IETF Logo Mail Archive

Re: [COSE] 802.1AR example

Göran Selander <goran.selander@ericsson.com> Tue, 07 November 2023 13:34 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 528A6C17C8A5 for <cose@ietfa.amsl.com>; Tue, 7 Nov 2023 05:34:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8G0_3bmyd3I3 for <cose@ietfa.amsl.com>; Tue, 7 Nov 2023 05:34:29 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2083.outbound.protection.outlook.com [40.107.20.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3E56C14F74E for <cose@ietf.org>; Tue, 7 Nov 2023 05:34:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AnyijumFqKr81afzsRynA0U9UfjtImJOeDrtCn8YoM83NcyHllk1VXRE7T5MGKJLqlBkeSROxwWdjP2WzjJWBUsWWiQN2GPHInBXrgXym8g2hSBQONUvxn50wK53pyFyXHBd9dH+Vz9y0RfVKBuSas4/uGyAl7H9VZrZw5ERp/lH1et79oUfV1EjZtByFQ1RJehjyagqs+Sm0KL8cGmNBZDthHcJTJkK9Qa+dA2aHg73+Y7P3x6rcbJvF2Lv51m422QMc6Uj4ER+0Z+mQC8hNueWQs3/hLLCpBLgVn2XHYTs6qlQ7U804RLkAU8xooIMqIzvOqD3CIup09SF/3bjGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WEcc0SE4oPiN0SmAcpyy3kOOsHnnM51EP1UNglBUEKM=; b=XYNMctIIYdiv1bTycB9oG8Opc3zMYFcaFioNx2GqwXDnlAWlwP1wL66txk77zWZtVAlfS6TS2b9jlzxweEWurchwFnywTOs4KoMz0XDuVAaroRLIY/xcs1mY36Oxz2VbHUvmBS6+9zeMS8kkN48n+WuhwMxxUzE2VAw0O5DFAkvxBECdV76msekRMoSz+9VFlNtoJ5mAK1XiN4VJzDaQCM7vhd5MYsYLnj1RSurske4PgIvtzcsF4ZD/qQkcMJpxlL2be0FZUqF7/s7IL1bN5uhDJV3bylUZRTtZ+6UJ37vowIA1/m/kCwFTuzKdr/C7ndd1nXgFvTLNSi++mQfy0Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WEcc0SE4oPiN0SmAcpyy3kOOsHnnM51EP1UNglBUEKM=; b=sk+/qYjeQY5s/S/eynP5Mu6ZGhMqd/KDUjikbpjUbVWeBgVwitjVwutu2CPen+Ylxlc1mhj2LuniZDyOJkYtL9BegDOpzWzNMsBMe+SdOIoDAxzM4bsfjyel2RsL9t1f91lZ9bz92TzT0sW3+kA5FjoveoBd86qK7TOzrHBUJrZI3kG1Cq3U7Hg/Y3j1A0mnYUelUumG38o0/MzOWjusijaTMFk/JWGvR9/fJFtGSSeMvKahyeKLWSTmqy6+G6H2+MFY3VFkurIvNhQoVw+dOauxgz3/EhyL2M4R+Q0JVPvyaZ7ULc8UYI2KkKUwPbIKiTjcsBtYiNAPDEPa0cafCw==
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com (2603:10a6:102:24a::19) by PR3PR07MB6588.eurprd07.prod.outlook.com (2603:10a6:102:6b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.29; Tue, 7 Nov 2023 13:34:09 +0000
Received: from PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::1442:e083:8eec:ea03]) by PAXPR07MB8844.eurprd07.prod.outlook.com ([fe80::1442:e083:8eec:ea03%6]) with mapi id 15.20.6954.028; Tue, 7 Nov 2023 13:34:09 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] 802.1AR example
