[openssl-users] More on cert serialnumbers
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 17 15:15:54 UTC 2017
On 08/17/2017 10:49 AM, Karl Denninger wrote:
>
>
> On 8/17/2017 09:40, Robert Moskowitz wrote:
>> I have been researching serial number in cert based on Jakob's comment:
>>
>> "- Serial numbers are *exactly* 20 bytes (153 to 159 bits) both as
>> standalone
>> numbers and as DER-encoded numbers. Note that this is not the
>> default in
>> the openssl ca program.
>>
>> - Serial numbers contain cryptographically strong random bits,
>> currently at
>> least 64 random bits, though it is best if the entire serial number
>> looks
>> random from the outside. This is not implemented by the openssl ca
>> program."
>>
>> And this is supposedly from the CA/B BF?
>>
>> Though Erwann responded:
>>
>> "There’s no such requirement. It MUST be at most 20 octets long"
>>
>> I see how for all certs other than the root (get to that later), I
>> can control this with:
>>
>> openssl rand -hex 20 > serial
>>
>> then use 'openssl ca ...'
>>
>> But from Kyle's comment, the first bit must be ZERO.
> So since the 20 octets is a maximum and not a requirement use -hex 19
> instead, and if this results in DER placing a leading 0x00 byte you're
> still ok. This also complies with the ballot that Rich mentioned
> since you have more entropy than required.
>
> At least I think that meets the requirements....
And 19 is more than 18! And the first time I tried this I got:
a2b7499f19b3b7b4a54ccd2036d59a4a906756
And the 2nd time I tried with 20:
f7f01d018605411c8788a82e465d7991d574b08f
So that first bit can really be a problem. Probably about 1/2 the time! :)
Bob
More information about the openssl-users
mailing list