Closed Bren2010 closed 3 years ago
@Bren2010 The SignedCertificateTimestamp
is initially a binary data and the class intended to be a "helper" for already existing data. It is hard to say what you got in your test without your input data. Also since you are interested in SignedCertificateTimestamp
you might be interested in CTjs. There you would find another SignedCertificateTimestamp
realization and example on how to initialize SignedCertificateTimestamp
class from binary data in certificate.
I'm actually trying to provide data to the class and have it encode a new SCT for me that would be suitable for embedding in a certificate. So my input is essentially:
let sct = new SignedCertificateTimestamp({
version: 0,
logID: Base64.toUint8Array(id).buffer,
timestamp: ts,
extensions: Base64.toUint8Array(extensions).buffer,
hashAlgorithm: 'sha256',
signatureAlgorithm: 'ecdsa',
signature: sig,
})
CTjs looks cool, but I don't see SignedCertificateTimestampList
in it
@Bren2010 The SignedCertificateTimestamp
is need to be made on side of Certificate Transparency Log Server. At the moment we do not provide such functionality since it is really useless in "client-oriented" library like PKIjs is.
The CTjs does not have SignedCertificateTimestampList
because it is trivial to decode it. This is how it is done in PKIjs, and this how same done via CTjs.
Yes, the data that goes into an SCT needs to be generated by a CT log. But the CT log returns the data in JSON and it needs to be re-encoded into DER to go into a certificate. This library could possibly do the re-encoding but there's a bug
This is not a bug: we just do not support this functionaity.
Doing something like
gives output that's 1000 bytes long, independent of the content of the SCT