Thread-Index: AQHaEXfa7gYmoHrnAkCkX5J1pg10L7Bu0E2AgAAC8zQ=
Date: Tue, 07 Nov 2023 13:34:09 +0000
Message-ID: <PAXPR07MB884402AAD0D9587CF11469E9F4A9A@PAXPR07MB8844.eurprd07.prod.outlook.com>
References: <f91e0cf2-ddde-4567-ae03-47b08911f8e6@htt-consult.com> <f776ea81-e89b-49a3-b8a3-7dc8ecdd6f4d@htt-consult.com>
In-Reply-To: <f776ea81-e89b-49a3-b8a3-7dc8ecdd6f4d@htt-consult.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAXPR07MB8844:EE_|PR3PR07MB6588:EE_
x-ms-office365-filtering-correlation-id: 9bb7ee41-28fb-4376-6926-08dbdf9638b6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2ZeNzSIZd+AeLT0nyvPJVmr+dlSxwnC1ob1ffCYFYuqLLxsk7BF+tjCRH+jtSylrMKa9WGn/A+qLGirr43rlGMQy2f4VB4Up+VWCUTuP2StEZQsqWXERkw37mvdUjYglAH6zQKhRbfr8jFfkkfMDBd3Dy5yZjJ3fpGb3YSVSiwYHNCBMT1FvIkW/Tnv+kvOuSQ8JmSnE5TraprcMYQ36T+pCXaI60nS+42q/XvnhQOzsuvdmPFlNDqioxa/k+/SpTsRiIKuXjFpcZ1dSSs/XCgTyEAyvyRZASckH68cpwzY+Ki6BvdD3SzbNNG0aIPqK9JGoolq7HunfR/64eNAJNiSa3xb4O9tm6n6VH+lBI47IkBbgqCVPpKOkjTBuuK5i8rRC/Qt7QPwZG0SQwUz/B4TnX0urnY3/UO4eugENlNBsY7MVtoa8KkkY+rYsb/ILuRIEAy355rNenvNdhwCG41g3hsbZ0KbIA6RGy9o5TeGZqxKXakaB5H5I4lReT3MO20FFzpVQ8WcbCm5dHa+A73EN4iaeUwb9ID7Io8YoeCaKyfReBl2eP/af8sUmV4ZKTq7hre39dia7H7AvxWwl69N5aQ6bxVGShdleYcHY8Z9X84BXiiJoGyDVC6Etk+PBYU5PEkfZFcMm0B7i4JeoOthsW1aU324LtET9Rr2s9iX3EmoKKVvR7SqcEAwmYf7xwbAsipan064yPTv4z9h5rk1jiySNa7R2NgbzMG6kr2VrCY32auMzQksrBnNF1Zqa
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR07MB8844.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(39860400002)(136003)(396003)(376002)(366004)(230922051799003)(186009)(64100799003)(451199024)(1800799009)(55016003)(38100700002)(71200400001)(6506007)(7696005)(53546011)(166002)(8676002)(9686003)(82960400001)(33656002)(41300700001)(86362001)(2906002)(8936002)(52536014)(5660300002)(85182001)(64756008)(66446008)(66476007)(66946007)(110136005)(66556008)(85202003)(316002)(76116006)(122000001)(966005)(478600001)(38070700009)(414714003)(473944003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: