The simplest, and also most IoT-like option is to have an example close to our existing IoT certificate. But with either only keyAgreement-capabilities (V I), or digitalSignature AND keyAgreement-capabilities (V II).
Any preferences?
VERSION I:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 128271 (0x1f50f)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=RFC test CA
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Jan 1 00:00:00 2028 GMT
Subject: CN=01-23-45-FF-FE-67-89-AB
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:0b:4f:60:a9:2e:d2:0b:b4:ba:d1:c9:01:a1:0a:
1f:78:6d:49:8a:af:20:64:87:58:65:12:38:c6:5a:
f0:54:a5:51:3e:3b:0d:b1:22:08:fa:58:76:d5:66:
a1:44:cf:4a:bb:1b:2d:76:61:f8:02:b5:79:6e:ee:
c7:0c:44:32:43
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage:
Key Agreement
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:fe:61:69:e7:a7:78:eb:4e:c2:7f:86:1b:ef:
49:7a:5c:f3:7a:39:52:92:94:4f:e8:20:3d:fd:ae:78:e6:3c:
54:02:21:00:83:bf:bf:e7:59:ed:83:57:1b:dd:dc:3c:50:8d:
e8:fa:f7:f1:22:70:4e:33:89:0e:86:19:9c:ce:86:20:6b:ed
VERSION II:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 128271 (0x1f50f)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=RFC test CA
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Jan 1 00:00:00 2028 GMT
Subject: CN=01-23-45-FF-FE-67-89-AB
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:3a:8f:f6:a2:0a:62:39:73:96:0e:7a:f3:95:99:
cc:04:9f:59:bd:30:3c:b5:42:cf:d7:91:d4:a7:6c:
ea:2f:c1:6e:c1:45:e3:ed:ea:ad:44:7c:cc:39:b4:
46:72:38:36:05:44:1f:1b:f0:4e:9a:6c:f9:c5:11:
42:d1:3e:1a:ce
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Agreement
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:54:5a:18:5a:68:8a:f2:10:07:a1:29:db:f0:63:
c2:38:57:5d:78:60:fd:67:62:e3:0a:ba:97:a5:e4:9c:85:ff:
02:20:50:35:75:e9:77:74:ef:92:cb:a8:73:8b:7e:5a:f3:93:
79:29:da:72:31:21:29:67:6d:96:40:da:19:4e:56:8b
highlunder
commented
1 year ago
The simplest, and also most IoT-like option is to have an example close to our existing IoT certificate. But with either only keyAgreement-capabilities (V I), or digitalSignature AND keyAgreement-capabilities (V II).
Any preferences?
VERSION I:
Certificate: Data: Version: 3 (0x2) Serial Number: 128271 (0x1f50f) Signature Algorithm: ecdsa-with-SHA256 Issuer: CN=RFC test CA Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Jan 1 00:00:00 2028 GMT Subject: CN=01-23-45-FF-FE-67-89-AB Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:0b:4f:60:a9:2e:d2:0b:b4:ba:d1:c9:01:a1:0a: 1f:78:6d:49:8a:af:20:64:87:58:65:12:38:c6:5a: f0:54:a5:51:3e:3b:0d:b1:22:08:fa:58:76:d5:66: a1:44:cf:4a:bb:1b:2d:76:61:f8:02:b5:79:6e:ee: c7:0c:44:32:43 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: Key Agreement Signature Algorithm: ecdsa-with-SHA256 Signature Value: 30:46:02:21:00:fe:61:69:e7:a7:78:eb:4e:c2:7f:86:1b:ef: 49:7a:5c:f3:7a:39:52:92:94:4f:e8:20:3d:fd:ae:78:e6:3c: 54:02:21:00:83:bf:bf:e7:59:ed:83:57:1b:dd:dc:3c:50:8d: e8:fa:f7:f1:22:70:4e:33:89:0e:86:19:9c:ce:86:20:6b:ed
VERSION II:
Certificate: Data: Version: 3 (0x2) Serial Number: 128271 (0x1f50f) Signature Algorithm: ecdsa-with-SHA256 Issuer: CN=RFC test CA Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Jan 1 00:00:00 2028 GMT Subject: CN=01-23-45-FF-FE-67-89-AB Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:3a:8f:f6:a2:0a:62:39:73:96:0e:7a:f3:95:99: cc:04:9f:59:bd:30:3c:b5:42:cf:d7:91:d4:a7:6c: ea:2f:c1:6e:c1:45:e3:ed:ea:ad:44:7c:cc:39:b4: 46:72:38:36:05:44:1f:1b:f0:4e:9a:6c:f9:c5:11: 42:d1:3e:1a:ce ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Agreement Signature Algorithm: ecdsa-with-SHA256 Signature Value: 30:44:02:20:54:5a:18:5a:68:8a:f2:10:07:a1:29:db:f0:63: c2:38:57:5d:78:60:fd:67:62:e3:0a:ba:97:a5:e4:9c:85:ff: 02:20:50:35:75:e9:77:74:ef:92:cb:a8:73:8b:7e:5a:f3:93: 79:29:da:72:31:21:29:67:6d:96:40:da:19:4e:56:8b