[openssl-users] More on cert serialnumbers
rgm at htt-consult.com
Thu Aug 17 15:15:54 UTC 2017
On 08/17/2017 10:49 AM, Karl Denninger wrote:
> On 8/17/2017 09:40, Robert Moskowitz wrote:
>> I have been researching serial number in cert based on Jakob's comment:
>> "- Serial numbers are *exactly* 20 bytes (153 to 159 bits) both as
>> numbers and as DER-encoded numbers. Note that this is not the
>> default in
>> the openssl ca program.
>> - Serial numbers contain cryptographically strong random bits,
>> currently at
>> least 64 random bits, though it is best if the entire serial number
>> random from the outside. This is not implemented by the openssl ca
>> And this is supposedly from the CA/B BF?
>> Though Erwann responded:
>> "There’s no such requirement. It MUST be at most 20 octets long"
>> I see how for all certs other than the root (get to that later), I
>> can control this with:
>> openssl rand -hex 20 > serial
>> then use 'openssl ca ...'
>> But from Kyle's comment, the first bit must be ZERO.
> So since the 20 octets is a maximum and not a requirement use -hex 19
> instead, and if this results in DER placing a leading 0x00 byte you're
> still ok. This also complies with the ballot that Rich mentioned
> since you have more entropy than required.
> At least I think that meets the requirements....
And 19 is more than 18! And the first time I tried this I got:
And the 2nd time I tried with 20:
So that first bit can really be a problem. Probably about 1/2 the time! :)
More information about the openssl-users