luaossl icon indicating copy to clipboard operation
luaossl copied to clipboard

Published 20 hours ago verified publisher icon wahern

x509 random setSerial with BN_rand

Open dcrawford1 opened this issue 2 years ago • 3 comments

Is there any way to set a random x509 serial number when creating a x509 self signed certificate? The openssl command line tool calls BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)). Is there any way to do the equivalent with luaossl?

dcrawford1 avatar Mar 16 '23 23:03 dcrawford1

Just generate a random number and call :setSerial()?

daurnimator avatar Mar 19 '23 13:03 daurnimator

I think I figured it out:

local bytes = openssl_rand.bytes(20)
crt:setSerial(openssl_bignum.fromBinary(bytes))

dcrawford1 avatar Mar 20 '23 03:03 dcrawford1

Sure that works if you want a byte-sized max for your range.

We should probably add bindings for e.g. openssl_rand.uniform where if you pass a bignum we use BN_rand or similar to generate a random number in the whole range?

daurnimator avatar Mar 20 '23 04:03 daurnimator