Menu
▾
▴
Re: [Ejbca-develop] Creating certificate with only public key present
|
From: Tomas G. <to...@pr...> - 2014-04-30 09:34:21
|
Hi, If I am not mistaken leading 00 are supposed to be truncated in the encoding. "Contents octets give the value of the integer, base 256, in two's complement form, most significant digit first, with the minimum number of octets" Since a leading 0 in the most significant bit is redundant, it is removed to form "minimum number of octets". Cheers, Tomas On 2014-04-30 09:58, Lembitu Ling wrote: > Hi, > > i need to issue certificates from CA while having only key pairs public > key. As EJBCA does not verify the signature of CSR i have done it by > injecting the public key and it’s exponent into “csr template” and using > command line like: > > ejbcaClientToolBox.sh EjbcaWsRaCli certreq TEST > “GN=TEST,SURNAME=TEST,serialNumber=12345678,CN=TEST\,TEST\,12345678,O=organization,OU=unit,C=EE" > NULL “Test Sub CA” "TEST” “TEST-TEST” /path-to-csr/TEST.CSR PKCS10 PEM > NONE /path-to-pem/ > > It works nearly perfect, but there are some cases where the public key > or exponent get chopped by 1 byte. In these cases either the exponent or > the key in certificate generated differ from the key or exponent in CSR. > I have traced it down to cases where either exponent or key begin with > HEX 00. When I decode them in for example http://lapo.it/asn1js/ i can > see that the asn1 block is truncated by 1 byte and the key or exponent > is chopped. Is this a bug or am I doing something terribly wrong? > > P.S. I have no means creating correct, signed CSR-s as i have no access > to private keys, nor can I use them. Also the system sending me the > public keys is not able to generate correct CSR-s. > > Wbr, > Lembitu Ling > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
