
   529:d=1  hl=2 l=  10 cons:  SEQUENCE
   531:d=2  hl=2 l=   8 prim:   OBJECT            :ecdsa-with-SHA256
   541:d=1  hl=2 l=  72 prim:  BIT STRING

openssl asn1parse -i -strparse 492 -in
/home/rgm/data/ca/8021ARintermediate/certs/Wt1234.cert.pem
     0:d=0  hl=2 l=  33 cons: SEQUENCE
     2:d=1  hl=2 l=  31 cons:  cont [ 0 ]
     4:d=2  hl=2 l=   8 prim:   OBJECT            :1.3.6.1.5.5.7.8.4
    14:d=2  hl=2 l=  19 cons:   cont [ 0 ]
    16:d=3  hl=2 l=  17 cons:    SEQUENCE
    18:d=4  hl=2 l=   9 prim:     OBJECT :1.3.6.1.4.1.6715.10.1
    29:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304

Bob

_______________________________________________
COSE mailing list
COSE@ietf.org<mailto:COSE@ietf.org>
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email