- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 29 Apr 2004 12:04:41 +0200
- To: "Graham Simpson" <GSimpson@Unipass.co.uk>, <w3c-ietf-xmldsig@w3.org>
- Cc: "Andy Teasdale" <ATeasdale@origoservices.com>
- Message-ID: <001401c42dd1$64ac6150$0500a8c0@arport>
Graham, In RFC3280 you have a description of this item that should do the trick. It is just an integer and can be treated as such. 4.1.2.2 Serial number The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate). CAs MUST force the serialNumber to be a non-negative integer. br Anders ----- Original Message ----- From: Graham Simpson To: w3c-ietf-xmldsig@w3.org Cc: Andy Teasdale Sent: Thursday, April 29, 2004 11:45 Subject: X.509 certificate serial number format As far as I can tell, X509 certificates all seem to contain a hexadecimal serial number. However, the schema definition in section 4.4.4 (The X509Data element) of the XML Signature Syntax and Processing document at http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-X509Data states that the X509SerialNumber element should be of type "integer" (presumably this also means it should be in decimal format), and SHOULD be compliant with RFC2253. Unfortunately, RFC2253 doesn't give any indication of format for a serial number, and as far as I can see, only gives instructions on how to convert attribute values from ASN.1 to a string. This is giving me significant problems as I urgently need to find out how to do this conversion, and I feel like I am going round in circles chasing through RFCs! It would be great if someone could give me some advice on how a hex X509 serial number should be converted to an integer for use in XML digital signatures, or point me towards some code or app that might do the job. Regards, Graham Graham Simpson UNIPASS Technical Lead, MCSE http://www.unipass.co.uk mailto:technical@unipass.co.uk ------------------------------------------------------------------------------ The information in this e-mail is sent in confidence for the addressee only and may be legally privileged. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately of the error in transmission. If you are not the intended recipient, any disclosure, copying, distribution or any action taken in reliance on its content is prohibited and may be unlawful. Origo Services Limited accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this e-mail or the contents. ------------------------------------------------------------------------------
Received on Thursday, 29 April 2004 06:06:46 UTC