rfc5280 serialNumber question
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 21 18:20:09 UTC 2023
On Fri, Jul 21, 2023 at 01:59:40PM -0400, Robert Moskowitz wrote:
> I looked at a couple of certs. I might think that if the first hex is
> "F" then the 1st bit is 1, but:
>
> 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
> 10:d=3 hl=2 l= 1 prim: INTEGER :02
> 13:d=2 hl=2 l= 9 prim: INTEGER :FE0E6F3753087370
OpenSSL `asn1parse` isn't showing you the leading `00` that keeps the
number positive. Note that the encoded length is 9 bytes, but the
payload you see is only 8 bytes (16 nibbles):
$ printf FE0E6F3753087370 | wc -c
16
> 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
> 10:d=3 hl=2 l= 1 prim: INTEGER :02
> 13:d=2 hl=2 l= 9 prim: INTEGER :AEB77AEE2A3CBCD3
Ditto:
$ printf AEB77AEE2A3CBCD3 | wc -c
16
--
Viktor.
More information about the openssl-users
mailing list