Parsing and generating CBOR certificates?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Thu Jan 21 01:07:45 UTC 2021 

On 1/20/21, 19:42, "Benjamin Kaduk" <bkaduk at akamai.com> wrote:
>    And again, where do you believe such a conversion is specified?

What do you mean "specified"? There's an ASN.1 "specification" of the certificate format, which theoretically can be encoded into whatever - DER, PER, OER, etc. One such tool (https://github.com/mouse07410/asn1c.git that I use) generates from ASN.1 file codecs for many encoding formats, and is able to convert between them.

Unfortunately, there's no ASN.1 -> CBOR codec generator, AFAIK, which is why I'm asking here.

>   The IETF internet-draft I reference is a way to do so, but it is (to repeat)
>   very much a work in progress.

Understood. Do you know if there's any code behind it? Or just the "theory"?

Thanks!

    On Thu, Jan 21, 2021 at 12:35:24AM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
    > I meant not "CBOR protocol" (which,  in all likelihood, doesn't and shouldn't exist) but CBOR encoding of X.509 certificates (which, hopefully, does exists).
    > 
    > At least, I'm looking for a tool that would convert between these two encodings (DER and CBOR) for specific objects (X.509-conformant certificates).
    > 
    > Thanks
    > 
    > Regards,
    > Uri
    > 
    > > On Jan 20, 2021, at 19:26, Kaduk, Ben <bkaduk at akamai.com> wrote:
    > > 
    > > No.  OpenSSL does not include any CBOR protocol support.
    > > I'm also not sure what you mean by "CBOR-encoded certificate"; I don't
    > > know of any such thing other than
    > > https://datatracker.ietf.org/doc/draft-mattsson-cose-cbor-cert-compress/
    > > which is very much still a work in progress.
    > > 
    > > -Ben
    > > 
    > > ________________________________________
    > > From: Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu>
    > > Sent: Wednesday, January 20, 2021 4:22 PM
    > > To: openssl-users
    > > Subject: Parsing and generating CBOR certificates?
    > > 
    > > I need to work with CBOR-encoded certificates. Is there any way to use OpenSSL to parse and/or generate certs in CBOR encoding?
    > > 
    > > Thanks
    > > 
    > > Regards,
    > > Uri


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210121/31712602/attachment.bin>

More information about the openssl-users mailing list