text extension to CSR

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

text extension to CSR

Oyuntungalag Chagnaadorj
Dear all,
 
I'm new to Bouncycastle. I want to add String data to Certificate Sender Request. And get that string on certificate issuer side.
How to do that.
 
Is there any tutorial or anything on the Internet? I found David Cook's book. But, sample codes are for older version of Bouncycastle, I guess.
 
Please, help. 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: text extension to CSR

Arshad Noor
You cannot just add a random String to a Certificate Signing Request
(CSR); it must either be a standard extension, or you need to define
your own Object Identifier (OID) for a custom extension, add the
String as an attribute within that custom extension, and finally add
the custom extension to the CSR.

Have you reviewed RFC 5280 to determine if what you want is already
defined as a standard extension supported by BC?

You can also consider looking at the source-code of EJBCA, an open-
source PKI software that uses BC and which has implemented all the
standard extensions defined in RFC 5280.

Arshad Noor
StrongAuth, Inc.

On 2/20/2013 2:45 AM, Oyuntungalag Chagnaadorj wrote:
> Dear all,
> I'm new to Bouncycastle. I want to add String data to Certificate Sender
> Request. And get that string on certificate issuer side.
> How to do that.
> Is there any tutorial or anything on the Internet? I found David Cook's
> book. But, sample codes are for older version of Bouncycastle, I guess.
> Please, help.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: text extension to CSR

David Hook

You also haven't really said whether you are using PKCS#10 or CRMF. That
also affects how you would do something like this.

There is some basic example code for both approaches in the new guide at

http://www.cryptoworkshop.com/guide

In chapter 3. They don't currently discuss extra values, but they will
at least give you some idea about where to look.

Regards,

David

On 20/02/13 22:40, Arshad Noor wrote:

> You cannot just add a random String to a Certificate Signing Request
> (CSR); it must either be a standard extension, or you need to define
> your own Object Identifier (OID) for a custom extension, add the
> String as an attribute within that custom extension, and finally add
> the custom extension to the CSR.
>
> Have you reviewed RFC 5280 to determine if what you want is already
> defined as a standard extension supported by BC?
>
> You can also consider looking at the source-code of EJBCA, an open-
> source PKI software that uses BC and which has implemented all the
> standard extensions defined in RFC 5280.
>
> Arshad Noor
> StrongAuth, Inc.
>
> On 2/20/2013 2:45 AM, Oyuntungalag Chagnaadorj wrote:
>> Dear all,
>> I'm new to Bouncycastle. I want to add String data to Certificate Sender
>> Request. And get that string on certificate issuer side.
>> How to do that.
>> Is there any tutorial or anything on the Internet? I found David Cook's
>> book. But, sample codes are for older version of Bouncycastle, I guess.
>> Please, help.
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: text extension to CSR

Preetham Shyam
This post has NOT been accepted by the mailing list yet.
In reply to this post by Arshad Noor
Hi,

I need to define a new OID. How to define that similar to other OID's? the OID is 1.3.6.1.5.5.7.1.26. (TN Authorization List ). Do i need add a class as in org.bouncycastle.asn1.x509 ?

 
Loading...