I'm trying to create a little time stamping service using jsrsasign. When creating timestamps, these cannot be parsed/verified with jarsigner or openssl's ts. How can jsrsasign be used to create a timestamp, that can be parsed and verified with jarsigner (https://docs.oracle.com/en/java/javase/11/tools/jarsigner.html) or openssl ts (https://www.openssl.org/docs/man1.1.1/man1/openssl-ts.html)
This is what I'm trying to do (using jsrsasign 8.0.23):
I'm using jarsigner from the following java and OpenSSL versions
(venv) node@nodejs /u/h/node> java -version
openjdk version "11.0.7" 2020-04-14
OpenJDK Runtime Environment (build 11.0.7 10-2)
OpenJDK 64-Bit Server VM (build 11.0.7 10-2, mixed mode)
(venv) node@nodejs /u/h/node> openssl version
OpenSSL 1.1.1d-freebsd 10 Sep 2019
Import the TSA certificate into the truststore:
(venv) node@nodejs /u/h/node> cat Root/tsa.crt.pem
-----BEGIN CERTIFICATE-----
MIIEmTCCBB6gAwIBAgIhAMQAkZsvWRV8Sp1B23OmAcXQ1zYOwX75F/f MtGZv5gJ
MAoGCCqGSM49BAMCMEUxCzAJBgNVBAYTAkRFMRAwDgYDVQQKDAdNeS5Db3JwMRUw
EwYDVQQLDAxQS0kgU2VydmljZXMxDTALBgNVBAMMBFJvb3QwHhcNMjAwODExMDQz
NjQ2WhcNMjcwODEwMDQzNjQ2WjBEMQswCQYDVQQGEwJERTEQMA4GA1UECgwHTXku
Q29ycDEVMBMGA1UECwwMUEtJIFNlcnZpY2VzMQwwCgYDVQQDDANUU0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPq TjUZ5Az7xXy5PePzLA8rJfyStO
iXmPdOcs3gvNZKPx2Mj1pjBNeCuQFdY25Qq WyMR/d/DPNOvTUG8xlgUpAsOdXUI
uCZLsqGkLrerDinK1IVLmtLa8ru5DcJDrMx8iT4op//Ppm7E9rnnPxEpyAAHvyaf
hrz5peS/VZAtbMWPhOnvbNYoveMATKgDh5Lm/tZSimcC5S05dbwSFYMIz8srnKWd
FryjJ AdnUxyvw6uyZptNUktrHykA9Zt2xCadPuAUINPUZv/DRsVEBL0ucTBQA o
ixkji33daj1bXNL C68Wej4zvl7lLMAmJLHhqqvcCdGmo6TlYlziGDKFAgMBAAGj
ggITMIICDzArBgNVHSMEJDAigCC6NyC5ZTUBwkvbCtoKkAd2XiM5O5NhfAM067eS
SO h zApBgNVHQ4EIgQgE64g/PWYjH5B29uRIxuR/VnltZr4AzkxQvFuwBoLYT0w
CQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH
AwgwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6Ly9ub2RlanMucnotYnNkLm15LmNv
cnAvZG93bmxvYWQvUm9vdC8yZWUyNmMyZDA5NGViZDEyMzY2OTc5NjY0ZjRhOWNh
YzY3ODY0ZjE1OTgzYWVjMGM0ZjRlYjZmMjRkMmQ5ODEyL2NybC5kZXIwgZUGCCsG
AQUFBwEBBIGIMIGFMIGCBggrBgEFBQcwAoZ2aHR0cDovL25vZGVqcy5yei1ic2Qu
bXkuY29ycC9kb3dubG9hZC9Sb290LzJlZTI2YzJkMDk0ZWJkMTIzNjY5Nzk2NjRm
NGE5Y2FjNjc4NjRmMTU5ODNhZWMwYzRmNGViNmYyNGQyZDk4MTIvY2EuY3J0LmNl
cjAgBgNVHREEGTAXghVub2RlanMucnotYnNkLm15LmNvcnAwQQYIKwYBBQUHAQsE
NTAzMDEGCCsGAQUFBzADhiVodHRwOi8vbm9kZWpzLnJ6LWJzZC5teS5jb3JwL3Rz
YS9Sb290MAoGCCqGSM49BAMCA2kAMGYCMQCD7b1qvwsLo86y4fWYU0TI5iOpm6hM
FB3b3Ut5KWpmQYSY/pu9togcsECylHelIS8CMQDTjsyGAg1aYuMz5rFN2KYH3S/g
lRi7s/6QPr33tBFImPQ9wHOm/OrNLR/Emp4VYq0=
-----END CERTIFICATE-----
(venv) node@nodejs /u/h/node> openssl x509 -in Root/tsa.crt.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c4:00:91:9b:2f:59:15:7c:4a:9d:41:db:73:a6:01:c5:d0:d7:36:0e:c1:7e:f9:17:f7:fe:32:d1:99:bf:98:09
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = DE, O = My.Corp, OU = PKI Services, CN = Root
Validity
Not Before: Aug 11 04:36:46 2020 GMT
Not After : Aug 10 04:36:46 2027 GMT
Subject: C = DE, O = My.Corp, OU = PKI Services, CN = TSA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:ab:e4:e3:51:9e:40:cf:bc:57:cb:93:de:3f:
32:c0:f2:b2:5f:c9:2b:4e:89:79:8f:74:e7:2c:de:
0b:cd:64:a3:f1:d8:c8:f5:a6:30:4d:78:2b:90:15:
d6:36:e5:0a:be:5b:23:11:fd:df:c3:3c:d3:af:4d:
41:bc:c6:58:14:a4:0b:0e:75:75:08:b8:26:4b:b2:
a1:a4:2e:b7:ab:0e:29:ca:d4:85:4b:9a:d2:da:f2:
bb:b9:0d:c2:43:ac:cc:7c:89:3e:28:a7:ff:cf:a6:
6e:c4:f6:b9:e7:3f:11:29:c8:00:07:bf:26:9f:86:
bc:f9:a5:e4:bf:55:90:2d:6c:c5:8f:84:e9:ef:6c:
d6:28:bd:e3:00:4c:a8:03:87:92:e6:fe:d6:52:8a:
67:02:e5:2d:39:75:bc:12:15:83:08:cf:cb:2b:9c:
a5:9d:16:bc:a3:27:e0:1d:9d:4c:72:bf:0e:ae:c9:
9a:6d:35:49:2d:ac:7c:a4:03:d6:6d:db:10:9a:74:
fb:80:50:83:4f:51:9b:ff:0d:1b:15:10:12:f4:b9:
c4:c1:40:0f:a8:8b:19:23:8b:7d:dd:6a:3d:5b:5c:
d2:fe:0b:af:16:7a:3e:33:be:5e:e5:2c:c0:26:24:
b1:e1:aa:ab:dc:09:d1:a6:a3:a4:e5:62:5c:e2:18:
32:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:BA:37:20:B9:65:35:01:C2:4B:DB:0A:DA:0A:90:0:76:5E:23:39:3B:93:61:7C:03:34:EB:B7:92:48:EF:A1:FB
X509v3 Subject Key Identifier:
13:AE:20:FC:F5:98:8C:7E:41:DB:DB:91:23:1B:91:FD:59:E5:B5:9A:F8:03:39:31:42:F1:6E:C0:1A:0B:61:3D
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
X509v3 Extended Key Usage: critical
Time Stamping
X509v3 CRL Distribution Points:
Full Name:
URI:http://nodejs.rz-bsd.my.corp/download/Root/2ee26c2d094ebd12366979664f4a9cac67864f15983aec0c4f4eb6f24d2d9812/crl.der
Authority Information Access:
CA Issuers - URI:http://nodejs.rz-bsd.my.corp/download/Root/2ee26c2d094ebd12366979664f4a9cac67864f15983aec0c4f4eb6f24d2d9812/ca.crt.cer
X509v3 Subject Alternative Name:
DNS:nodejs.rz-bsd.my.corp
Subject Information Access:
AD Time Stamping - URI:http://nodejs.rz-bsd.my.corp/tsa/Root
Signature Algorithm: ecdsa-with-SHA256
30:66:02:31:00:83:ed:bd:6a:bf:0b:0b:a3:ce:b2:e1:f5:98:
53:44:c8:e6:23:a9:9b:a8:4c:14:1d:db:dd:4b:79:29:6a:66:
41:84:98:fe:9b:bd:b6:88:1c:b0:40:b2:94:77:a5:21:2f:02:
31:00:d3:8e:cc:86:02:0d:5a:62:e3:33:e6:b1:4d:d8:a6:07:
dd:2f:e0:95:18:bb:b3:fe:90:3e:bd:f7:b4:11:48:98:f4:3d:
c0:73:a6:fc:ea:cd:2d:1f:c4:9a:9e:15:62:ad
