Re: Another problem with openssl x509 -req -- default_enddate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 08/30/2017 10:33 AM, Viktor Dukhovni wrote:
On Wed, Aug 30, 2017 at 06:03:03AM -0400, Robert Moskowitz wrote:

I woke up a little clearer head, and realized, that a truly
constrained device won't even bother with DER, but just store the raw
keypair.
FWIW, Apple's boot firmware stores the signature key as the raw
RSA key bits in little-endian form for efficient computation on
Intel CPUs.  No PEM or ASN.1 in sight.

Similarly, there's no ASN.1 in the DNSSEC DNSKEY RDATA format.
For RSA just the key and exponent octets:

     $ echo $(dig +short +nosplit -t dnskey . | grep -w 256 | awk '{print $NF}' | openssl base64 -A -d | hexdump -ve '/1 "%02x"')
     030100018bf1ad038eba329d673fb7ecffa82f897b7b7e7fd1d887fe66484c68e5a787fcd591902b8d8737149f92249a8629cf477b746108630b7f77357e13a2b4a24c9cbbe9305675d34e902fc8686a9c6f87ab53e9d0ef99362dfd2822903ba930a4dd4933601aa12831c702bd94762b44eee14b0dca17e2704b0a8687e45b5fc6152ac93951bb44415c012e28efab3914c53f45e0039be5cd5997b700a46fd1bc1a49c7b8ed63540c2edecc8f4551c4ac86da5ecd7e8da86f5962fe0e8e3077e940f932f7fa9524fb32930f69dcabb65b24165d768f53ecf663be7b56254cc81c83166511408e98be57ba60874a352985d980351b880d6cf682c02f528b49d9a82183

The "03" is the exponent length (limited to 255 octets), the "10
00 01" is the usual F_4 (65537) exponent, and the remaining 512
nibbles are the RSA modulus.

So indeed, you'd not be the first to consider a special-purpose
concise format.  It is somewhat surprising that the applications
you're considering use X.509 certificates at all, rather than just
raw public keys.  With expiration times in the year "9999", the
extra bloat of certificates is perhaps just useless baggage.
Admittedly, I don't know how the security model in question relates
to the real-world constraints of the supply chain, who gets to sign
certificates for devices allowed to participate, and whether a
certificateless public key database might have been a realistic
option.

I am the author of HIP (rfc 7401) and to a large extent, raw public keys for Identity. I started this work in January '99, before most of the current stuff using raw keys came around. I know that Apple parallel developed much of their work. Stewart Cheshire has said that if he had found the time to read HIP, he would have used it for the call home function. And I know all about DNSKEY, as a few years into HIP, we chose to use the DNSKEY format in the HI parameter payload, dropping our own format.

I also worked with Sigma Design on Zwave 2.0 which uses raw EC25519 keys.

But not everyone agrees with me on raw keys, and I do recognize the need of 3rd party identity assertions. And this is, to a large measure, what IEEE 802.1AR-2009 Secure Identities offers. But 1AR is only about the Identities, and not how to manage and bootstrap from iDevIDs to lDevIDs. The IETF workgroup, ANIMA is working on this. And Michael Richardson, who just joined this list, is one of the authors on those documents. Oh, and NETCONF is working on it for network infrastructure devices with their 'zero touch' drafts. Of course those are NOT constrained devices...

Getting 802.1AR-2009 does require an IEEE login, but is free thanks to us IEEE 802 meeting attendees paying a bit extra to IEEE to make our docs free 6 months after publication. Of course the addendum that is in final prep is NOT available free (to non-attendees), but the changes do not impact this discussion.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux