Meaningless Drivel is fun!
The moose likes Security and the fly likes serial number form x509 certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "serial number form x509 certificate" Watch "serial number form x509 certificate" New topic

serial number form x509 certificate

srini Raman
Ranch Hand

Joined: Oct 16, 2006
Posts: 33
I use Certificate factory and X509Certificate classes to parse a certificate and get the the serial number. The BigInteger for a certificate with serial number shows an incorrect value. The certificate display the serial number as FDB1 DDE5 EF8F 56A5 11D3 5698 42E6 7FE0 . While the serial number obtained from java method is -3064146813482257434743394187012046880 (in decimal) which is incorrect. Is it performing any complement kind of stuff?? How can I get the correct value?
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Unfortunately, some applications produce certificates that contain negative serial numbers. Is this a bug? I think so. Your certificate is an example of this. The value returned by Java is correct, it is just not what you expect. Basically, you certificate would have been positive if only it had a leading zero byte (google on DER encoding for integer). However, the situation is easily corrected by extracting the raw bytes from your negative BigInteger and creating a new positive BigInteger as in the following example:

Nice to meet you.
I agree. Here's the link:
subject: serial number form x509 certificate
It's not a secret anymore!