Skip to content

Instantly share code, notes, and snippets.

@gtank

gtank/rand.go

Created June 8, 2016 00:05
Show Gist options
  • Save gtank/9cd0451ab419322f2f5013f9772b2265 to your computer and use it in GitHub Desktop.
Save gtank/9cd0451ab419322f2f5013f9772b2265 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
rand.go
// RFC 5280 4.1.2.2. Serial Number
// The serial number MUST be a positive integer assigned by the CA to
// each certificate. It MUST be unique for each certificate issued by a
// given CA (i.e., the issuer name and serial number identify a unique
// certificate). CAs MUST force the serialNumber to be a non-negative
// integer.
//
// Given the uniqueness requirements above, serial numbers can be
// expected to contain long integers. Certificate users MUST be able to
// handle serialNumber values up to 20 octets. Conforming CAs MUST NOT
// use serialNumber values longer than 20 octets.
func generateCertificateSerialNumber() (*big.Int, error) {
var serialBytes = make([]byte, 20)
n, err := rand.Read(serialBytes)
if err != nil || n != len(serialBytes) {
return nil, fmt.Errorf("could not generate random serial number: %v", err)
}
serialBytes[0] &= 0x7F // mask lead byte to avoid negatives
serial := new(big.Int).SetBytes(serialBytes)
return serial, nil
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment