[openssl-users] More on cert serialnumbers

Robert Moskowitz rgm at htt-consult.com
Thu Aug 17 15:15:54 UTC 2017

On 08/17/2017 10:49 AM, Karl Denninger wrote:
> On 8/17/2017 09:40, Robert Moskowitz wrote:
>> I have been researching serial number in cert based on Jakob's comment:
>> "- Serial numbers are *exactly* 20 bytes (153 to 159 bits) both as 
>> standalone
>>  numbers and as DER-encoded numbers.  Note that this is not the 
>> default in
>>  the openssl ca program.
>> - Serial numbers contain cryptographically strong random bits, 
>> currently at
>>  least 64 random bits, though it is best if the entire serial number 
>> looks
>>  random from the outside.  This is not implemented by the openssl ca 
>> program."
>> And this is supposedly from the CA/B BF?
>> Though Erwann responded:
>> "There’s no such requirement. It MUST be at most 20 octets long"
>> I see how for all certs other than the root (get to that later), I 
>> can control this with:
>> openssl rand -hex 20 > serial
>> then use 'openssl ca ...'
>> But from Kyle's comment, the first bit must be ZERO.
> So since the 20 octets is a maximum and not a requirement use -hex 19 
> instead, and if this results in DER placing a leading 0x00 byte you're 
> still ok.  This also complies with the ballot that Rich mentioned 
> since you have more entropy than required.
> At least I think that meets the requirements....

And 19 is more than 18!  And the first time I tried this I got:


And the 2nd time I tried with 20:


So that first bit can really be a problem.  Probably about 1/2 the time!  :)


More information about the openssl-users mailing list