Menu
▾
▴
[Ejbca-develop] Suggestions around random serial number generation
|
From: Jaime H. <hab...@gm...> - 2019-03-17 17:36:19
|
First, I wanted to clarify that with EJBCA <7.0.1, the default 8 bytes configuration for serial numbers generation wasn't delivering 63 bits of entropy (as being declared) mainly because of the implementation filtering out values that would produce a DER encoding in less than 8 bytes, so the real entropy being provided would be around (or less than): log2(0x7FFFFFFFFFFFFFFF - 0x80000000000000 + 1) = 62.99435343685886 Now, I would like to suggest to improve the documentation at https://www.ejbca.org/docs/CA_Fields.html#src-42205242_id-.CAFieldsv7.0.1-Ca_Serial_Number_Octet_Size, modifying it to something like this: Sets the length in octets of certificate serial numbers generated, but note > that the length of the serial number IS NOT the same that the entropy it > contains (e.g. 8 octets or 64 bit serial number doesn't provide 64 bits of > entropy) because some values are being filtered out: > - Negative values (all with the most-significant-bit set to 1). > - Values than would provide a shorter encoding than the requested length > in octets. > - Serial numbers for previously generated certificates. > Now, CA/B Forum requires the use of 64 bit entropy when generating serial > numbers, hence, for complying with that requirement, larger sizes than 8 > octets are required (for more information, refer to the CA/Browser Forum > information on Ballot 164 - Certificate Serial Number Entropy). > Possible values can range between 4 and 20 octets, and the default for all > new CAs is 20 octets. Finally, I have attached a patch with some improvements over the current code at ECA-4991. -- Jaime Hablutzel - RPC 994690880 |
