search

Ymagis / ClairMeta

Clairmeta is a python package for Digital Cinema Package (DCP) probing and checking.
BSD 3-Clause "New" or "Revised" License
84 stars 22 forks source link

Question about a certificate encoding error #202

Open bioleyl opened 3 years ago

bioleyl commented 3 years ago

Hello,

I got that on a DCP: Certificate Issuer and Subject attributes encoding check. Subject organizationName field encoding should be PrintableString, got UTF8String

I don't really understand the problem here. UTF8 is not "printable"?

Best regards

remia commented 2 years ago

Sorry for the late answer here, quoting the standard SMPTE ST 430-2-2017:

Exactly one instance of the OrganizationName attribute is required in the Subject name and the Issuer name. It shall be a PrintableString. It should be a meaningful (to humans) name of the organization that is providing the root of trust for all certificates in this chain. There may be multiple roots of trust. The OrganizationName in the Issuer field shall match the OrganizationName in the Subject field. This means that the OrganizationName shall be the same in all certificates that chain back to the same root.

While not being an expert in ASN.1 I would say PrintableString is simply more restrictive than the UTF8String type the certificate found in your DCP is using and as such is not following strictly the standard.

I can not say if that will cause issue in the field or not.