QKpBizVDvz8V5wMaqtxbOVZzOkNQrC5hGNuT/Kr8Rchz5/Z93q3YFKgXMrtdNNxkChp7F1Vm7yPU379k5kMK/QmHgqwFGfzRRgm8o6D0xgwDr1fAsOK2EwoCIrCzFaHNXgz9uGrFLXSnS9hp5HR8u+SG2eTN9be6MwUtt6t0DTvbrhCRFhcNiywSo09Dy52cEekxRP1B4TMLlMgGsLIzu+fs5wAT/42fQJUdrwbhGO110OSUsX2fAKI4KlGTzGBbWXaar2OMA+gMdO+PcovNkCw0VGH879mRyuTIbyNJPMculPrGaiX6Z3rPg+KX2B4HTv1haiHgKE6somEg1yAzp6v7hNvwbAOG4o3D05QGx3bDmwu7leybeLFQBh4KfEFtAiasuHmOfIQnK5Oj1OpK0uoIxfZiuUPpAsBcGg2Eb7/Rjt1WAOY/2b5o3EBDv8R4LkRQytbSlQ812spy5gKRaSBwm6DN2GGqJmoOy49wdH+gzwfhyGKKg7jrWLhjEmtDhCcTmhDGH795OGvAlyaSCWov8rAD8J9i1sG7GUXCbr2UO1qpMo/joecOnzoo+hfBI6iXLi1rEhTWS/kiQy98V8lLTMkXYQsDBMawrVGOQ84UgDFx1ensuIwMdPRZw9tCuSTf4zEGLoWRRbI0Krbll4zr8WYn87l7aZI5YEifAsxXHbTGUcc1jpiqMXN77UlHomkbpxja5ptYL60H5QF0QtekF6soFRLF6bvk/wWWP2s0fXspH9cfgntSiXbxUanLmSOM0va3PJdQ7S9uofZg6nR7O6n50qXxJiDr4qzx89F1dmeGOE7u747fxTuNk8BZbAT6yJr24R5PvnoRKaS1nco2t+wONMcCQDtrUFuaG93fjA34sMYGjCiZM4L81Jk1XdEGgOdmWHGI1xtzUWNQkAufAXusgSgQRMpTWmAdekzF2h5HaJ0fBy8oZxLvekTjp2c2nCYMorHELlYOA3IKthVLR9Dbn8NtR3qBkhe0+zfoS/du46hvuHWuFT7yBX9t34Zpb732jxoC6Jewq2dnHIyShZHqeEPHlollbQtATM0k7mNyFVJIGc+NvRcY7mOYzVkFVUXAdLC6gSmtQ/hQl9oXiyRiwWsYdnmCb5JXB64nxQU/U+QTotBKAhdztCAP1fjhxzrxXwyqMIyM63axiytcZLiwfB6OYJ+SQMVtJbjb3DD/cu2D6OT9Ogh0dLav7rJNs/sWJYjtbXmanQ9EchDABq6eykjm8nyskQ3pXO1pWEmLqON7KYvOf7T5tjPk1t5Qf9ZHmP+onr3YBJnOwz5nOLc2Hd5BpYIou33CJSfFR8edq2x3XT3UDtMmMh/b4BNMyVTVWsAjp+OQIt2JFctwxgDMYYoN5FaRwrp7SRyDloUuP6XYBRda4ByQtpFvXpwvDFc7USpKePHaC8cHztRN8D7Iv0rQqlWbyutZo+i6Se1E1+a0iCfGQy/anIvMf0bWDsangmeArOwjrHZyEYlzJ0VRi20FbfJjcn8YVFLr4IM6ehGjuR6ir2GApR2Qm/o1qZycXZen04/b8Hqi26dv2nQwbuQnirMaS/MQj77WhAn2eBXuxLd31BAmeyX9mIuVDQXsxCqhTzmwiYQ3qi6VpO8l75Sqtdz3vpAOZukUO0VUo4gWtmeeFJlAu1uA5A07scA73nvvSicsraMJ7U8WiUmHsA2I6fngRgTBdLo=
Content-Type: multipart/alternative; boundary="_000_PAXPR07MB884402AAD0D9587CF11469E9F4A9APAXPR07MB8844eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB8844.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9bb7ee41-28fb-4376-6926-08dbdf9638b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2023 13:34:09.2265 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UQgeXKIpFnHOOVwrTDh+iVda/svbFb5ltzu+3YQGnHhsfPdzelvSlBVD2OBaiX2xq6ZYB/HhEMdQeqJ8sJUKyw1Mq4LSE+gAT4Y3Av7Ue/E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB6588
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/iOCBqRo0NUxS-8x4_v_1fBjAIlo>
Subject: Re: [COSE] 802.1AR example
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2023 13:34:33 -0000

