0

I get this may be out of the norm, but this is a solution to a current problem I'm working on.

I need to create an x509 certificate without signing it. I realize this flies in the face of what a certificate is for, but can it be done?

Specifically, the platform is Java 11 with the BC library.

If it can be done, got an example?

JDMcMillian
  • 219
  • 1
  • 7
  • What would be the point, since no software would accept it? Why not just sign it? – President James K. Polk Sep 12 '22 at 22:31
  • All certificates have a signature, as the signature is a required field of the structure. You could fill it with gibberish, or say it has length 0, or whatever, but you have to have one. Of course, to @PresidentJamesK.Polk's point: anything other than a valid signature from a known algorithm is going to have very limited utility. – bartonjs Sep 12 '22 at 22:39
  • @PresidentJamesK.Polk Thank you, but signing violates the requirements. The requirement is to create a cert that is not signed. – JDMcMillian Sep 12 '22 at 22:46
  • @bartonjs Sounds interesting and might work. How can I create a cert with a 0-length signature without going through the signing process? – JDMcMillian Sep 12 '22 at 22:47
  • 2
    @JDMcMillian, the basic definition of X509 certificate is that it is certified by an issuer that signs it, either by being self signed or by another certificate. If it was not signed it would not be able to be processed as an X509 certificate as it would effectively be lacking an issuer and only have a subject. This question has been examined more fully here - https://stackoverflow.com/questions/58146101/is-it-possible-to-create-a-x509-certificate-without-signature-field – Alan Carlyle Sep 13 '22 at 02:47

0 Answers0