Trying to encode an SCT / SCTList gives output with extra padding

[Bren2010]

Doing something like

let sct = new SignedCertificateTimestamp({ ... })
return sct.toSchema().toBER(false)

gives output that's 1000 bytes long, independent of the content of the SCT

[YuryStrozhevsky]

@Bren2010 The SignedCertificateTimestamp is initially a binary data and the class intended to be a "helper" for already existing data. It is hard to say what you got in your test without your input data. Also since you are interested in SignedCertificateTimestamp you might be interested in CTjs. There you would find another SignedCertificateTimestamp realization and example on how to initialize SignedCertificateTimestamp class from binary data in certificate.

[Bren2010]

I'm actually trying to provide data to the class and have it encode a new SCT for me that would be suitable for embedding in a certificate. So my input is essentially:

let sct = new SignedCertificateTimestamp({
        version: 0,
        logID: Base64.toUint8Array(id).buffer,
        timestamp: ts,
        extensions: Base64.toUint8Array(extensions).buffer,
        hashAlgorithm: 'sha256',
        signatureAlgorithm: 'ecdsa',
        signature: sig,
      })

CTjs looks cool, but I don't see SignedCertificateTimestampList in it

[YuryStrozhevsky]

@Bren2010 The SignedCertificateTimestamp is need to be made on side of Certificate Transparency Log Server. At the moment we do not provide such functionality since it is really useless in "client-oriented" library like PKIjs is.

The CTjs does not have SignedCertificateTimestampList because it is trivial to decode it. This is how it is done in PKIjs, and this how same done via CTjs.

[Bren2010]

Yes, the data that goes into an SCT needs to be generated by a CT log. But the CT log returns the data in JSON and it needs to be re-encoded into DER to go into a certificate. This library could possibly do the re-encoding but there's a bug

[YuryStrozhevsky]

This is not a bug: we just do not support this functionaity.