search

oxidecomputer / pki-playground

Tool for generating non-trivial X.509 certificate chains
Mozilla Public License 2.0
29 stars 2 forks source link

generate platform identity CSR #83

Closed flihp closed 6 months ago

flihp commented 7 months ago

Generate CSR identical to CSR produced by RoT in platform identity programming loop / protocol. Most of the hard work was done in #48. This work should be limited to using the code from #48 to generate a cert that's identical to what we produce from the templates in hubris: https://github.com/oxidecomputer/hubris/blob/a89e0a954a7ab0a7e571707e480789432dfa149a/lib/dice/src/persistid_csr_tmpl.rs

flihp commented 6 months ago

This is already being used but the implementation needs to be verified.

flihp commented 6 months ago

I've now compared example generated from the KDL with a CSR taken from a development system. They're 3 bytes different an as far as I can tell the difference is only in the encoding.