TX509CSR.Decode throws an error

Helmut · November 17, 2023, 12:41pm

Hello,

UseCase #1
I am creating a CSR via your demo software from TMS Cryptography pack. After that I let it parse via TX509CSR.Decode. There is no issue. Everything works fine.

UseCase #2
I am creating a CSR via the open source tool xCA (GitHub - chris2511/xca: X Certificate and Key management). While parsing it via TX509CSR.Decode throws an error:

Project TestCsr.exe raised exception class ECryptoPack with message 'Error : wrong certificate version (v3 required)'.

You can find both csr files attached
example_CSRs.zip (1.8 KB)

I have also "decoded" the CSRs via openssl and have these outputs:

**TMS crypto demo tool **

Certificate Request:
    Data:
        Version: Unknown (2)
        Subject: C = YY, ST = XX, L = CC, O = VV, OU = BB, CN = 123456789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:94:e9:67:13:ae:c1:2f:c4:fb:57:f5:30:ab:da:
                    21:0b:d2:38:95:90:26:d9:f0:c2:9c:13:97:4c:94:
                    43:9e:8f:16:e4:9a:a0:be:d8:48:ed:e3:4b:64:f3:
                    51:fa:4b:0d:21:60:2b:e3:7c:90:b7:ca:ea:63:be:
                    1b:1c:99:66:90:78:a1:36:ee:fe:ce:81:ed:3d:b5:
                    eb:e9:ff:b0:3b:2d:94:9b:3e:01:13:2f:6d:64:8c:
                    d8:68:60:30:f9:80:91:40:7a:c9:d8:54:0c:4e:4c:
                    35:5b:5c:91:b5:d8:79:96:a5:fa:dd:37:60:23:45:
                    61:b5:ab:18:e4:1e:91:21:a4:7a:cf:80:3e:ca:4a:
                    0d:3e:4c:ce:48:c9:aa:f9:5c:6f:ef:4d:21:85:35:
                    f2:67:13:be:d6:3c:a4:e4:fe:93:fa:a2:99:6a:6d:
                    b2:ad:04:66:14:3d:6a:81:94:d2:66:6f:f6:1f:75:
                    4c:4c:a5:30:a1:b9:e8:96:79:cb:3b:3d:94:32:14:
                    c3:f3:f1:e3:8f:19:cc:3f:7c:66:b9:43:9d:3a:3d:
                    f2:33:2e:51:29:cf:51:43:cc:5b:55:41:3a:4c:07:
                    f6:3d:3b:02:de:96:c4:ac:81:d4:5f:2c:8d:92:c9:
                    ab:b7:db:72:db:e4:59:3f:a7:c3:d5:0c:d1:c7:95:
                    26:f9
                Exponent: 65537 (0x10001)
        Attributes:
            (none)
            Requested Extensions:
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        60:51:c9:96:be:a5:72:8a:0f:cb:8f:2d:cc:ca:6f:4b:04:58:
        68:fc:2f:dc:e8:92:d1:39:8e:e2:e5:1d:0e:67:d1:39:98:8c:
        6e:1e:43:59:2d:53:ac:06:98:81:04:da:22:d2:e9:16:d5:64:
        86:f1:66:39:be:39:49:4f:90:ff:e4:f3:be:d4:2b:22:35:9c:
        0f:b2:a0:c0:cc:4e:12:64:2f:bd:d6:34:22:0b:9e:60:db:44:
        53:bf:8f:12:67:d2:e1:aa:b1:46:57:74:d2:52:93:b8:1f:30:
        c8:5c:20:8f:1b:f3:1b:7a:b3:ee:ca:2e:7c:55:04:1b:f5:ab:
        cb:d6:60:73:54:5b:89:08:1d:34:dd:ce:4f:22:49:7f:b5:6b:
        80:18:20:6d:19:2e:57:bd:a0:fa:0b:61:b0:c6:11:76:bd:9d:
        c7:ba:0e:e0:56:48:79:72:d8:99:d7:fc:bf:e3:e2:32:15:de:
        24:c4:da:12:d9:e1:41:26:ce:32:06:3a:e3:c6:4a:c5:1d:43:
        1d:77:48:a1:dd:33:2d:69:eb:f8:3f:6c:d8:55:8d:77:e1:e1:
        db:d3:4b:0c:88:3f:b2:92:e2:6f:6d:52:9a:dc:80:cb:e4:1d:
        67:9f:d4:29:81:04:53:6e:90:b2:1f:f6:dc:2f:69:d3:17:82:
        7d:8d:2f:55

