Can create a cert with no serial number?
David von Oheimb
it at von-Oheimb.de
Thu Jun 1 18:59:13 UTC 2023
> On Thu, 2023-06-01 at 08:01 -0700, Job Cacka wrote:
> > “If certificates could be transmitted/stored in efficiently
> > compressed (zipped) from,
> > theoretically one could save a couple of bytes by choosing as values
> > of low-entropy fields such as notBefore, notAfter, subject, and
> > issuer
> > not only strings as short as possible, but also with a high portion
> > of repeated chars,
> > such as
> >
> > Issuer: CN = 20010000000000efS
> > Not Before: Nov 11 11:11:11 2023 GMT
> > Not After : Nov 11 11:11:11 2025 GMT
> > ”
>
> Intentionally repeating characters in a hash is a great way to provide
> the hash to be broken. As I recall there is something about repeating
> a character more than 3 times consecutively that decreases the
> effectiveness of the hash. So the use of the series of zero’s and the
> repeated pattern “11:” are probably bad for hash security. I am unsure
> if that matters in this context
Of course, trying to change the signed contents (i.e., manipulating the
hashed part) is not what I meant.
But:
* make sure that those low-entropy fields have "easily compressable"
content
by taking advantage of inessential or repeated portions of those
strings
* then let the CA sign the cert as usual
* wherever size matters during storage and transfer, perform an
efficient (likely custom) lossless compression on the cert
* before using the cert (for any validation stuff where the cert is
involved), uncompress it to its original form
Yet is mentioned, this hint is likely just theoretical/hypothetic,
because the receiving party would need to be able to handle (i.e.,
uncompress) such certs
David
>
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> David von Oheimb
> Sent: Thursday, June 1, 2023 12:00 AM
> To: Robert Moskowitz <rgm at htt-consult.com>
> Cc: openssl-users at openssl.org
> Subject: Re: Can create a cert with no serial number?
>
> > Probably could cut more if I put the DET (a specific IPv6 address)
> > somehow into subject rather than SAN flagged critical.
>
> Generally, removing X.509v3 extensions helps save space,
> yet replacing a SAN with an IPv6 address by a subject DN entry
> simulating the value, e.g., in the CN would be counterproductive
> because the binary representation in the SAN is more efficient.
> Here is an example (ab-)using OpenSSL test credential material:
>
> openssl x509 -new -CA test/certs/server-ed25519-cert.pem \
> -set_serial 2 -CAkey test/certs/server-ed25519-key.pem \
> -force_pubkey test/certs/root-ed25519.pubkey.pem -subj / \
> -extfile <(printf "subjectAltName =
> IP:2001:3F:FE3F:F805:A93E:53B7:2709:E0BA\n
> subjectKeyIdentifier = none\n
> authorityKeyIdentifier = none") \
> -days 365 -outform der | wc | awk '{ print $3 }'
> 226
>
> openssl x509 -new -CA test/certs/server-ed25519-cert.pem \
> -set_serial 2 -CAkey test/certs/server-ed25519-key.pem \
> -force_pubkey test/certs/root-ed25519.pubkey.pem \
> -subj "/CN=20013FFE3FF805A93E53B72709E0BA" \
> -extfile <(printf "subjectKeyIdentifier = none\n
> authorityKeyIdentifier = none") \
> -days 365 -outform der | wc | awk '{ print $3 }'
> 238
>
>
> Unfortunately you cannot drop the rather inessential notBefore field,
> and the coding restrictions in RFC 5280
> disallow using a shortened (possibly even empty) string there.
>
> If certificates could be transmitted/stored in efficiently compressed
> (zipped) from,
> theoretically one could save a couple of bytes by choosing as values
> of low-entropy fields such as notBefore, notAfter, subject, and issuer
> not only strings as short as possible, but also with a high portion of
> repeated chars,
> such as
>
> Issuer: CN = 20010000000000efS
> Not Before: Nov 11 11:11:11 2023 GMT
> Not After : Nov 11 11:11:11 2025 GMT
>
> David
>
>
> On Wed, 2023-05-31 at 14:19 -0400, Robert Moskowitz wrote:
> > Well, I got the DER down to 240 bytes by dropping all the
> > constraints.
> > Probably could cut more if I put the DET (a specific IPv6 address)
> > somehow into subject rather than SAN flagged critical. For your
> > review,
> > this is what I have come up with. This will replace what I
> > currently
> > have in draft-moskowitz-drip-dki
> >
> > Use of this cert will rely on the DNS structure we will be creating
> > for
> > DRIP. For example to find the issuing cert, the CN below maps to a
> > specific FQDN that any DRIP compliant implementation will know to
> > find.
> > And if this cert is not found in the matching ip6.arpa. fqdn it has
> > been
> > revoked. This cert is 2x the size of the DRIP specific RATS-styled
> > Endorsement. Implementers will be able to choose their poison.
> >
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number: 160 (0xa0)
> > Signature Algorithm: ED25519
> > Issuer: CN = 2001003ffe3ff805S
> > Validity
> > Not Before: May 21 00:00:00 2023 GMT
> > Not After : May 24 00:00:00 2023 GMT
> > Subject:
> > Subject Public Key Info:
> > Public Key Algorithm: ED25519
> > ED25519 Public-Key:
> > pub:
> > bf:04:53:a0:11:20:ed:8e:65:1a:e9:f6:95:1a:82:
> > 78:3d:a8:20:29:6a:33:8e:ff:d5:4a:0b:a8:46:a9:
> > 98:75
> > X509v3 extensions:
> > X509v3 Subject Alternative Name: critical
> > IP Address:2001:3F:FE3F:F805:A93E:53B7:2709:E0BA
> > Signature Algorithm: ED25519
> > Signature Value:
> > d1:cd:bb:64:03:9e:95:1a:8c:fa:eb:59:a6:65:ff:bc:0f:39:
> > e4:4f:ac:81:cf:c5:13:1e:62:e3:f1:bd:84:46:9c:5f:7c:52:
> > ff:bd:3e:f8:e7:d4:9d:8d:38:fe:70:62:f9:9c:10:f1:aa:b0:
> > 46:c8:92:f9:9b:1a:09:d0:d6:0f
> >
> >
> >
> > On 5/31/23 13:36, Richard Levitte wrote:
> > > The serial number is a defined field in the certificate structure.
> > > It's not optional, so you can't get away from it.
> > >
> > > In ASN.1 terms, it's an INTEGER. In DER terms, the smallest
> > > possible
> > > INTEGER occupies 3 bytes (one for the tag, which is 02, one for
> > > the
> > > length 01, and one value byte in the decimal range -128..127
> > > (80..7F)).
> > >
> > > Without the serial number (just like without any other non-
> > > optional
> > > field), whatever you happen to produce will not be a recognisable
> > > X.509 certificate.
> > >
> > > That's it.
> > >
> > > Cheers,
> > > Richard
> > >
> > >
> > > >
> > > > Am 31. Mai 2023 15:41:02 MESZ schrieb Robert Moskowitz
> > > > <rgm at htt-consult.com>:
> > > >
> > > > I tried putting in my conf:
> > > >
> > > > serial = none
> > > >
> > > > and that made an error.
> > > >
> > > > Best I have done is a serial of length 1 byte. But in
> > > > my work, the subject or SAN provide uniqueness and CRLs will not
> > > > be used. So want to see if I can create a cert with NO serial
> > > > number.
> > > >
> > > > Thanks
> > > >
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230601/dc3debfb/attachment-0001.htm>
More information about the openssl-users
mailing list