attestation
attestation copied to clipboard
Published
20 hours ago •
SmartTokenLabs
SmartTokenLabs
Encode DER attestation
Let's simplify the attestation format here: https://community.tokenscript.org/t/weekly-design-meeting-16-simple-attestation-format/302
Into:
ISSUE15 DEFINITIONS ::= BEGIN
Attestation ::= SEQUENCE {
signedInfo SignedInfo,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
SignedInfo ::= SEQUENCE {
version [0] EXPLICIT Version,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
dataObject [3] TicketDataObject
}
TicketDataObject ::= SEQUENCE {
match INTEGER (1..51),
class ENUMERATED { club(0), lounge(1), silver(2), gold(3) },
admission INTEGER
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
END
I manually (spent 2 hours) produced an attestation with the right format (but wrong value - the signature is wrong, I made it up). I first found some ecdsa X.509 files from my computer using this command:
$ for i in /usr/share/ca-certificates/mozilla/*.crt; do echo $i; openssl asn1parse -in "$i" 2>/dev/null | grep ecdsa.*256 ; done;
Then modified an existing attestation into what I want. This is it:
$ xxd -p < /tmp/new_cert.crt
30819e3026a00302010202082c299c5b16ed0595300a06082a8648ce3d04
030230090201010a0101020101300a06082a8648ce3d0403020368003065
0231008ae6408937ebe9d513d9cad46b24f3b03d8746581aecb1df6ffb56
ba706bc738cce8b18c4f0ff7f167760e83d01e518f02303df62328264cc6
608793269bb2351ebad6f73cd11ccefa253ca61a81155bf3120f6cee658a
c987a8f907e0629a8c5c4a
Which gives:
$ openssl asn1parse -inform DER -in /tmp/new_cert.crt
0:d=0 hl=3 l= 158 cons: SEQUENCE
3:d=1 hl=2 l= 38 cons: SEQUENCE
5:d=2 hl=2 l= 3 cons: cont [ 0 ]
7:d=3 hl=2 l= 1 prim: INTEGER :02
10:d=2 hl=2 l= 8 prim: INTEGER :2C299C5B16ED0595
20:d=2 hl=2 l= 10 cons: SEQUENCE
22:d=3 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
32:d=2 hl=2 l= 9 cons: SEQUENCE
34:d=3 hl=2 l= 1 prim: INTEGER :01
37:d=3 hl=2 l= 1 prim: ENUMERATED :01
40:d=3 hl=2 l= 1 prim: INTEGER :01
43:d=1 hl=2 l= 10 cons: SEQUENCE
45:d=2 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
55:d=1 hl=2 l= 104 prim: BIT STRING
encoded to base64:
$ base64 < /tmp/new_cert.crt | tr '/+' '_-'
MIGeMCagAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwCQIBAQoBAQIBATAKBggqhkjOPQQDAgNo
ADBlAjEAiuZAiTfr6dUT2crUayTzsD2HRlga7LHfb_tWunBrxzjM6LGMTw_38Wd2DoPQHlGPAjA9
9iMoJkzGYIeTJpuyNR661vc80RzO-iU8phqBFVvzEg9s7mWKyYeo-QfgYpqMXEo=
