[openssl-users] Another problem with openssl x509 -req -- default_enddate

[Viktor Dukhovni]

On Wed, Aug 30, 2017 at 06:03:03AM -0400, Robert Moskowitz wrote:

> I woke up a little clearer head, and realized, that a truly
> constrained device won't even bother with DER, but just store the raw
> keypair.

FWIW, Apple's boot firmware stores the signature key as the raw
RSA key bits in little-endian form for efficient computation on
Intel CPUs.  No PEM or ASN.1 in sight.

Similarly, there's no ASN.1 in the DNSSEC DNSKEY RDATA format.
For RSA just the key and exponent octets:

    $ echo $(dig +short +nosplit -t dnskey . | grep -w 256 | awk '{print $NF}' | openssl base64 -A -d | hexdump -ve '/1 "%02x"')
    030100018bf1ad038eba329d673fb7ecffa82f897b7b7e7fd1d887fe66484c68e5a787fcd591902b8d8737149f92249a8629cf477b746108630b7f77357e13a2b4a24c9cbbe9305675d34e902fc8686a9c6f87ab53e9d0ef99362dfd2822903ba930a4dd4933601aa12831c702bd94762b44eee14b0dca17e2704b0a8687e45b5fc6152ac93951bb44415c012e28efab3914c53f45e0039be5cd5997b700a46fd1bc1a49c7b8ed63540c2edecc8f4551c4ac86da5ecd7e8da86f5962fe0e8e3077e940f932f7fa9524fb32930f69dcabb65b24165d768f53ecf663be7b56254cc81c83166511408e98be57ba60874a352985d980351b880d6cf682c02f528b49d9a82183

The "03" is the exponent length (limited to 255 octets), the "10
00 01" is the usual F_4 (65537) exponent, and the remaining 512
nibbles are the RSA modulus.

So indeed, you'd not be the first to consider a special-purpose
concise format.  It is somewhat surprising that the applications
you're considering use X.509 certificates at all, rather than just
raw public keys.  With expiration times in the year "9999", the
extra bloat of certificates is perhaps just useless baggage.
Admittedly, I don't know how the security model in question relates
to the real-world constraints of the supply chain, who gets to sign
certificates for devices allowed to participate, and whether a
certificateless public key database might have been a realistic
option.

-- 
	Viktor.