(venv) node@nodejs /u/h/node> keytool -import -alias tsa -file Root/tsa.crt.pem
Enter keystore password:
Owner: CN=TSA, OU=PKI Services, O=My.Corp, C=DE
Issuer: CN=Root, OU=PKI Services, O=My.Corp, C=DE
Serial number: c400919b2f59157c4a9d41db73a601c5d0d7360ec17ef917f7fe32d199bf9809
Valid from: Tue Aug 11 06:36:46 CEST 2020 until: Tue Aug 10 06:36:46 CEST 2027
Certificate fingerprints:
SHA1: 00:4E:12:E5:22:85:CB:8B:15:06:1F:0F:46:9A:68:FA:1F:F1:AA:A9
SHA256: A3:31:1B:64:DF:BE:97:38:9A:6E:DE:82:3B:D2:44:81:10:85:87:54:0C:E1:14:E1:48:85:58:30:D1:F1:B3:E9
Signature algorithm name: SHA256withECDSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://nodejs.rz-bsd.my.corp/download/Root/2ee26c2d094ebd12366979664f4a9cac67864f15983aec0c4f4eb6f24d2d9812/ca.crt.cer
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: BA 37 20 B9 65 35 01 C2 4B DB 0A DA 0A 90 07 76 .7 .e5..K......v
0010: 5E 23 39 3B 93 61 7C 03 34 EB B7 92 48 EF A1 FB ^#9;.a..4...H...
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://nodejs.rz-bsd.my.corp/download/Root/2ee26c2d094ebd12366979664f4a9cac67864f15983aec0c4f4eb6f24d2d9812/crl.der]
]]
#5: ObjectId: 2.5.29.37 Criticality=true
ExtendedKeyUsages [
timeStamping
]
#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
]
#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: nodejs.rz-bsd.my.corp
]
#8: ObjectId: 1.3.6.1.5.5.7.1.11 Criticality=false
SubjectInfoAccess [
[
accessMethod: timeStamping
accessLocation: URIName: http://nodejs.rz-bsd.my.corp/tsa/Root
]
]
#9: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 13 AE 20 FC F5 98 8C 7E 41 DB DB 91 23 1B 91 FD .. .....A...#...
0010: 59 E5 B5 9A F8 03 39 31 42 F1 6E C0 1A 0B 61 3D Y.....91B.n...a=
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Now trying to sign a JAR file using the TSA certificate:
(venv) node@nodejs /u/h/node> jarsigner -verbose:all -certs -tsacert tsa acme4j/jose4j/target/jose4j-0.7.3-SNAPSHOT.jar mykey
Enter Passphrase for keystore:
requesting a signature timestamp
TSA certificate: X.509, CN=TSA, OU=PKI Services, O=My.Corp, C=DE
[trusted certificate]
jarsigner: unable to sign jar: sun.security.pkcs.ParsingException: Unable to parse the encoded bytes
This command fails, although signing without a timestamp works fine. Tracing the HTTP timestamp request with tcpdump shows the following:
# tcpdump -i lo0 -XX port 1880
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 262144 bytes
16:57:26.222415 IP6 localhost.18201 > localhost.1880: Flags [S], seq 170651008, win 65535, options [mss 16324,nop,wscale 6,sackOK,TS val 1473951903 ecr 0], length 0
0x0000: 1c00 0000 6003 a897 0028 0640 0000 0000 ....`....(.@....
0x0010: 0000 0000 0000 0000 0000 0001 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0001 4719 0758 ............G..X
0x0030: 0a2b ed80 0000 0000 a002 ffff 0030 0000 .+...........0..
0x0040: 0204 3fc4 0103 0306 0402 080a 57da b89f ..?.........W...
0x0050: 0000 0000 ....
16:57:26.222440 IP6 localhost.1880 > localhost.18201: Flags [R.], seq 0, ack 170651009, win 0, length 0
0x0000: 1c00 0000 6000 0000 0014 0640 0000 0000 ....`......@....
0x0010: 0000 0000 0000 0000 0000 0001 0000 0000 ................
0x0020: 0000 0000 0000 0000 0000 0001 0758 4719 .............XG.
0x0030: 0000 0000 0a2b ed81 5014 0000 001c 0000 .....+..P.......
16:57:26.222523 IP localhost.52950 > localhost.1880: Flags [S], seq 1414298252, win 65535, options [mss 16344,nop,wscale 6,sackOK,TS val 3454229032 ecr 0], length 0
0x0000: 0200 0000 4500 003c 0000 4000 4006 0000 ....E..<..>
0x0010: 7f00 0001 7f00 0001 ced6 0758 544c 7a8c ...........XTLz.
0x0020: 0000 0000 a002 ffff fe30 0000 0204 3fd8 .........0....?.
0x0030: 0103 0306 0402 080a cde3 5a28 0000 0000 ..........Z(....
16:57:26.222539 IP localhost.1880 > localhost.52950: Flags [S.], seq 1956795267, ack 1414298253, win 65535, options [mss 16344,nop,wscale 6,sackOK,TS val 1568017152 ecr 3454229032], length 0
0x0000: 0200 0000 4500 003c 0000 4000 4006 0000 ....E..<..>
0x0010: 7f00 0001 7f00 0001 0758 ced6 74a2 5383 .........X..t.S.
0x0020: 544c 7a8d a012 ffff fe30 0000 0204 3fd8 TLz......0....?.
0x0030: 0103 0306 0402 080a 5d76 0b00 cde3 5a28 ........]v....Z(
16:57:26.222550 IP localhost.52950 > localhost.1880: Flags [.], ack 1, win 1276, options [nop,nop,TS val 3454229032 ecr 1568017152], length 0
0x0000: 0200 0000 4500 0034 0000 4000 4006 0000 ....E..4..@.@...
0x0010: 7f00 0001 7f00 0001 ced6 0758 544c 7a8d ...........XTLz.
0x0020: 74a2 5384 8010 04fc fe28 0000 0101 080a t.S......(......
0x0030: cde3 5a28 5d76 0b00 ..Z(]v..
16:57:26.222623 IP localhost.52950 > localhost.1880: Flags [P.], seq 1:475, ack 1, win 1276, options [nop,nop,TS val 3454229032 ecr 1568017152], length 474
0x0000: 0200 0000 4500 020e 0000 4000 4006 0000 ....E.....@.@...
0x0010: 7f00 0001 7f00 0001 ced6 0758 544c 7a8d ...........XTLz.
0x0020: 74a2 5384 8018 04fc 0003 0000 0101 080a t.S.............
0x0030: cde3 5a28 5d76 0b00 504f 5354 202f 7473 ..Z(]v..POST./ts
0x0040: 612f 526f 6f74 2048 5454 502f 312e 310d a/Root.HTTP/1.1.
0x0050: 0a48 6f73 743a 206c 6f63 616c 686f 7374 .Host:.localhost
0x0060: 3a31 3838 300d 0a43 6163 6865 2d43 6f6e :1880..Cache-Con
0x0070: 7472 6f6c 3a20 6e6f 2d63 6163 6865 0d0a trol:.no-cache..
0x0080: 5072 6167 6d61 3a20 6e6f 2d63 6163 6865 Pragma:.no-cache
0x0090: 0d0a 5573 6572 2d41 6765 6e74 3a20 4a61 ..User-Agent:.Ja
0x00a0: 7661 2f31 312e 302e 370d 0a41 6363 6570 va/11.0.7..Accep
0x00b0: 743a 2074 6578 742f 6874 6d6c 2c20 696d t:.text/html,.im
0x00c0: 6167 652f 6769 662c 2069 6d61 6765 2f6a age/gif,.image/j
0x00d0: 7065 672c 202a 3b20 713d 2e32 2c20 2a2f peg,.*;.q=.2,.*/
0x00e0: 2a3b 2071 3d2e 320d 0a43 6f6e 7465 6e74 *;.q=.2..Content
0x00f0: 2d54 7970 653a 2061 7070 6c69 6361 7469 -Type:.applicati
0x0100: 6f6e 2f6f 6374 6574 2d73 7472 6561 6d0d on/octet-stream.
0x0110: 0a58 2d46 6f72 7761 7264 6564 2d50 726f .X-Forwarded-Pro
0x0120: 746f 3a20 6874 7470 0d0a 582d 466f 7277 to:.http..X-Forw
0x0130: 6172 6465 642d 466f 723a 2031 302e 3139 arded-For:.10.19
0x0140: 382e 3230 332e 3137 370d 0a58 2d46 6f72 8.203.177..X-For
0x0150: 7761 7264 6564 2d48 6f73 743a 206e 6f64 warded-Host:.nod
0x0160: 656a 732e 727a 2d62 7364 2e6d 792e 636f ejs.rz-bsd.my.co
0x0170: 7270 0d0a 582d 466f 7277 6172 6465 642d rp..X-Forwarded-
0x0180: 5365 7276 6572 3a20 6e6f 6465 6a73 2e72 Server:.nodejs.r
0x0190: 7a2d 6273 642e 6d79 2e63 6f72 700d 0a43 z-bsd.my.corp..C
0x01a0: 6f6e 7465 6e74 2d4c 656e 6774 683a 2036 ontent-Length:.6
0x01b0: 390d 0a43 6f6e 6e65 6374 696f 6e3a 204b 9..Connection:.K
0x01c0: 6565 702d 416c 6976 650d 0a0d 0a30 4302 eep-Alive....0C.
0x01d0: 0101 3031 300d 0609 6086 4801 6503 0402 ..010...`.H.e...
0x01e0: 0105 0004 2072 ef83 1667 4785 5035 7621 .....r...gG.P5v!
0x01f0: 01bf a184 8c44 6fe9 196d b502 389f 8cec .....Do..m..8...
0x0200: a211 0fe4 3702 0805 2424 c099 002e e301 ....7...$$......
0x0210: 01ff ..
16:57:26.306796 IP localhost.1880 > localhost.52950: Flags [P.], seq 1:2208, ack 475, win 1276, options [nop,nop,TS val 1568017236 ecr 3454229032], length 2207
0x0000: 0200 0000 4500 08d3 0000 4000 4006 0000 ....E.....@.@...
0x0010: 7f00 0001 7f00 0001 0758 ced6 74a2 5384 .........X..t.S.
0x0020: 544c 7c67 8018 04fc 06c8 0000 0101 080a TL|g............
0x0030: 5d76 0b54 cde3 5a28 4854 5450 2f31 2e31 ]v.T..Z(HTTP/1.1
0x0040: 2032 3030 204f 4b0d 0a58 2d50 6f77 6572 .200.OK..X-Power
0x0050: 6564 2d42 793a 2045 7870 7265 7373 0d0a ed-By:.Express..
0x0060: 636f 6e74 656e 742d 7479 7065 3a20 6170 content-type:.ap
0x0070: 706c 6963 6174 696f 6e2f 7469 6d65 7374 plication/timest
0x0080: 616d 702d 7265 706c 790d 0a43 6f6e 7465 amp-reply..Conte
0x0090: 6e74 2d4c 656e 6774 683a 2031 3939 360d nt-Length:.1996.
0x00a0: 0a45 5461 673a 2057 2f22 3763 632d 6d44 .ETag:.W/"7cc-mD
0x00b0: 635a 442f 6545 2f64 2f6d 736d 6b49 7853 cZD/eE/d/msmkIxS
0x00c0: 636e 6855 7638 7631 6722 0d0a 4461 7465 cnhUv8v1g"..Date
0x00d0: 3a20 5375 6e2c 2031 3620 4175 6720 3230 :.Sun,.16.Aug.20
0x00e0: 3230 2030 373a 3537 3a32 3620 474d 540d 20.07:57:26.GMT.
0x00f0: 0a43 6f6e 6e65 6374 696f 6e3a 206b 6565 .Connection:.kee
0x0100: 702d 616c 6976 650d 0a0d 0a30 8207 c830 p-alive....0...0
0x0110: 0902 0100 3004 0c02 4f4b 3082 07b9 0609 ....0...OK0.....
0x0120: 2a86 4886 f70d 0107 02a0 8207 aa30 8207 *.H..........0..
0x0130: a602 0101 310b 3009 0605 2b0e 0302 1a05 ....1.0...+.....
0x0140: 0030 8180 060b 2a86 4886 f70d 0109 1001 .0....*.H.......
0x0150: 04a0 7104 6f30 6d02 0101 060a 2b06 0104 ..q.o0m.....+...
0x0160: 81f4 6905 0102 3031 300d 0609 6086 4801 ..i...010...`.H.
0x0170: 6503 0402 0105 0004 2072 ef83 1667 4785 e........r...gG.
0x0180: 5035 7621 01bf a184 8c44 6fe9 196d b502 P5v!.....Do..m..
0x0190: 389f 8cec a211 0fe4 3702 0105 1813 3230 8.......7.....20
0x01a0: 3230 3038 3136 3037 3537 3236 2e32 3239 200816075726.229
0x01b0: 5a30 0481 0201 f401 01ff 0208 0524 24c0 Z0...........$$.
0x01c0: 9900 2ee3 a082 049d 3082 0499 3082 041e ........0...0...
0x01d0: a003 0201 0202 2100 c400 919b 2f59 157c ......!...../Y.|
0x01e0: 4a9d 41db 73a6 01c5 d0d7 360e c17e f917 J.A.s.....6..~..
0x01f0: f7fe 32d1 99bf 9809 300a 0608 2a86 48ce ..2.....0...*.H.
0x0200: 3d04 0302 3045 310b 3009 0603 5504 0613 =...0E1.0...U...
0x0210: 0244 4531 1030 0e06 0355 040a 0c07 4d79 .DE1.0...U....My
0x0220: 2e43 6f72 7031 1530 1306 0355 040b 0c0c .Corp1.0...U....
0x0230: 504b 4920 5365 7276 6963 6573 310d 300b PKI.Services1.0.
0x0240: 0603 5504 030c 0452 6f6f 7430 1e17 0d32 ..U....Root0...2
0x0250: 3030 3831 3130 3433 3634 365a 170d 3237 00811043646Z..27
0x0260: 3038 3130 3034 3336 3436 5a30 4431 0b30 0810043646Z0D1.0
0x0270: 0906 0355 0406 1302 4445 3110 300e 0603 ...U....DE1.0...
0x0280: 5504 0a0c 074d 792e 436f 7270 3115 3013 U....My.Corp1.0.
0x0290: 0603 5504 0b0c 0c50 4b49 2053 6572 7669 ..U....PKI.Servi
0x02a0: 6365 7331 0c30 0a06 0355 0403 0c03 5453 ces1.0...U....TS
0x02b0: 4130 8201 2230 0d06 092a 8648 86f7 0d01 A0.."0...*.H....
0x02c0: 0101 0500 0382 010f 0030 8201 0a02 8201 .........0......
0x02d0: 0100 8fab e4e3 519e 40cf bc57 cb93 de3f ......Q.@..W...?
0x02e0: 32c0 f2b2 5fc9 2b4e 8979 8f74 e72c de0b 2..._.+N.y.t.,..
0x02f0: cd64 a3f1 d8c8 f5a6 304d 782b 9015 d636 .d......0Mx+...6
0x0300: e50a be5b 2311 fddf c33c d3af 4d41 bcc6 ...[#....<..ma..>
0x0310: 5814 a40b 0e75 7508 b826 4bb2 a1a4 2eb7 X....uu..&K.....
0x0320: ab0e 29ca d485 4b9a d2da f2bb b90d c243 ..)...K........C
0x0330: accc 7c89 3e28 a7ff cfa6 6ec4 f6b9 e73f ..|.>(....n....?
0x0340: 1129 c800 07bf 269f 86bc f9a5 e4bf 5590 .)....&.......U.
0x0350: 2d6c c58f 84e9 ef6c d628 bde3 004c a803 -l.....l.(...L..
0x0360: 8792 e6fe d652 8a67 02e5 2d39 75bc 1215 .....R.g..-9u...
0x0370: 8308 cfcb 2b9c a59d 16bc a327 e01d 9d4c ....+......'...L
0x0380: 72bf 0eae c99a 6d35 492d ac7c a403 d66d r.....m5I-.|...m
0x0390: db10 9a74 fb80 5083 4f51 9bff 0d1b 1510 ...t..P.OQ......
0x03a0: 12f4 b9c4 c140 0fa8 8b19 238b 7ddd 6a3d .....@....#.}.j=
0x03b0: 5b5c d2fe 0baf 167a 3e33 be5e e52c c026 [\.....z>3.^.,.&
0x03c0: 24b1 e1aa abdc 09d1 a6a3 a4e5 625c e218 $...........b\..
0x03d0: 3285 0203 0100 01a3 8202 1330 8202 0f30 2..........0...0
0x03e0: 2b06 0355 1d23 0424 3022 8020 ba37 20b9 +..U.#.$0"...7..
0x03f0: 6535 01c2 4bdb 0ada 0a90 0776 5e23 393b e5..K......v^#9;
0x0400: 9361 7c03 34eb b792 48ef a1fb 3029 0603 .a|.4...H...0)..
0x0410: 551d 0e04 2204 2013 ae20 fcf5 988c 7e41 U...".........~A
0x0420: dbdb 9123 1b91 fd59 e5b5 9af8 0339 3142 ...#...Y.....91B
0x0430: f16e c01a 0b61 3d30 0906 0355 1d13 0402 .n...a=0...U....
0x0440: 3000 300e 0603 551d 0f01 01ff 0404 0302 0.0...U.........
0x0450: 06c0 3016 0603 551d 2501 01ff 040c 300a ..0...U.%.....0.
0x0460: 0608 2b06 0105 0507 0308 3081 8406 0355 ..+.......0....U
0x0470: 1d1f 047d 307b 3079 a077 a075 8673 6874 ...}0{0y.w.u.sht
0x0480: 7470 3a2f 2f6e 6f64 656a 732e 727a 2d62 tp://nodejs.rz-b
0x0490: 7364 2e6d 792e 636f 7270 2f64 6f77 6e6c sd.my.corp/downl
0x04a0: 6f61 642f 526f 6f74 2f32 6565 3236 6332 oad/Root/2ee26c2
0x04b0: 6430 3934 6562 6431 3233 3636 3937 3936 d094ebd123669796
0x04c0: 3634 6634 6139 6361 6336 3738 3634 6631 64f4a9cac67864f1
0x04d0: 3539 3833 6165 6330 6334 6634 6562 3666 5983aec0c4f4eb6f
0x04e0: 3234 6432 6439 3831 322f 6372 6c2e 6465 24d2d9812/crl.de
0x04f0: 7230 8195 0608 2b06 0105 0507 0101 0481 r0....+.........
0x0500: 8830 8185 3081 8206 082b 0601 0505 0730 .0..0....+.....0
0x0510: 0286 7668 7474 703a 2f2f 6e6f 6465 6a73 ..vhttp://nodejs
0x0520: 2e72 7a2d 6273 642e 6d79 2e63 6f72 702f .rz-bsd.my.corp/
0x0530: 646f 776e 6c6f 6164 2f52 6f6f 742f 3265 download/Root/2e
0x0540: 6532 3663 3264 3039 3465 6264 3132 3336 e26c2d094ebd1236
0x0550: 3639 3739 3636 3466 3461 3963 6163 3637 6979664f4a9cac67
0x0560: 3836 3466 3135 3938 3361 6563 3063 3466 864f15983aec0c4f
0x0570: 3465 6236 6632 3464 3264 3938 3132 2f63 4eb6f24d2d9812/c
0x0580: 612e 6372 742e 6365 7230 2006 0355 1d11 a.crt.cer0...U..
0x0590: 0419 3017 8215 6e6f 6465 6a73 2e72 7a2d ..0...nodejs.rz-
0x05a0: 6273 642e 6d79 2e63 6f72 7030 4106 082b bsd.my.corp0A..+
0x05b0: 0601 0505 0701 0b04 3530 3330 3106 082b ........50301..+
0x05c0: 0601 0505 0730 0386 2568 7474 703a 2f2f .....0..%http://
0x05d0: 6e6f 6465 6a73 2e72 7a2d 6273 642e 6d79 nodejs.rz-bsd.my
0x05e0: 2e63 6f72 702f 7473 612f 526f 6f74 300a .corp/tsa/Root0.
0x05f0: 0608 2a86 48ce 3d04 0302 0369 0030 6602 ..*.H.=....i.0f.
0x0600: 3100 83ed bd6a bf0b 0ba3 ceb2 e1f5 9853 1....j.........S
0x0610: 44c8 e623 a99b a84c 141d dbdd 4b79 296a D..#...L....Ky)j
0x0620: 6641 8498 fe9b bdb6 881c b040 b294 77a5 fA.........@..w.
0x0630: 212f 0231 00d3 8ecc 8602 0d5a 62e3 33e6 !/.1.......Zb.3.
0x0640: b14d d8a6 07dd 2fe0 9518 bbb3 fe90 3ebd .M..../.......>.
0x0650: f7b4 1148 98f4 3dc0 73a6 fcea cd2d 1fc4 ...H..=.s....-..
0x0660: 9a9e 1562 ad31 8202 6e30 8202 6a02 0101 ...b.1..n0..j...
0x0670: 306a 3045 310b 3009 0603 5504 0613 0244 0j0E1.0...U....D
0x0680: 4531 1030 0e06 0355 040a 0c07 4d79 2e43 E1.0...U....My.C
0x0690: 6f72 7031 1530 1306 0355 040b 0c0c 504b orp1.0...U....PK
0x06a0: 4920 5365 7276 6963 6573 310d 300b 0603 I.Services1.0...
0x06b0: 5504 030c 0452 6f6f 7402 2100 c400 919b U....Root.!.....
0x06c0: 2f59 157c 4a9d 41db 73a6 01c5 d0d7 360e /Y.|J.A.s.....6.
0x06d0: c17e f917 f7fe 32d1 99bf 9809 3009 0605 .~....2.....0...
0x06e0: 2b0e 0302 1a05 00a0 81da 3018 0609 2a86 +.........0...*.
0x06f0: 4886 f70d 0109 0331 0b06 092a 8648 86f7 H......1...*.H..
0x0700: 0d01 0701 3023 0609 2a86 4886 f70d 0109 ....0#..*.H.....
0x0710: 0431 1604 144e ca1a 64b0 dfc8 85bc da2e .1...N..d.......
0x0720: f3b4 2277 60a4 30ff 8930 8198 060b 2a86 .."w`.0..0....*.
0x0730: 4886 f70d 0109 1002 0c31 8188 3081 8530 H........1..0..0
0x0740: 8182 0414 004e 12e5 2285 cb8b 1506 1f0f .....N..".......
0x0750: 469a 68fa 1ff1 aaa9 306a 3045 310b 3009 F.h.....0j0E1.0.
0x0760: 0603 5504 0613 0244 4531 1030 0e06 0355 ..U....DE1.0...U
0x0770: 040a 0c07 4d79 2e43 6f72 7031 1530 1306 ....My.Corp1.0..
0x0780: 0355 040b 0c0c 504b 4920 5365 7276 6963 .U....PKI.Servic
0x0790: 6573 310d 300b 0603 5504 030c 0452 6f6f es1.0...U....Roo
0x07a0: 7402 2100 c400 919b 2f59 157c 4a9d 41db t.!...../Y.|J.A.
0x07b0: 73a6 01c5 d0d7 360e c17e f917 f7fe 32d1 s.....6..~....2.
0x07c0: 99bf 9809 300d 0609 2a86 4886 f70d 0101 ....0...*.H.....
0x07d0: 0505 0004 8201 0058 74ff 5e46 1afb 877f .......Xt.^F....
0x07e0: 34fe 1b0b 877d 42dd adbf 7457 7dc0 5da7 4....}B...tW}.].
0x07f0: 099b b187 91dc bf02 dd25 214e bf29 959b .........%!N.)..
0x0800: 1203 9c95 3191 759d e486 4013 a87b d557 ....1.u...@..{.W
0x0810: 0c47 2977 b636 aaa9 defa dd28 d513 2622 .G)w.6.....(..&"
0x0820: 08b5 9b38 8318 ae13 f53c c68c 3c85 ea2c ...8.....<..>
0x0830: 63b1 d2e8 7c29 96dd 91bb 1b40 09bb c368 c...|).....@...h
0x0840: c7bb 8268 167d 3fb5 a847 8623 a3f3 b50f ...h.}?..G.#....
0x0850: 4bd1 3c1b 46f1 57c1 ce86 54bf 07c8 66d2 K.<.f.w...t...f.>
0x0860: fe55 38a1 c2a3 38cb 27b1 ba21 3ed4 6b40 .U8...8.'..!>.k@
0x0870: aee1 ee4d c3f3 9678 a823 31d4 cfce c3f7 ...M...x.#1.....
0x0880: e653 8ec1 2eee 6acb 6d44 b6f4 723b 0665 .S....j.mD..r;.e
0x0890: ee96 c5a4 38ae 66c6 99f7 2397 f626 c90e ....8.f...#..&..
0x08a0: 9b6b d7c5 3069 aa64 1807 d27f b809 26fb .k..0i.d......&.
0x08b0: 0213 9759 bd32 b602 8f9d 7433 afde e5d7 ...Y.2....t3....
0x08c0: e362 2418 83e4 9d00 a0ee a8e5 c54c 4ad1 .b$..........LJ.
0x08d0: 6290 8c50 c176 27 b..P.v'
16:57:26.412465 IP localhost.52950 > localhost.1880: Flags [.], ack 2208, win 1276, options [nop,nop,TS val 3454229222 ecr 1568017236], length 0
0x0000: 0200 0000 4500 0034 0000 4000 4006 0000 ....E..4..@.@...
0x0010: 7f00 0001 7f00 0001 ced6 0758 544c 7c67 ...........XTL|g
0x0020: 74a2 5c23 8010 04fc fe28 0000 0101 080a t.\#.....(......
0x0030: cde3 5ae6 5d76 0b54 ..Z.]v.T
16:57:31.315697 IP localhost.1880 > localhost.52950: Flags [F.], seq 2208, ack 475, win 1276, options [nop,nop,TS val 1568022245 ecr 3454229222], length 0
0x0000: 0200 0000 4500 0034 0000 4000 4006 0000 ....E..4..@.@...
0x0010: 7f00 0001 7f00 0001 0758 ced6 74a2 5c23 .........X..t.\#
0x0020: 544c 7c67 8011 04fc fe28 0000 0101 080a TL|g.....(......
0x0030: 5d76 1ee5 cde3 5ae6 ]v....Z.
16:57:31.315782 IP localhost.52950 > localhost.1880: Flags [.], ack 2209, win 1276, options [nop,nop,TS val 3454234125 ecr 1568022245], length 0
0x0000: 0200 0000 4500 0034 0000 4000 4006 0000 ....E..4..@.@...
0x0010: 7f00 0001 7f00 0001 ced6 0758 544c 7c67 ...........XTL|g
0x0020: 74a2 5c24 8010 04fc fe28 0000 0101 080a t.\$.....(......
0x0030: cde3 6e0d 5d76 1ee5 ..n.]v..
Extracting the timestamp from the reply gives:
(venv) node@nodejs /u/h/node> cat tsr.tcpdump
308207c8300902010030040c024f4b308207b906092a864886f70d010702a08207aa308207a6020101310b300906052b0e03021a0500308180060b2a864886f70d0109100104a071046f306d020101060a2b06010481f4690501023031300d06096086480165030402010500042072ef83166747855035762101bfa1848c446fe9196db502389f8ceca2110fe437020105181332303230303831363037353732362e3232395a3004810201f40101ff0208052424c099002ee3a082049d308204993082041ea003020102022100c400919b2f59157c4a9d41db73a601c5d0d7360ec17ef917f7fe32d199bf9809300a06082a8648ce3d0403023045310b30090603550406130244453110300e060355040a0c074d792e436f727031153013060355040b0c0c504b49205365727669636573310d300b06035504030c04526f6f74301e170d3230303831313034333634365a170d3237303831303034333634365a3044310b30090603550406130244453110300e060355040a0c074d792e436f727031153013060355040b0c0c504b49205365727669636573310c300a06035504030c0354534130820122300d06092a864886f70d01010105000382010f003082010a02820101008fabe4e3519e40cfbc57cb93de3f32c0f2b25fc92b4e89798f74e72cde0bcd64a3f1d8c8f5a6304d782b9015d636e50abe5b2311fddfc33cd3af4d41bcc65814a40b0e757508b8264bb2a1a42eb7ab0e29cad4854b9ad2daf2bbb90dc243accc7c893e28a7ffcfa66ec4f6b9e73f1129c80007bf269f86bcf9a5e4bf55902d6cc58f84e9ef6cd628bde3004ca8038792e6fed6528a6702e52d3975bc12158308cfcb2b9ca59d16bca327e01d9d4c72bf0eaec99a6d35492dac7ca403d66ddb109a74fb8050834f519bff0d1b151012f4b9c4c1400fa88b19238b7ddd6a3d5b5cd2fe0baf167a3e33be5ee52cc02624b1e1aaabdc09d1a6a3a4e5625ce21832850203010001a38202133082020f302b0603551d23042430228020ba3720b9653501c24bdb0ada0a9007765e23393b93617c0334ebb79248efa1fb30290603551d0e0422042013ae20fcf5988c7e41dbdb91231b91fd59e5b59af803393142f16ec01a0b613d30090603551d1304023000300e0603551d0f0101ff0404030206c030160603551d250101ff040c300a06082b060105050703083081840603551d1f047d307b3079a077a0758673687474703a2f2f6e6f64656a732e727a2d6273642e6d792e636f72702f646f776e6c6f61642f526f6f742f326565323