Set a Bigint serial number is certificate

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.

http://pkijs.org

Other

1.25k stars 204 forks source link

Set a Bigint serial number is certificate #283

Closed jefjos closed 3 years ago

jefjos commented 3 years ago

Can I set a Bigint as serial number in certificate?

I am creating a serialNumber of 128 bits length,, but asn1.Integer takes number(64 bits) as constructor param.

YuryStrozhevsky commented 3 years ago

const bigInteger = new asn1js.Integer({ isHexOnly: true, valueHex: <put ArrayBuffer value here> });
const stringRepresentationForBigInteger = bigInteger.toString(); // Will have loooong number here, bigger than JS can handle

jefjos commented 3 years ago

Thanks @YuryStrozhevsky

I tried your suggestion, however I am getting a negative serial number

    Serial Number:
         (Negative)7e:78:e6:ef:a0:c0:b2:ad:40:84:9c:48:f6:ae:cc:4a

Serial numbers are supposed to be positive integers I believe - https://tools.ietf.org/html/rfc5280#section-4.1.2.2

YuryStrozhevsky commented 3 years ago

You need to be more familiar with ASN.1 integers. If you need non-negative ASN.1 integer for this particular value just put 0x00 at the beginning.

jefjos commented 3 years ago

Thanks @YuryStrozhevsky for your answer. I tried adding 0x00 in the beginning. However such a certificate cannot be decoded by OpenSSL as it gives me an illegal padding error. So then I tried adding a single byte with value 1, so that it is not considered illegal padding, and the value also turns positive. Thank you for the inputs, they have helped me a lot.

YuryStrozhevsky commented 3 years ago

Again - you need to be more familiar with ASN.1 integers. Read any articles about "two's compliment number format".