notes.org

viewp7

openssl crl2pkcs7 -help 2>&1

mkdir -p testfiles/CA/pki/pkcs7
openssl crl2pkcs7 -inform PEM \
        -in testfiles/CA/pki/crl/ca_testtool_ca_01_crl.pem \
        -certfile testfiles/CA/pki/crt/jobbflykt.crt \
        -certfile testfiles/CA/pki/ca/ca_testtool_ca_01.crt \
        -out testfiles/CA/pki/pkcs7/jobbflykt.p7b

openssl pkcs7 --help 2>&1
openssl pkcs7 -in testfiles/CA/pki/pkcs7/jobbflykt.p7b -noout -text -print_certs

viewpkcs12

pkcs12 -info -nodes -passin pass:

Highlight near expires

Customizable time before expire highlight. Some “almost” warning face.

Heuristic for dwim on DER data

Certs, CRLs and other entities should be recognized as such by examining the ASN.1 structure.

Handle public keys better

Detect if public RSA key and use -pubin or whatever to decode as such.

Add URL highlighting to unknown OIDs

Query www.oid-info.com Example: https://oid-rep.orange-labs.fr/get/0.0.5.115.1.0

asn1-mode offset

Add keys, e.g. d/u (down/up), for drilling down into ASN.1 structures at an offset determined by the current line.

Example 646:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage > 651:d=5 hl=2 l= 56 prim: OCTET STRING [HEX DUMP]:3036060A2B060104018237140202060A6086480165030201032F06082B0601050507030206082B0601050507030306082B06010505070304

If cursor i on line denoted by >, pressing d will add an “-offset 653” argument to the asn1parse command. The OCTET STRING is itself an ANS.1 struct starting at offset 651 + 2.

Doing that gives a view of the Extended Key Usage structure.

… 58:d=1 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points > 63:d=1 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:3020301EA01CA01A8618687474703A2F2F63726C2E636174657374746F6F6C2E7365

Placing the cursor on another line and again pressing d should add that offset to the current one and redisplay again. In the example -offset 718, = 653 + 63 + 2.

x509-asn1-mode must store a list of offset that can be pushed and popped when going down and up. The stack also records point before going down, restoring it when backing up.

x509–ans1parse-offset-stack = (653 718)

Add support for OpenSSL 3

For example “Signature Value” is shown after Signature Algorithm: sha256WithRSAEncryption new> Signature Value: 12:74:61…

Use `eval-when-compile’ when defining constants with `defconst’.

Use defmacro for creating view-functions.

Add support for -strparse N argument in x509-asn1-mode.

Similar to -offset but different starting offset. Need to figure out if recursive -strparse makes sense and how it interacts with x509–asn1-offset-down and x509–asn1-offset-up.

nested_bitstrings.bin SEQUENCE 30 0C BITSTRING 03 0A 00 BITSTRING 03 07 00 BITSTRING 03 04 00 INTEGER FA 02 01 FA

when strparse at offset 2, we need to record the header length and add 1 for the initial unused-bits byte. If we then go furter down, the new start is the current start + it’s header length + 1.

When x509–strparse-down: record (offset delta) where strstart is hl + 1

on a line: x509–get-strparse-offset(strstart) ;; where strstart is current strstart + delta -> ( (+ strstart line-offset) (+ hl 1) )

<2022-12-12 Mon 10:55>

command : ‘strparse or ‘offset start : integer argument to command hl : header lenght. 0 for offset, hl at start for strparse. point : (point) in buffer when command is issued.

current offset : (let ((top (car stack))) (if top (+ (nth 1 top) (nth 2 top)) 0))

i.e. start + hl

“down” : push (list ‘offset (+ (current-offset) (offset-on-line) (hl-on-line)) 0 (point))

“strparse” : push (list ‘strparse (+ (current-offset) (offset-on-line)) (hl-on-line) (point))

“up” : (let ((current (pop stack)) (point (nth 4 current)) (last (car stack))) (when last (update-command (nth 0 top) (nth 1 top))) (execute) (goto-char point)))

lo : Line offset hl : header len bs : bitsting extra byte co : current offset

1. strparse : co=0 lo=2 = 2 push (co:2 hl:2 bs:1)
2. strparse : co=2 chl=2 cbs=1 lo=0 = 5 push(co:5 hl:2 bs:1)
3. strparse : co=5 chl=2 cbs=1 lo=0 = 8 push(co:8 hl:2 bs:1)

1. offset : co=0 hl=2 bs=1 lo=2 = 5 push(co:5 hl:2 bs=1)
2. offset : co=5 hl=2 bs=1 = 8 push(co:8 hl:2 bs=1)
3. offset : co8 hl=2 bs=1 = 11 push(co:11 hl:2 bs=1)

up -> top = (co:8 hl:2 bs=1)

Dynamic `mode-name’ for x509-asn1-mode

Reflect current -strparse N or -offset Nvalue. asn1[sN] asn1[oN]

See `c-update-modeline’ in lisp/progmodes/cc-cmds.el.gz It sets `mode-name’ and calls `force-mode-line-update’.

Create new function `x509–asn1-mode-line’, called from `x509–asn1-offset-strparse’ and `x509–asn1-offset-up’.

Add package-lint to CI

Run package-lint-batch-and-exit as part if CI. See for example https://github.com/purcell/ibuffer-vc/blob/master/Makefile

Add checkdoc lint to CI

hexl-mode buffer following x509-asn1-mode line.

Remains:

• [X] Test with emacs -Q
• [X] Test killing hexl buffer and then move around and toggle. Post command hook needs to detect that buffer is killed.
• [X] Can hexl buffer be made visible automatically if it’s not when overlay is updated? Yes. Look at `next-error-no-select’
• [X] What happens when several hexl buffers are active? Should overlay list be local? To what buffer? Can we make it local to the hexl buffer and let update overlay get it from that buffer. Think there is function for getting buffer local values from another buffer.
• [X] Prevent overlay to extend window width if possible.
• [X] Update README.md
• [X] Mention rmsbolt inspiration.
• [X] Test inf, i.e infinite length structures. What should happen? Treat length as being zero since we can’t (easily) know.
• [X] Add unit tests.
• [X] Separate faces for header and value.

Use compat

How to use compat https://www.reddit.com/r/emacs/comments/10iep0o/compat_29130/

;;; example.el --- Example package -*- lexical-binding: t -*-

;; Package-Requires: ((emacs "27.1") (compat "29.1.3.0"))

;;; Code:

(require 'compat)

EC-Parameters

• [X] Add keywords and find out where in openssl they are defined.
• [X] Add ert tests.