On Sun, 2005-07-17 at 12:03 -0400, Jorey Bump wrote: > What is the maximum length (if string) or size (if number) of a serial > number? > > I am using the current datetime to set the initial serial number for my > CA to provide a reasonable measure of uniqueness: > > # example: 200507171152001 > SERIALINIT=$(date +%Y%m%d%H%M)001 > echo $SERIALINIT > serial > > Do I need to be concerned with the number of characters or the number of > bits used to represent the serial number? Is there an RFC that defines this? >
I found this in RFC 2459 (http://www.faqs.org/rfcs/rfc2459.html) ******************************************************************* 4.1 Basic Certificate Fields The X.509 v3 certificate basic syntax is as follows. For signature calculation, the certificate is encoded using the ASN.1 distinguished encoding rules (DER) [X.208]. ASN.1 DER encoding is a tag, length, value encoding system for each element. ... CertificateSerialNumber ::= INTEGER ... ******************************************************************* and then I found this (http://gost.isi.edu/brian/security/asn1.html) ******************************************************************** ... And that's all that we need. This second specification introduces us to another primitive, INTEGER, which is exactly what it sounds like, an integer. The difference between this integer and that which resides on most machines is that this one is arbitrarily large: the ASN.1 encoding for integer allows for integers of whatever size. ... ******************************************************************** Here is the ASN.1 website - http://asn1.elibel.tm.fr/ Todd ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