Thanks, Bob!

I wasn’t clear in the meeting what we have and what we may be missing.

In section A.2 of C509 (https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-07#name-example-ieee-8021ar-profile) we are referring to section A.2 / C.2 in RFC 9148, which has similar certificates to the once you just sent. Very similar indeed, they are also made with your script 😊.

The open issue was whether we should go with these or try to find deployed IDevID certificates from some device.

Let’s continue the discussion offlist!

Göran





From: COSE <cose-bounces@ietf.org> on behalf of Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Tuesday, 7 November 2023 at 13:55
To: cose@ietf.org <cose@ietf.org>
Subject: Re: [COSE] 802.1AR example


On 11/7/23 07:41, Robert Moskowitz wrote:
> I just checke my draft:
>
> draft-moskowitz-ec-pki/draft-moskowitz-ec-pki
>
> And there are no actual examples.  So I looked in my files where I did
> the testing for writing this and here is a 1AR DER:
>
> -----BEGIN CERTIFICATE-----
> MIICYzCCAgmgAwIBAgIIUQ3O0GPrmkYwCgYIKoZIzj0EAwIwWDELMAkGA1UEBhMC
> VVMxCzAJBgNVBAgMAk1JMREwDwYDVQQHDAhPYWsgUGFyazEXMBUGA1UECgwOSFRU
> IENvbnN1bHRpbmcxEDAOBgNVBAMMB1Jvb3QgQ0EwIBcNMTcwODE4MTg0MTExWhgP
> OTk5OTEyMzEyMzU5NTlaMDwxFzAVBgNVBAoMDkhUVCBDb25zdWx0aW5nMRAwDgYD
> VQQLDAdEZXZpY2VzMQ8wDQYDVQQFEwZXdDEyMzQwWTATBgcqhkjOPQIBBggqhkjO
> PQMBBwNCAASDND5LR1ti1BF1Cie7sbvYtPxKA55xDVr6SbUPtfkQlux/3G7ld1f7
> E6QstR43jNftY2r3Fewa9h+5NVcAkhSZo4HWMIHTMAkGA1UdEwQCMAAwgYkGA1Ud
> IwSBgTB/gBQm/YWlGql/tNedOcaEzHx40Ur/gqFcpFowWDELMAkGA1UEBhMCVVMx
> CzAJBgNVBAgMAk1JMREwDwYDVQQHDAhPYWsgUGFyazEXMBUGA1UECgwOSFRUIENv
> bnN1bHRpbmcxEDAOBgNVBAMMB1Jvb3QgQ0GCCQDyYdUCUKbOqjAOBgNVHQ8BAf8E
> BAMCBaAwKgYDVR0RBCMwIaAfBggrBgEFBQcIBKATMBEGCSsGAQQBtDsKAQQEAQID
> BDAKBggqhkjOPQQDAgNIADBFAiEAz/lrMNjZO+aaGi+sdsmHwSQWJjaEiBnCyJq5
> 7jiZb3ACIGvMYqqrtgnDPOM/tDQ9UAm2zEzNmrLmGC+6xJDLxqTG
> -----END CERTIFICATE-----
>
>
> See what you get when you cbor it!

