[openssl-users] Using set_serial to control serial number size directly
Robert Moskowitz
rgm at htt-consult.com
Mon Aug 21 14:22:05 UTC 2017
On 08/21/2017 10:03 AM, Salz, Rich wrote:
> If the root is going to be trusted, make its serial number be one. ☺
> Otherwise use eight bytes of random as the serial number, if you follow CABF guidelines.
Kind of where my thinking is going. But once I make it '1', it might as
well be 1 byte rand! :)
Well 1 - 127 random...
But no need to make it 20 octets. Just leave it at 8. And yes, I can
see some jump on the 'save' 7 bytes bandwagon. Also why I have to work
out BER to compare that sizing to DER. Trying to do that today.
Bob
More information about the openssl-users
mailing list