[gnutls-devel] GnuTLS | certtool mis-encodes keyUsage when trailing bits are 0 (#1236)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu May 13 01:07:24 CEST 2021

Daniel Kahn Gillmor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1236

over on the IETF's [LAMPS WG's mailing list](https://www.ietf.org/mailman/listinfo/spasm), [David A. Cooper writes](https://mailarchive.ietf.org/arch/msg/spasm/fy6ilJRnqBaXiZctVyHJELQMmK8/):

the keyUsage extensions in the certificates are 
not DER encoded. The keyUsage extensions in the certificates are all 
encoded in the form "03 03 07 XX 00."

It seems that the developer of the encoder mistakenly believed that the 
bit string should always be 9 bits long in order to correspond to the 
definition of keyUsage:

    KeyUsage ::= BIT STRING {
                digitalSignature        (0),
                nonRepudiation          (1), -- recent editions of X.509
                                     -- renamed this bit to
                keyEncipherment         (2),
                dataEncipherment        (3),
                keyAgreement            (4),
                keyCertSign             (5),
                cRLSign                 (6),
                encipherOnly            (7),
                decipherOnly            (8) }

However, X.680 and X.690 specify that when encoding a named bit list, 
such as above, any trailing zeros must be removed. So, a keyUsage 
extension with just digitalSignature and nonRepudiation set would be 
encoded as a bit string that is only two bits long ('11') and a keyUsage 
extension with just keyAgreement set would be encoded as a bit string 
that is five bits long ('00001').

So, the correct encoding for the keyUsage extension would be:

  * "03 02 01 06" for the CA certificate
  * "03 02 06 C0" for the digital signature certificates
  * "03 02 05 20" for the encryption certificates
  * "03 02 03 08" for the key agreement certificates

This concerns [draft-ietf-lamps-samples](https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/), which contains certificates being generated by `certtool`.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1236
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210512/4f2e745b/attachment.html>

More information about the Gnutls-devel mailing list