You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to create a the CSR for the device so I can create the device certificate. In order to create the CSR I need to create the CSR template (i. e atcacert_def_t). To create the CSR template I am looking at the python script cert2certdef.py which takes a CSR using --device-csr.
The CSR I feed the script is a CSR that I generate using openSSL with specific certificate element such as origination name, etc. The CSR is not correct the correct one for the device because the key pair used to create it is wrong. But the common elements would be correct. (I assume so)
I then plan to use the CSR template definition (atcacert_def_t) with atcacert_create_csr() method to create the device CSR.
Is this the correct way to achieve this?
The text was updated successfully, but these errors were encountered:
I just had to go through this. The way I did it was to create a CSR with OpenSSL, take the DER output as hex and put it into the ASN.1 decoder at http://lapo.it/asn1js/, and then set all the std_cert_elements offsets based on their offsets in the DER. Then used the DER as the cert template.
Things to note: The public key offset is to the start of the public key data, not the start of the ASN.1 data. EG for me the ASN.1 bit string has offset 95, length 2+66. Starting 03 42 00 04 0E... The 03 42 are the "2+" encoding the type and length, the 00 04 are padding (really they're to ensure the value is positive since ASN.1 can't encode unsigned integers) and the 0E is the actual start of the public key. So the cert element gets offset 99 and count 64. The signature, on the other hand, just gets its cert element offset set to the same offset as the start of the ASN.1 bit string (NOT the sequence within that), and count 64 despite the ASN.1 bit string including padding and sizes. EG the signature I have is
and the 03 byte is at offset 175. So the cert element is { .offset = 175, .count = 64
despite the first 7 bytes (and the later 02 21) being ASN.1 metadata.
I am trying to create a the CSR for the device so I can create the device certificate. In order to create the CSR I need to create the CSR template (i. e atcacert_def_t). To create the CSR template I am looking at the python script cert2certdef.py which takes a CSR using --device-csr.
The CSR I feed the script is a CSR that I generate using openSSL with specific certificate element such as origination name, etc. The CSR is not correct the correct one for the device because the key pair used to create it is wrong. But the common elements would be correct. (I assume so)
I then plan to use the CSR template definition (atcacert_def_t) with atcacert_create_csr() method to create the device CSR.
Is this the correct way to achieve this?
The text was updated successfully, but these errors were encountered: