Author Topic: csr.trid.xml for Certificate Signing Request *.csr  (Read 1559 times)

jenderek

  • Sr. Member
  • ****
  • Posts: 375
csr.trid.xml for Certificate Signing Request *.csr
« on: December 18, 2020, 02:57:10 PM »
Hello trid users,

some days ago just for interest i inspect my server directories.  Such
samples with CSR file name extension are Certificate Signing Requests.

All my inspected examples are described as "Unknown!" by trid (See appended
output/trid.txt).

For comparison reasons i also run other identifying tools on such examples.
The file command identifies these examples as "PEM certificate request" (See
appended output/file-5.39.txt).

So i run tridscan on these 10 undetected samples and i generate the trid
definition file csr.trid.xml. All my samples still start with typical ASCII
phrase. That is expressed inside Front Block by XML construct like:
 <Bytes>2D2D2D2D2D424547494E20434552544946494341544520524551554553542D2D2D2D2D0A4D4949</Bytes>
 <ASCII> - - - - - B E G I N   C E R T I F I C A T E   R E Q U E S T - - - - - . M I I</ASCII>
 <Pos>0</Pos>

The request block contains ASCII lines with a fixed record length. Each line
is terminates with a line feed character. That is expressed by lines like:
   <Pattern>
      <Bytes>0A</Bytes>
      <Pos>100</Pos>
   </Pattern>
   <Pattern>
      <Bytes>0A</Bytes>
      <Pos>165</Pos>
   </Pattern>

The request block is terminated with a typical ASCII line. That is expressed
inside global strings section by line like:
   <String>-----END CERTIFICATE REQUEST-----</String>

Some short pattern are probably generated by lucky circumstances. So i
deleted such patterns like:
   <Pattern>
      <Bytes>43</Bytes>
      <ASCII> C</ASCII>
      <Pos>42</Pos>
   </Pattern>
   <Pattern>
      <Bytes>41</Bytes>
      <ASCII> A</ASCII>
      <Pos>48</Pos>
   </Pattern>

Because such CSR file format is pure text, the file command use mime type
"text/plain" (see appended output/file-i-5.39.txt). But the CSR format gets
an own official mime type. That is expressed by line like:
   <Mime>application/pkcs10</Mime>

Some information about that file format can be found on file formats archive
team web site. That is now expressed by reference line like:
   <RefURL>http://fileformats.archiveteam.org/wiki/PKCS10</RefURL>

With the 1 new now Certificate Signing Requests are now recognized (See
appended output/trid-v-new.txt).

TrID definition, some examples and output are stored in archive csr.zip. I
hope that my 1 XML file can be used in future version of triddefs.

With best wishes
Jörg Jenderek

Mark0

  • Administrator
  • Hero Member
  • *****
  • Posts: 2744
    • Mark0's Home Page
Re: csr.trid.xml for Certificate Signing Request *.csr
« Reply #1 on: December 18, 2020, 03:27:05 PM »
Many thanks, as usual!