Using Openssl version: OpenSSL 1.1.1f 31 Mar 2020 I am trying to encode an arbitrary ASN.1 SEQUENCE in an OpenSSL Config file and I want the result to look like an ECDSA subject key:
0042: | 30 59 ; SEQUENCE (59 Bytes)0044: | | 30 13 ; SEQUENCE (13 Bytes)0046: | | | 06 07 ; OBJECT_ID (7 Bytes)0048: | | | | 2a 86 48 ce 3d 02 01 | | | | ; 1.2.840.10045.2.1 ECC004f: | | | 06 08 ; OBJECT_ID (8 Bytes)0051: | | | 2a 86 48 ce 3d 03 01 07 | | | ; 1.2.840.10045.3.1.7 ECDSA_P256 (x962P256v1)0059: | | 03 42 ; BIT_STRING (42 Bytes)005b: | | 00005c: | | 04 f4 df ac 6c 8d e5 b0 6c 55 29 13 1e fe 35 9a006c: | | c6 06 57 97 ca c5 6f 1b 9e 3b cd 46 f3 01 91 0e007c: | | 2a 5b 93 fe 6b d3 04 06 44 6c 54 e7 f5 b5 f5 81008c: | | d4 a4 eb 12 9f e7 ae 27 f6 97 c8 f6 d3 e6 c8 9b009c: | | 3a Both the documentation: https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html and a cursory inspection of the OpenSSL source code: https://github.com/openssl/openssl/blob/master/crypto/asn1/asn1_gen.c seem to agree that it should be possible to pass a hex string to BITSTR and/ot OCTETSTRING. However, I've tried many combinations in the config file and either I get the ASCII interpretation of the data or an error parsing the config file. I am trying to construct the sequence like this:[ ECDSA_PublicKeyInfo ] SubjectPublicKeyInfo=SEQUENCE:ecdsa256_alg hex1=BITWRAP,BITSTR:0x04112233445566778899aabbccddeeff hex2=INTEGER:0x04112233445566778899aabbccddeeff hex3=BITWRAP,INTEGER:0x04112233445566778899aabbccddeeffThe INTEGER lines correct interpret the HEX, but the BITSTR line does not. However, Integer inserts the integer marker bytes (02 10) into the data stream, which I don't want. I have also tried: hex1=BITWRAP,BITSTR,HEX:0x04112233445566778899aabbccddeeff This generates an error during parsing, and hex1=BITWRAP,BITSTR:HEX:0x04112233445566778899aabbccddeeff encodes "HEX" into the data stream.How can I construct the sequence shown above with an OpenSSL Config file? Is this just impossible? Full example below. Thanks, Brad Command lines: openssl ecparam -name prime256v1 -genkey -out ecc256.pem openssl req -new -key ecc256.pem -out ecc256_req.pem -config config.txtconfig.txt: [ req ] distinguished_name = req_dn req_extensions = req_ext prompt = no encrypt_key = no digest = sha256 version=2 [ req_dn ] C=US ST=SomeState CN=Something [ req_ext ] # SubjectDirectoryAttributes 2.5.29.9=ASN1:SEQUENCE:EccPublicKeyInfo [EccPublicKeyInfo] X=SEQUENCE:ECDSA_PublicKeyInfo [ecdsa256_alg] algorithm=OID:1.2.840.10045.2.1 parameter=OID:1.2.840.10045.3.1.7 [ ECDSA_PublicKeyInfo ] SubjectPublicKeyInfo=SEQUENCE:ecdsa256_alg hex1=BITWRAP,BITSTR:0x04112233445566778899aabbccddeeff hex2=INTEGER:0x04112233445566778899aabbccddeeff hex3=BITWRAP,INTEGER:0x04112233445566778899aabbccddeeff