W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2004

Re: X.509 certificate serial number format

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Thu, 29 Apr 2004 12:04:41 +0200
Message-ID: <001401c42dd1$64ac6150$0500a8c0@arport>
To: "Graham Simpson" <GSimpson@Unipass.co.uk>, <w3c-ietf-xmldsig@w3.org>
Cc: "Andy Teasdale" <ATeasdale@origoservices.com>
Graham,
In RFC3280 you have a description of this item that should do the trick.
It is just an integer and can be treated as such.

4.1.2.2  Serial number

   The serial number MUST be a positive integer assigned by the CA to
   each certificate.  It MUST be unique for each certificate issued by a
   given CA (i.e., the issuer name and serial number identify a unique
   certificate).  CAs MUST force the serialNumber to be a non-negative
   integer.

br
Anders
  ----- Original Message ----- 
  From: Graham Simpson 
  To: w3c-ietf-xmldsig@w3.org 
  Cc: Andy Teasdale 
  Sent: Thursday, April 29, 2004 11:45
  Subject: X.509 certificate serial number format


  As far as I can tell, X509 certificates all seem to contain a hexadecimal serial number. However, the schema definition in section 4.4.4 (The X509Data element) of the XML Signature Syntax and Processing document at http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-X509Data states that the X509SerialNumber element should be of type "integer" (presumably this also means it should be in decimal format), and SHOULD be compliant with RFC2253.

  Unfortunately, RFC2253 doesn't give any indication of format for a serial number, and as far as I can see, only gives instructions on how to convert attribute values from ASN.1 to a string.

  This is giving me significant problems as I urgently need to find out how to do this conversion, and I feel like I am going round in circles chasing through RFCs!

  It would be great if someone could give me some advice on how a hex X509 serial number should be converted to an integer for use in XML digital signatures, or point me towards some code or app that might do the job.

  Regards,
  Graham

  Graham Simpson
  UNIPASS Technical Lead, MCSE
  http://www.unipass.co.uk
  mailto:technical@unipass.co.uk 


------------------------------------------------------------------------------
  The information in this e-mail is sent in confidence for the addressee only and may be legally privileged. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately of the error in transmission. If you are not the intended recipient, any disclosure, copying, distribution or any action taken in reliance on its content is prohibited and may be unlawful. Origo Services Limited accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this e-mail or the contents. 
------------------------------------------------------------------------------
Received on Thursday, 29 April 2004 06:06:46 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:18 GMT