> On Aug 28, 2019, at 9:30 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > >>> Do you have an ASN.1 definition fit the content of CSR, or are you willing to create one? >> >> For now working with ASN.1. > > In that case, I would use one of the available defined standards, which are well-supported by already existing Open Source software. CSRs are signed objects (proof of possession). The signature is over the DER form of the RequestInfo. Therefore, the only natural encoding for CSR is DER, or base64-encoded DER wrapped in PEM ASCII armour. Adding X.509 extensions to CSRs is sadly rather more complex than one might have hoped for, but that's only an issue if you have to write low-level library code to construct CSRs. If you have such a library, just serialize to DER and you're done. -- Viktor.