663326430393465626431323336363937393636346634613963616336373836346631353938336165633063346634656236663234643264393831322f63726c2e64657230819506082b0601050507010104818830818530818206082b060105050730028676687474703a2f2f6e6f64656a732e727a2d6273642e6d792e636f72702f646f776e6c6f61642f526f6f742f326565323663326430393465626431323336363937393636346634613963616336373836346631353938336165633063346634656236663234643264393831322f63612e6372742e63657230200603551d110419301782156e6f64656a732e727a2d6273642e6d792e636f7270304106082b0601050507010b04353033303106082b060105050730038625687474703a2f2f6e6f64656a732e727a2d6273642e6d792e636f72702f7473612f526f6f74300a06082a8648ce3d040302036900306602310083edbd6abf0b0ba3ceb2e1f5985344c8e623a99ba84c141ddbdd4b79296a66418498fe9bbdb6881cb040b29477a5212f023100d38ecc86020d5a62e333e6b14dd8a607dd2fe09518bbb3fe903ebdf7b4114898f43dc073a6fceacd2d1fc49a9e1562ad3182026e3082026a020101306a3045310b30090603550406130244453110300e060355040a0c074d792e436f727031153013060355040b0c0c504b49205365727669636573310d300b06035504030c04526f6f74022100c400919b2f59157c4a9d41db73a601c5d0d7360ec17ef917f7fe32d199bf9809300906052b0e03021a0500a081da301806092a864886f70d010903310b06092a864886f70d010701302306092a864886f70d010904311604144eca1a64b0dfc885bcda2ef3b4227760a430ff89308198060b2a864886f70d010910020c3181883081853081820414004e12e52285cb8b15061f0f469a68fa1ff1aaa9306a3045310b30090603550406130244453110300e060355040a0c074d792e436f727031153013060355040b0c0c504b49205365727669636573310d300b06035504030c04526f6f74022100c400919b2f59157c4a9d41db73a601c5d0d7360ec17ef917f7fe32d199bf9809300d06092a864886f70d0101050500048201005874ff5e461afb877f34fe1b0b877d42ddadbf74577dc05da7099bb18791dcbf02dd25214ebf29959b12039c953191759de4864013a87bd5570c472977b636aaa9defadd28d513262208b59b388318ae13f53cc68c3c85ea2c63b1d2e87c2996dd91bb1b4009bbc368c7bb8268167d3fb5a8478623a3f3b50f4bd13c1b46f157c1ce8654bf07c866d2fe5538a1c2a338cb27b1ba213ed46b40aee1ee4dc3f39678a82331d4cfcec3f7e6538ec12eee6acb6d44b6f4723b0665ee96c5a438ae66c699f72397f626c90e9b6bd7c53069aa641807d27fb80926fb02139759bd32b6028f9d7433afdee5d7e362241883e49d00a0eea8e5c54c4ad162908c50c17627
(venv) node@nodejs /u/h/node> cat tsr.tcpdump | xxd -r -p > tsr.tcpdump.der
(venv) node@nodejs /u/h/node> xxd tsr.tcpdump.der
00000000: 3082 07c8 3009 0201 0030 040c 024f 4b30 0...0....0...OK0
00000010: 8207 b906 092a 8648 86f7 0d01 0702 a082 .....*.H........
00000020: 07aa 3082 07a6 0201 0131 0b30 0906 052b ..0......1.0...+
00000030: 0e03 021a 0500 3081 8006 0b2a 8648 86f7 ......0....*.H..
00000040: 0d01 0910 0104 a071 046f 306d 0201 0106 .......q.o0m....
00000050: 0a2b 0601 0481 f469 0501 0230 3130 0d06 .+.....i...010..
00000060: 0960 8648 0165 0304 0201 0500 0420 72ef .`.H.e....... r.
00000070: 8316 6747 8550 3576 2101 bfa1 848c 446f ..gG.P5v!.....Do
00000080: e919 6db5 0238 9f8c eca2 110f e437 0201 ..m..8.......7..
00000090: 0518 1332 3032 3030 3831 3630 3735 3732 ...2020081607572
000000a0: 362e 3232 395a 3004 8102 01f4 0101 ff02 6.229Z0.........
000000b0: 0805 2424 c099 002e e3a0 8204 9d30 8204 ..$$.........0..
000000c0: 9930 8204 1ea0 0302 0102 0221 00c4 0091 .0.........!....
000000d0: 9b2f 5915 7c4a 9d41 db73 a601 c5d0 d736 ./Y.|J.A.s.....6
000000e0: 0ec1 7ef9 17f7 fe32 d199 bf98 0930 0a06 ..~....2.....0..
000000f0: 082a 8648 ce3d 0403 0230 4531 0b30 0906 .*.H.=...0E1.0..
00000100: 0355 0406 1302 4445 3110 300e 0603 5504 .U....DE1.0...U.
00000110: 0a0c 074d 792e 436f 7270 3115 3013 0603 ...My.Corp1.0...
00000120: 5504 0b0c 0c50 4b49 2053 6572 7669 6365 U....PKI Service
00000130: 7331 0d30 0b06 0355 0403 0c04 526f 6f74 s1.0...U....Root
00000140: 301e 170d 3230 3038 3131 3034 3336 3436 0...200811043646
00000150: 5a17 0d32 3730 3831 3030 3433 3634 365a Z..270810043646Z
00000160: 3044 310b 3009 0603 5504 0613 0244 4531 0D1.0...U....DE1
00000170: 1030 0e06 0355 040a 0c07 4d79 2e43 6f72 .0...U....My.Cor
00000180: 7031 1530 1306 0355 040b 0c0c 504b 4920 p1.0...U....PKI
00000190: 5365 7276 6963 6573 310c 300a 0603 5504 Services1.0...U.
000001a0: 030c 0354 5341 3082 0122 300d 0609 2a86 ...TSA0.."0...*.
000001b0: 4886 f70d 0101 0105 0003 8201 0f00 3082 H.............0.
000001c0: 010a 0282 0101 008f abe4 e351 9e40 cfbc ...........Q.@..
000001d0: 57cb 93de 3f32 c0f2 b25f c92b 4e89 798f W...?2..._.+N.y.
000001e0: 74e7 2cde 0bcd 64a3 f1d8 c8f5 a630 4d78 t.,...d......0Mx
000001f0: 2b90 15d6 36e5 0abe 5b23 11fd dfc3 3cd3 +...6...[#....<.>
00000200: af4d 41bc c658 14a4 0b0e 7575 08b8 264b .MA..X....uu..&K
00000210: b2a1 a42e b7ab 0e29 cad4 854b 9ad2 daf2 .......)...K....
00000220: bbb9 0dc2 43ac cc7c 893e 28a7 ffcf a66e ....C..|.>(....n
00000230: c4f6 b9e7 3f11 29c8 0007 bf26 9f86 bcf9 ....?.)....&....
00000240: a5e4 bf55 902d 6cc5 8f84 e9ef 6cd6 28bd ...U.-l.....l.(.
00000250: e300 4ca8 0387 92e6 fed6 528a 6702 e52d ..L.......R.g..-
00000260: 3975 bc12 1583 08cf cb2b 9ca5 9d16 bca3 9u.......+......
00000270: 27e0 1d9d 4c72 bf0e aec9 9a6d 3549 2dac '...Lr.....m5I-.
00000280: 7ca4 03d6 6ddb 109a 74fb 8050 834f 519b |...m...t..P.OQ.
00000290: ff0d 1b15 1012 f4b9 c4c1 400f a88b 1923 ..........@....#
000002a0: 8b7d dd6a 3d5b 5cd2 fe0b af16 7a3e 33be .}.j=[\.....z>3.