openssl x509 -noout -text -in
/home/rgm/data/ca/8021ARintermediate/certs/Wt1234.cert.pem
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 5840551686194305606 (0x510dced063eb9a46)
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = MI, L = Oak Park, O = HTT Consulting, CN =
Root CA
         Validity
             Not Before: Aug 18 18:41:11 2017 GMT
             Not After : Dec 31 23:59:59 9999 GMT
         Subject: O = HTT Consulting, OU = Devices, serialNumber = Wt1234
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
                 pub:
                     04:83:34:3e:4b:47:5b:62:d4:11:75:0a:27:bb:b1:
                     bb:d8:b4:fc:4a:03:9e:71:0d:5a:fa:49:b5:0f:b5:
                     f9:10:96:ec:7f:dc:6e:e5:77:57:fb:13:a4:2c:b5:
                     1e:37:8c:d7:ed:63:6a:f7:15:ec:1a:f6:1f:b9:35:
                     57:00:92:14:99
                 ASN1 OID: prime256v1
                 NIST CURVE: P-256
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Authority Key Identifier:
keyid:26:FD:85:A5:1A:A9:7F:B4:D7:9D:39:C6:84:CC:7C:78:D1:4A:FF:82
                 DirName:/C=US/ST=MI/L=Oak Park/O=HTT Consulting/CN=Root CA
                 serial:F2:61:D5:02:50:A6:CE:AA
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment
             X509v3 Subject Alternative Name:
                 othername: 1.3.6.1.5.5.7.8.4::<unsupported>
     Signature Algorithm: ecdsa-with-SHA256
     Signature Value:
         30:45:02:21:00:cf:f9:6b:30:d8:d9:3b:e6:9a:1a:2f:ac:76:
         c9:87:c1:24:16:26:36:84:88:19:c2:c8:9a:b9:ee:38:99:6f:
         70:02:20:6b:cc:62:aa:ab:b6:09:c3:3c:e3:3f:b4:34:3d:50:
         09:b6:cc:4c:cd:9a:b2:e6:18:2f:ba:c4:90:cb:c6:a4:c6

