On Tue, Apr 23, 2019 at 12:21:21AM +0300, Dmitry Belyavsky wrote: > > For actual UTF-8 input, you can use: > > > > $ openssl asn1parse -out content -genstr 'FORMAT:UTF8,UTF8String:Он врет! Он не знает, КАК НАДО!' # [1] > > 0:d=0 hl=2 l= 53 prim: UTF8STRING :Он врет! Он не знает, КАК НАДО! > > > > The "genstr" format is described in, for example: > > > > https://www.openssl.org/docs/man1.0.2/man3/ASN1_generate_nconf.html > > Thank you very much for your answer and especially for a brilliant example :) > > I'm trying to implement RFC 8398 and I try to create a valid certificate > with EAI email in otherName. > > I expected that a line in the config file > > subjectAltName=otherName:1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8:医生@ The below worked for me: subjectName = @alts [alts] otherName = 1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8String:виктор@например.рф $ openssl asn1parse -in eecert.pem 0:d=0 hl=4 l= 858 cons: SEQUENCE 4:d=1 hl=4 l= 578 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 1 prim: INTEGER :02 16:d=2 hl=2 l= 13 cons: SEQUENCE 18:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 29:d=3 hl=2 l= 0 prim: NULL 31:d=2 hl=2 l= 20 cons: SEQUENCE 33:d=3 hl=2 l= 18 cons: SET 35:d=4 hl=2 l= 16 cons: SEQUENCE 37:d=5 hl=2 l= 3 prim: OBJECT :commonName 42:d=5 hl=2 l= 9 prim: UTF8STRING :Issuer CA 53:d=2 hl=2 l= 32 cons: SEQUENCE 55:d=3 hl=2 l= 13 prim: UTCTIME :190422230331Z 70:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :21190423230331Z 87:d=2 hl=2 l= 40 cons: SEQUENCE 89:d=3 hl=2 l= 38 cons: SET 91:d=4 hl=2 l= 36 cons: SEQUENCE 93:d=5 hl=2 l= 3 prim: OBJECT :commonName 98:d=5 hl=2 l= 29 prim: UTF8STRING :Виктор Духовный 129:d=2 hl=4 l= 290 cons: SEQUENCE 133:d=3 hl=2 l= 13 cons: SEQUENCE 135:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 146:d=4 hl=2 l= 0 prim: NULL 148:d=3 hl=4 l= 271 prim: BIT STRING 423:d=2 hl=3 l= 160 cons: cont [ 3 ] 426:d=3 hl=3 l= 157 cons: SEQUENCE 429:d=4 hl=2 l= 29 cons: SEQUENCE 431:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 436:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:041487FF5D9C758FDB282922102D0696834BD296A39D 460:d=4 hl=2 l= 31 cons: SEQUENCE 462:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 467:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014505CD4D6F75052F79EC51DA943AC099AD0079341 493:d=4 hl=2 l= 9 cons: SEQUENCE 495:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 500:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 504:d=4 hl=2 l= 19 cons: SEQUENCE 506:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 511:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301 525:d=4 hl=2 l= 59 cons: SEQUENCE 527:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name 532:d=5 hl=2 l= 52 prim: OCTET STRING [HEX DUMP]:3032A03006082B06010505070809A0240C22D0B2D0B8D0BAD182D0BED18040D0BDD0B0D0BFD180D0B8D0BCD0B5D1802ED180D184 586:d=1 hl=2 l= 13 cons: SEQUENCE 588:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 599:d=2 hl=2 l= 0 prim: NULL 601:d=1 hl=4 l= 257 prim: BIT STRING $ openssl asn1parse -in eecert.pem -strparse 532 0:d=0 hl=2 l= 50 cons: SEQUENCE 2:d=1 hl=2 l= 48 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.9 14:d=2 hl=2 l= 36 cons: cont [ 0 ] 16:d=3 hl=2 l= 34 prim: UTF8STRING :виктор@например.рф -- Viktor.