000002b0: 5ee5 2cc0 2624 b1e1 aaab dc09 d1a6 a3a4 ^.,.&$..........
000002c0: e562 5ce2 1832 8502 0301 0001 a382 0213 .b\..2..........
000002d0: 3082 020f 302b 0603 551d 2304 2430 2280 0...0+..U.#.$0".
000002e0: 20ba 3720 b965 3501 c24b db0a da0a 9007 .7 .e5..K......
000002f0: 765e 2339 3b93 617c 0334 ebb7 9248 efa1 v^#9;.a|.4...H..
00000300: fb30 2906 0355 1d0e 0422 0420 13ae 20fc .0)..U...". .. .
00000310: f598 8c7e 41db db91 231b 91fd 59e5 b59a ...~A...#...Y...
00000320: f803 3931 42f1 6ec0 1a0b 613d 3009 0603 ..91B.n...a=0...
00000330: 551d 1304 0230 0030 0e06 0355 1d0f 0101 U....0.0...U....
00000340: ff04 0403 0206 c030 1606 0355 1d25 0101 .......0...U.%..
00000350: ff04 0c30 0a06 082b 0601 0505 0703 0830 ...0...+.......0
00000360: 8184 0603 551d 1f04 7d30 7b30 79a0 77a0 ....U...}0{0y.w.
00000370: 7586 7368 7474 703a 2f2f 6e6f 6465 6a73 u.shttp://nodejs
00000380: 2e72 7a2d 6273 642e 6d79 2e63 6f72 702f .rz-bsd.my.corp/
00000390: 646f 776e 6c6f 6164 2f52 6f6f 742f 3265 download/Root/2e
000003a0: 6532 3663 3264 3039 3465 6264 3132 3336 e26c2d094ebd1236
000003b0: 3639 3739 3636 3466 3461 3963 6163 3637 6979664f4a9cac67
000003c0: 3836 3466 3135 3938 3361 6563 3063 3466 864f15983aec0c4f
000003d0: 3465 6236 6632 3464 3264 3938 3132 2f63 4eb6f24d2d9812/c
000003e0: 726c 2e64 6572 3081 9506 082b 0601 0505 rl.der0....+....
000003f0: 0701 0104 8188 3081 8530 8182 0608 2b06 ......0..0....+.
00000400: 0105 0507 3002 8676 6874 7470 3a2f 2f6e ....0..vhttp://n
00000410: 6f64 656a 732e 727a 2d62 7364 2e6d 792e odejs.rz-bsd.my.
00000420: 636f 7270 2f64 6f77 6e6c 6f61 642f 526f corp/download/Ro
00000430: 6f74 2f32 6565 3236 6332 6430 3934 6562 ot/2ee26c2d094eb
00000440: 6431 3233 3636 3937 3936 3634 6634 6139 d12366979664f4a9
00000450: 6361 6336 3738 3634 6631 3539 3833 6165 cac67864f15983ae
00000460: 6330 6334 6634 6562 3666 3234 6432 6439 c0c4f4eb6f24d2d9
00000470: 3831 322f 6361 2e63 7274 2e63 6572 3020 812/ca.crt.cer0
00000480: 0603 551d 1104 1930 1782 156e 6f64 656a ..U....0...nodej
00000490: 732e 727a 2d62 7364 2e6d 792e 636f 7270 s.rz-bsd.my.corp
000004a0: 3041 0608 2b06 0105 0507 010b 0435 3033 0A..+........503
000004b0: 3031 0608 2b06 0105 0507 3003 8625 6874 01..+.....0..%ht
000004c0: 7470 3a2f 2f6e 6f64 656a 732e 727a 2d62 tp://nodejs.rz-b
000004d0: 7364 2e6d 792e 636f 7270 2f74 7361 2f52 sd.my.corp/tsa/R
000004e0: 6f6f 7430 0a06 082a 8648 ce3d 0403 0203 oot0...*.H.=....
000004f0: 6900 3066 0231 0083 edbd 6abf 0b0b a3ce i.0f.1....j.....
00000500: b2e1 f598 5344 c8e6 23a9 9ba8 4c14 1ddb ....SD..#...L...
00000510: dd4b 7929 6a66 4184 98fe 9bbd b688 1cb0 .Ky)jfA.........
00000520: 40b2 9477 a521 2f02 3100 d38e cc86 020d @..w.!/.1.......
00000530: 5a62 e333 e6b1 4dd8 a607 dd2f e095 18bb Zb.3..M..../....
00000540: b3fe 903e bdf7 b411 4898 f43d c073 a6fc ...>....H..=.s..
00000550: eacd 2d1f c49a 9e15 62ad 3182 026e 3082 ..-.....b.1..n0.
00000560: 026a 0201 0130 6a30 4531 0b30 0906 0355 .j...0j0E1.0...U
00000570: 0406 1302 4445 3110 300e 0603 5504 0a0c ....DE1.0...U...
00000580: 074d 792e 436f 7270 3115 3013 0603 5504 .My.Corp1.0...U.
00000590: 0b0c 0c50 4b49 2053 6572 7669 6365 7331 ...PKI Services1
000005a0: 0d30 0b06 0355 0403 0c04 526f 6f74 0221 .0...U....Root.!
000005b0: 00c4 0091 9b2f 5915 7c4a 9d41 db73 a601 ...../Y.|J.A.s..
000005c0: c5d0 d736 0ec1 7ef9 17f7 fe32 d199 bf98 ...6..~....2....
000005d0: 0930 0906 052b 0e03 021a 0500 a081 da30 .0...+.........0
000005e0: 1806 092a 8648 86f7 0d01 0903 310b 0609 ...*.H......1...
000005f0: 2a86 4886 f70d 0107 0130 2306 092a 8648 *.H......0#..*.H
00000600: 86f7 0d01 0904 3116 0414 4eca 1a64 b0df ......1...N..d..
00000610: c885 bcda 2ef3 b422 7760 a430 ff89 3081 ......."w`.0..0.
00000620: 9806 0b2a 8648 86f7 0d01 0910 020c 3181 ...*.H........1.
00000630: 8830 8185 3081 8204 1400 4e12 e522 85cb .0..0.....N.."..
00000640: 8b15 061f 0f46 9a68 fa1f f1aa a930 6a30 .....F.h.....0j0
00000650: 4531 0b30 0906 0355 0406 1302 4445 3110 E1.0...U....DE1.
00000660: 300e 0603 5504 0a0c 074d 792e 436f 7270 0...U....My.Corp
00000670: 3115 3013 0603 5504 0b0c 0c50 4b49 2053 1.0...U....PKI S
00000680: 6572 7669 6365 7331 0d30 0b06 0355 0403 ervices1.0...U..
00000690: 0c04 526f 6f74 0221 00c4 0091 9b2f 5915 ..Root.!...../Y.
000006a0: 7c4a 9d41 db73 a601 c5d0 d736 0ec1 7ef9 |J.A.s.....6..~.
000006b0: 17f7 fe32 d199 bf98 0930 0d06 092a 8648 ...2.....0...*.H
000006c0: 86f7 0d01 0105 0500 0482 0100 5874 ff5e ............Xt.^
000006d0: 461a fb87 7f34 fe1b 0b87 7d42 ddad bf74 F....4....}B...t
000006e0: 577d c05d a709 9bb1 8791 dcbf 02dd 2521 W}.]..........%!
000006f0: 4ebf 2995 9b12 039c 9531 9175 9de4 8640 N.)......1.u...@
00000700: 13a8 7bd5 570c 4729 77b6 36aa a9de fadd ..{.W.G)w.6.....
