Robert, If you use C509 certificate, one solution is:
c509CertificateType: 1 byte certificateSerialNumber: 1 + n bytes (for n bytes bitint) issuerSignatureAlgorithm: 1 byte issuer: CN=issuer’s DET (1 + k bytes: k=len(IPv6)) validityNotBefore: 1 + 4 bytes validityNotAfter: 1 + 4 bytes subject: DET=aircraft’s DET (1 + k bytes: k=len(IPv6)) subjectPublicKeyAlgorithm: 1 bytes subjectPublicKey: 1 + 32 bytes extensions: 8 bytes SAN: aircraft’s IPv4 DET: issuerSignatureValue: 1 + 64 bytes Count it together, you need sum = 122 + n + k + k bytes. Let n = 8, k = 16, then sum = 162 bytes = 1296 bits = 3 * 385 + 141 bits. Cheer Lijun > On 11. Feb 2026, at 16:32, Robert Moskowitz > <[email protected]> wrote: > > I have to squeeze only those fields into as few 385-bit pieces to validate a > TESLA Key Disclouser. > > Ugh. > > So "all" I need from the aircraft full certificate (ignore all those policy > OIDs and other odds and ends!) is: > > Validity dates > issuerAltName (IAN) IPv6 (issuer's DET per rfc9374) > subjectAltName (SAN) IPv6 (aircraft's DET per rfc9374) > subjectAltName (SAN) IPv4 (aircraft's 24-bit number prefixed with ZERO) - > note I have not figured out any better/smaller OID (in subject or SAN) for > the 24-bit aircraft number. Using IPv4 is a hack at best. > Aircraft's EdDSA25519 public key > CBOR sig of these by issuer's EdDSA25519 key > > Note that the issuer DET's SuiteID provides the algorithm for the signature. > > I am trying to use cbor.me to expand some test cbor c509 certs to get sizes, > but I am not good enough with cbor to figure this out. Plus that sig would > probably be a "regular" cbor object signature, not the c509 sig. > > I am under a deadline with a bunch of other writing that this is just one > important part, so any help is greatly appreciated. > > Each 385-bit message costs 120ms of channel capacity. The fewer the better... > > Bob > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
