blob: 3c020d372beb0e9b9875d53c72d4d87731b78d98 [file] [log] [blame]
# This file contains the X509 Certificate template
# used for attestation in U2F_REGISTER responses in
# the cr50 & u2fd U2F implementations.
#
# The file is in ASN1_generate_nconf format, and
# can be parsed/converted using openssl asn1parse.
#
# Placeholder values are included for serial,
# public key, and signature.
#
# To parse and output a text ASN1 representation:
# openssl asn1parse -genconf x509_tmpl.txt -i -dump
#
# To convert to DER:
# openssl asn1parse -genconf x509_tmpl.txt -out cert.der
#
# To view the converted certificate:
# openssl x509 -inform der -in cert.der -text
#
# To dump a C/C++ representation of the certificate:
# openssl x509 -inform der -in cert.der -C
#
# The certificate output by the above command is
# included at the bottom of this file.
### CERTIFICATE TEMPLATE START
asn1=SEQUENCE:outer_seq
[outer_seq]
body = SEQUENCE:cert_body
signature_alg = SEQUENCE:signature_alg
signature = FORMAT:HEX, BITSTRING:00 # placeholder value
[cert_body]
x509_v3 = EXPLICIT:0C, INTEGER:2
serial = INTEGER:1 # placeholder value, not set by u2fd
signature_alg = SEQUENCE:signature_alg
issuer = SEQUENCE:issuer
validity = SEQUENCE:validity
subject = SEQUENCE:issuer
pub_key = SEQUENCE:public_key
# FIDO U2F certificate transports extension
u2f_ext = EXPLICIT:3C, SEQUENCE:u2f_transport
[signature_alg]
alg = OID:ecdsa-with-SHA256
[issuer]
name_wrapper = SET:issuer_seq
[issuer_seq]
issuer_name = SEQUENCE:issuer_name
[issuer_name]
name_oid = OID:commonName
name = PRINTABLESTRING:U2F
[validity]
from_date = GENERALIZEDTIME:20000101000000Z
to_date = GENERALIZEDTIME:20991231235959Z
[public_key]
params = SEQUENCE:pubkey_params
pub_key = FORMAT:HEX, BITSTRING:00 # placeholder value
[pubkey_params]
type = OID:id-ecPublicKey
curve = OID:prime256v1
[u2f_transport]
param = SEQUENCE:u2f_transport_param
[u2f_transport_param]
# OID defined in "FIDO U2F Authenticator Transports Extension", Section 3.1
fido_oid = OID:1.3.6.1.4.1.45724.2.1.1
transport = FORMAT:HEX,OCT:03020308 # USB-internal
### CERTIFICATE TEMPLATE END
# Partial output from 'openssl x509 -inform der -in cert.der -C'
#
# unsigned char the_certificate[164] = {
# 0x30, 0x81, 0xA1, 0x30, 0x81, 0x8E, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02,
# 0x01, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04,
# 0x03, 0x02, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
# 0x03, 0x13, 0x04, 0x63, 0x72, 0x35, 0x30, 0x30, 0x22, 0x18, 0x0F, 0x32,
# 0x30, 0x30, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
# 0x30, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31,
# 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x0F, 0x31, 0x0D, 0x30,
# 0x0B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x63, 0x72, 0x35, 0x30,
# 0x30, 0x19, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02,
# 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
# 0x02, 0x00, 0x00, 0xA3, 0x17, 0x30, 0x15, 0x30, 0x13, 0x06, 0x0B, 0x2B,
# 0x06, 0x01, 0x04, 0x01, 0x82, 0xE5, 0x1C, 0x02, 0x01, 0x01, 0x04, 0x04,
# 0x03, 0x02, 0x03, 0x08, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
# 0x3D, 0x04, 0x03, 0x02, 0x03, 0x02, 0x00, 0x00,
# };