| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by Grimeton 721 days ago

> Again, completely off the mark here. To create any CSR, bifrost or not, you need the private key that the CSR represents.

Yeah... No. You create a public/private key pair and the CSR CONTAINS that public key together with additional information.

>Not really sure what's going on here tbh.

I'm not surprised. Go read up on this stuff.

1 comments

pcpuser 721 days ago

Please read this section carefully: https://datatracker.ietf.org/doc/html/rfc2986#section-3

The CSR contains the digital signature of the public key that is requesting the certificate. So you absolutely need the private key to create a CSR. How would you create a CSR with just a public key?

link

Grimeton 721 days ago

> Please read this section carefully: https://datatracker.ietf.org/doc/html/rfc2986#section-3

Yeah, go read it:

   The
   certification request information consists of the entity's
   distinguished name, the entity's public key, and a set of attributes
   providing other information about the entity.

link

pcpuser 721 days ago

So close once more lol

> 2. The CertificationRequestInfo value is signed with the subject entity's private key. (See Section 4.2.)

I wonder what this means? Hmm...

link

Grimeton 721 days ago

>The CSR contains the digital signature of the public key that is requesting the certificate. So you absolutely need the private key to create a CSR. How would you create a CSR with just a public key?

Do you really not know what you're talking about or are you trolling at this point?

link