> On Aug 28, 2019, at 9:30 PM, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu>
> wrote:
>
>>> Do you have an ASN.1 definition fit the content of CSR, or are you willing
>>> to create one?
>>
>> For now working with ASN.1.
>
> In that case, I would use one of the available defined standards, which are
> well-supported by already existing Open Source software.
CSRs are signed objects (proof of possession). The signature is
over the DER form of the RequestInfo. Therefore, the only natural
encoding for CSR is DER, or base64-encoded DER wrapped in PEM
ASCII armour.
Adding X.509 extensions to CSRs is sadly rather more complex than
one might have hoped for, but that's only an issue if you have to
write low-level library code to construct CSRs. If you have such
a library, just serialize to DER and you're done.
--
Viktor.