xCA tool

Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = EE, ST = EE, L = EE, O = EE, OU = EE, CN = 13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b2:e7:ca:28:00:4e:e7:f0:15:26:f3:a9:c3:33:
                    bc:9c:b0:22:f9:49:bd:8c:4e:d9:0f:be:a0:c3:f0:
                    a8:cf:2a:33:02:a8:b7:92:bf:86:02:c3:05:dd:ed:
                    89:5a:4e:67:5c:64:a3:cd:bc:2c:f8:70:c3:28:fa:
                    f8:94:89:48:90:08:73:f2:84:44:8a:b8:bc:75:99:
                    2b:4e:d4:b2:6e:f6:73:8c:b8:9e:4b:88:08:dd:25:
                    67:61:f3:9d:e6:89:f5:ed:77:8f:ab:bf:3d:9e:df:
                    33:10:06:12:32:90:45:bf:8c:a5:34:be:43:5d:13:
                    24:18:09:51:87:32:b8:69:45:27:e6:94:6a:9f:e3:
                    51:3b:61:3c:2f:07:3c:31:66:11:33:1a:9c:06:3c:
                    f8:cf:79:2d:41:c5:58:98:21:32:c9:93:c9:cc:0f:
                    df:2e:3c:60:50:f6:49:ec:5f:2a:9d:3f:fb:18:01:
                    dc:39:75:52:40:d0:25:7c:00:51:91:a6:b5:2a:54:
                    9a:30:f1:a9:d4:88:d9:37:7d:29:12:cc:d8:18:c6:
                    0d:e3:51:88:a0:7c:52:0c:26:fb:15:3e:e2:6a:c7:
                    50:6d:5f:23:50:84:78:80:df:53:8e:56:1a:94:53:
                    2b:93:02:6d:8d:78:b2:a6:29:37:e6:bd:2c:07:6d:
                    02:c3
                Exponent: 65537 (0x10001)
        Attributes:
            (none)
            Requested Extensions:
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        1e:ff:fa:22:e5:f0:ec:72:31:94:0d:af:f2:01:20:3d:1f:1a:
        80:75:6e:2f:0e:49:26:81:73:3d:7b:5c:88:4b:51:79:06:88:
        df:78:67:59:3d:81:f4:3b:6d:be:0e:fe:c7:a7:3a:bf:36:f4:
        36:bb:72:f9:15:ab:cd:de:fc:dd:1d:da:b7:9c:01:6c:7a:45:
        3e:07:fd:ce:3f:22:f8:8c:e8:b1:4d:6a:86:04:dc:a0:6f:3c:
        15:3e:45:de:d7:dd:20:66:28:13:b1:25:60:30:e2:d9:3f:7e:
        48:45:30:79:de:9d:08:f0:a3:7e:32:ba:7f:84:28:46:9a:91:
        31:a2:b7:b2:1b:67:3d:4f:88:01:ee:d5:56:2b:de:bf:e9:06:
        a5:4a:03:4e:19:0f:86:c5:72:1c:71:b8:0c:92:a8:1a:df:52:
        8a:c1:26:c4:e6:1c:be:42:9c:31:d3:ea:aa:16:41:3a:a5:10:
        7d:c1:55:36:6b:53:53:7a:13:04:e9:64:69:64:1d:57:76:c6:
        07:31:55:1e:df:3c:aa:84:63:7d:6e:f9:f4:61:ad:a6:c3:ce:
        62:0c:74:d4:1e:3a:82:3a:6b:12:a4:73:c1:7f:24:84:7e:20:
        2f:a0:4b:ff:f5:b7:15:04:e8:b5:30:16:dd:87:c9:52:40:c5:
        cf:85:bf:6f

The both files are also attached
TMS_Crypto_Demo_Tool_CSR_decoded.txt (2.5 KB)
xCA_CSR_decoded.txt (2.5 KB)

As you can see, TX509CSR doesn't set any version. The method SetVersion seems also not to work.

Please, provide more information whether it is a bug, or is there a correct way to handle the CSRs?

Thank you!

wlandgraf · November 17, 2023, 12:49pm

Topic moved to TMS Cryptography Pack category.

Bernard · November 18, 2023, 6:17pm

The CSR version should always be 1. Actually, version is neither set nor checked in the demo code.

Helmut · November 21, 2023, 6:53pm

Hello @Bernard are there any news about this issue?

Helmut · November 23, 2023, 8:27am

... is just a friendly reminder not to forget this issue ;-)

Helmut · November 30, 2023, 11:34am

Hello, is there any progress?

Bernard · November 30, 2023, 11:39am

I just issued a new X509v3 decoder. Based on test results, I will update the signing process, then the CSR.

You can download the test programme here: https://www.cyberens.fr/wp-content/uploads/2023/11/X509DecoderProject.zip

Bernard · November 30, 2023, 12:51pm

New version at https://www.cyberens.fr/wp-content/uploads/2023/11/X509DecoderV1.zip

Helmut · December 1, 2023, 10:26am

I downloaded the new version. I should load a DLL?! Why?

My use case is, I have a csr created by a 3rd party SW and want to decode it. Or how do I use the new version to achieve this?

Bernard · December 1, 2023, 10:38am

This programme is simply to test whether your token is recognised and correctly processed. It has nothing to do with CSRs.

Helmut · December 1, 2023, 10:49am

What kind of token?! I don't have any tokens.

Bernard · December 1, 2023, 10:50am

OK.
That to test USB tokens with certificates.

Helmut · December 1, 2023, 10:56am

?!?! But this topic - my topic - is NOT ABOUT tokens?!

Bernard · December 1, 2023, 10:57am

No, but is bound to signatures and parsing certificates. Once I have fixed the signing process, I'll address the CSR issue.

Helmut · December 1, 2023, 11:01am

Okay, great, is there any schedule for that? One day, week, month?