openssl asn1parse -i -in
/home/rgm/data/ca/8021ARintermediate/certs/Wt1234.cert.pem
     0:d=0  hl=4 l= 611 cons: SEQUENCE
     4:d=1  hl=4 l= 521 cons:  SEQUENCE
     8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
    10:d=3  hl=2 l=   1 prim:    INTEGER           :02
    13:d=2  hl=2 l=   8 prim:   INTEGER           :510DCED063EB9A46
    23:d=2  hl=2 l=  10 cons:   SEQUENCE
    25:d=3  hl=2 l=   8 prim:    OBJECT            :ecdsa-with-SHA256
    35:d=2  hl=2 l=  88 cons:   SEQUENCE
    37:d=3  hl=2 l=  11 cons:    SET
    39:d=4  hl=2 l=   9 cons:     SEQUENCE
    41:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
    46:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :US
    50:d=3  hl=2 l=  11 cons:    SET
    52:d=4  hl=2 l=   9 cons:     SEQUENCE
    54:d=5  hl=2 l=   3 prim:      OBJECT :stateOrProvinceName
    59:d=5  hl=2 l=   2 prim:      UTF8STRING        :MI
    63:d=3  hl=2 l=  17 cons:    SET
    65:d=4  hl=2 l=  15 cons:     SEQUENCE
    67:d=5  hl=2 l=   3 prim:      OBJECT            :localityName
    72:d=5  hl=2 l=   8 prim:      UTF8STRING        :Oak Park
    82:d=3  hl=2 l=  23 cons:    SET
    84:d=4  hl=2 l=  21 cons:     SEQUENCE
    86:d=5  hl=2 l=   3 prim:      OBJECT :organizationName
    91:d=5  hl=2 l=  14 prim:      UTF8STRING        :HTT Consulting
   107:d=3  hl=2 l=  16 cons:    SET
   109:d=4  hl=2 l=  14 cons:     SEQUENCE
   111:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
   116:d=5  hl=2 l=   7 prim:      UTF8STRING        :Root CA
   125:d=2  hl=2 l=  32 cons:   SEQUENCE
   127:d=3  hl=2 l=  13 prim:    UTCTIME           :170818184111Z
   142:d=3  hl=2 l=  15 prim:    GENERALIZEDTIME   :99991231235959Z
   159:d=2  hl=2 l=  60 cons:   SEQUENCE
   161:d=3  hl=2 l=  23 cons:    SET
   163:d=4  hl=2 l=  21 cons:     SEQUENCE
   165:d=5  hl=2 l=   3 prim:      OBJECT :organizationName
   170:d=5  hl=2 l=  14 prim:      UTF8STRING        :HTT Consulting
   186:d=3  hl=2 l=  16 cons:    SET
   188:d=4  hl=2 l=  14 cons:     SEQUENCE
   190:d=5  hl=2 l=   3 prim:      OBJECT :organizationalUnitName
   195:d=5  hl=2 l=   7 prim:      UTF8STRING        :Devices
   204:d=3  hl=2 l=  15 cons:    SET
   206:d=4  hl=2 l=  13 cons:     SEQUENCE
   208:d=5  hl=2 l=   3 prim:      OBJECT            :serialNumber
   213:d=5  hl=2 l=   6 prim:      PRINTABLESTRING   :Wt1234
   221:d=2  hl=2 l=  89 cons:   SEQUENCE
   223:d=3  hl=2 l=  19 cons:    SEQUENCE
   225:d=4  hl=2 l=   7 prim:     OBJECT            :id-ecPublicKey
   234:d=4  hl=2 l=   8 prim:     OBJECT            :prime256v1
   244:d=3  hl=2 l=  66 prim:    BIT STRING
   312:d=2  hl=3 l= 214 cons:   cont [ 3 ]
   315:d=3  hl=3 l= 211 cons:    SEQUENCE
   318:d=4  hl=2 l=   9 cons:     SEQUENCE
   320:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Basic
Constraints
   325:d=5  hl=2 l=   2 prim:      OCTET STRING      [HEX DUMP]:3000
   329:d=4  hl=3 l= 137 cons:     SEQUENCE
   332:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Authority
Key Identifier
   337:d=5  hl=3 l= 129 prim:      OCTET STRING      [HEX
DUMP]:307F801426FD85A51AA97FB4D79D39C684CC7C78D14AFF82A15CA45A3058310B3009060355040613025553310B300906035504080C024D493111300F06035504070C084F616B205061726B31173015060355040A0C0E48545420436F6E73756C74696E673110300E06035504030C07526F6F74204341820900F261D50250A6CEAA
   469:d=4  hl=2 l=  14 cons:     SEQUENCE
   471:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Key Usage
   476:d=5  hl=2 l=   1 prim:      BOOLEAN           :255
   479:d=5  hl=2 l=   4 prim:      OCTET STRING      [HEX DUMP]:030205A0
   485:d=4  hl=2 l=  42 cons:     SEQUENCE
   487:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject
Alternative Name
   492:d=5  hl=2 l=  35 prim:      OCTET STRING      [HEX
DUMP]:3021A01F06082B06010505070804A013301106092B06010401B43B0A01040401020304
   529:d=1  hl=2 l=  10 cons:  SEQUENCE
   531:d=2  hl=2 l=   8 prim:   OBJECT            :ecdsa-with-SHA256
   541:d=1  hl=2 l=  72 prim:  BIT STRING

openssl asn1parse -i -strparse 492 -in
/home/rgm/data/ca/8021ARintermediate/certs/Wt1234.cert.pem
     0:d=0  hl=2 l=  33 cons: SEQUENCE
     2:d=1  hl=2 l=  31 cons:  cont [ 0 ]
     4:d=2  hl=2 l=   8 prim:   OBJECT            :1.3.6.1.5.5.7.8.4
    14:d=2  hl=2 l=  19 cons:   cont [ 0 ]
    16:d=3  hl=2 l=  17 cons:    SEQUENCE
    18:d=4  hl=2 l=   9 prim:     OBJECT :1.3.6.1.4.1.6715.10.1
    29:d=4  hl=2 l=   4 prim:     OCTET STRING      [HEX DUMP]:01020304

Bob

_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email