00000710: 28d5 1326 2208 b59b 3883 18ae 13f5 3cc6 (..&"...8.....<.>
00000720: 8c3c 85ea 2c63 b1d2 e87c 2996 dd91 bb1b .<..>
00000730: 4009 bbc3 68c7 bb82 6816 7d3f b5a8 4786 @...h...h.}?..G.
00000740: 23a3 f3b5 0f4b d13c 1b46 f157 c1ce 8654 #....K.<.f.w...t>
00000750: bf07 c866 d2fe 5538 a1c2 a338 cb27 b1ba ...f..U8...8.'..
00000760: 213e d46b 40ae e1ee 4dc3 f396 78a8 2331 !>.k@...M...x.#1
00000770: d4cf cec3 f7e6 538e c12e ee6a cb6d 44b6 ......S....j.mD.
00000780: f472 3b06 65ee 96c5 a438 ae66 c699 f723 .r;.e....8.f...#
00000790: 97f6 26c9 0e9b 6bd7 c530 69aa 6418 07d2 ..&...k..0i.d...
000007a0: 7fb8 0926 fb02 1397 59bd 32b6 028f 9d74 ...&....Y.2....t
000007b0: 33af dee5 d7e3 6224 1883 e49d 00a0 eea8 3.....b$........
000007c0: e5c5 4c4a d162 908c 50c1 7627 ..LJ.b..P.v'
(venv) node@nodejs /u/h/node> openssl asn1parse -in tsr.tcpdump.der -inform DER -i
0:d=0 hl=4 l=1992 cons: SEQUENCE
4:d=1 hl=2 l= 9 cons: SEQUENCE
6:d=2 hl=2 l= 1 prim: INTEGER :00
9:d=2 hl=2 l= 4 cons: SEQUENCE
11:d=3 hl=2 l= 2 prim: UTF8STRING :OK
15:d=1 hl=4 l=1977 cons: SEQUENCE
19:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
30:d=2 hl=4 l=1962 cons: cont [ 0 ]
34:d=3 hl=4 l=1958 cons: SEQUENCE
38:d=4 hl=2 l= 1 prim: INTEGER :01
41:d=4 hl=2 l= 11 cons: SET
43:d=5 hl=2 l= 9 cons: SEQUENCE
45:d=6 hl=2 l= 5 prim: OBJECT :sha1
52:d=6 hl=2 l= 0 prim: NULL
54:d=4 hl=3 l= 128 cons: SEQUENCE
57:d=5 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
70:d=5 hl=2 l= 113 cons: cont [ 0 ]
72:d=6 hl=2 l= 111 prim: OCTET STRING [HEX DUMP]:306D020101060A2B06010481F4690501023031300D06096086480165030402010500042072EF83166747855035762101BFA1848C446FE9196DB502389F8CECA2110FE437020105181332303230303831363037353732362E3232395A3004810201F40101FF0208052424C099002EE3
185:d=4 hl=4 l=1181 cons: cont [ 0 ]
189:d=5 hl=4 l=1177 cons: SEQUENCE
193:d=6 hl=4 l=1054 cons: SEQUENCE
197:d=7 hl=2 l= 3 cons: cont [ 0 ]
199:d=8 hl=2 l= 1 prim: INTEGER :02
202:d=7 hl=2 l= 33 prim: INTEGER :C400919B2F59157C4A9D41DB73A601C5D0D7360EC17EF917F7FE32D199BF9809
237:d=7 hl=2 l= 10 cons: SEQUENCE
239:d=8 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
249:d=7 hl=2 l= 69 cons: SEQUENCE
251:d=8 hl=2 l= 11 cons: SET
253:d=9 hl=2 l= 9 cons: SEQUENCE
255:d=10 hl=2 l= 3 prim: OBJECT :countryName
260:d=10 hl=2 l= 2 prim: PRINTABLESTRING :DE
264:d=8 hl=2 l= 16 cons: SET
266:d=9 hl=2 l= 14 cons: SEQUENCE
268:d=10 hl=2 l= 3 prim: OBJECT :organizationName
273:d=10 hl=2 l= 7 prim: UTF8STRING :My.Corp
282:d=8 hl=2 l= 21 cons: SET
284:d=9 hl=2 l= 19 cons: SEQUENCE
286:d=10 hl=2 l= 3 prim: OBJECT :organizationalUnitName
291:d=10 hl=2 l= 12 prim: UTF8STRING :PKI Services
305:d=8 hl=2 l= 13 cons: SET
307:d=9 hl=2 l= 11 cons: SEQUENCE
309:d=10 hl=2 l= 3 prim: OBJECT :commonName
314:d=10 hl=2 l= 4 prim: UTF8STRING :Root
320:d=7 hl=2 l= 30 cons: SEQUENCE
322:d=8 hl=2 l= 13 prim: UTCTIME :200811043646Z
337:d=8 hl=2 l= 13 prim: UTCTIME :270810043646Z
352:d=7 hl=2 l= 68 cons: SEQUENCE
354:d=8 hl=2 l= 11 cons: SET
356:d=9 hl=2 l= 9 cons: SEQUENCE
358:d=10 hl=2 l= 3 prim: OBJECT :countryName
363:d=10 hl=2 l= 2 prim: PRINTABLESTRING :DE
367:d=8 hl=2 l= 16 cons: SET
369:d=9 hl=2 l= 14 cons: SEQUENCE
371:d=10 hl=2 l= 3 prim: OBJECT :organizationName
376:d=10 hl=2 l= 7 prim: UTF8STRING :My.Corp
385:d=8 hl=2 l= 21 cons: SET
387:d=9 hl=2 l= 19 cons: SEQUENCE
389:d=10 hl=2 l= 3 prim: OBJECT :organizationalUnitName
394:d=10 hl=2 l= 12 prim: UTF8STRING :PKI Services
408:d=8 hl=2 l= 12 cons: SET
410:d=9 hl=2 l= 10 cons: SEQUENCE
412:d=10 hl=2 l= 3 prim: OBJECT :commonName
417:d=10 hl=2 l= 3 prim: UTF8STRING :TSA
422:d=7 hl=4 l= 290 cons: SEQUENCE
426:d=8 hl=2 l= 13 cons: SEQUENCE
428:d=9 hl=2 l= 9 prim: OBJECT :rsaEncryption
439:d=9 hl=2 l= 0 prim: NULL
441:d=8 hl=4 l= 271 prim: BIT STRING
716:d=7 hl=4 l= 531 cons: cont [ 3 ]
720:d=8 hl=4 l= 527 cons: SEQUENCE
724:d=9 hl=2 l= 43 cons: SEQUENCE
726:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
731:d=10 hl=2 l= 36 prim: OCTET STRING [HEX DUMP]:30228020BA3720B9653501C24BDB0ADA0A9007765E23393B93617C0334EBB79248EFA1FB
769:d=9 hl=2 l= 41 cons: SEQUENCE
771:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
776:d=10 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:042013AE20FCF5988C7E41DBDB91231B91FD59E5B59AF803393142F16EC01A0B613D
812:d=9 hl=2 l= 9 cons: SEQUENCE
814:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
819:d=10 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
823:d=9 hl=2 l= 14 cons: SEQUENCE
825:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
830:d=10 hl=2 l= 1 prim: BOOLEAN :255
833:d=10 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030206C0
839:d=9 hl=2 l= 22 cons: SEQUENCE
841:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
846:d=10 hl=2 l= 1 prim: BOOLEAN :255
849:d=10 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070308
863:d=9 hl=3 l= 132 cons: SEQUENCE
866:d=10 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
871:d=10 hl=2 l= 125 prim: OCTET STRING [HEX DUMP]:307B3079A077A0758673687474703A2F2F6E6F64656A732E727A2D6273642E6D792E636F72702F646F776E6C6F61642F526F6F742F326565323663326430393465626431323336363937393636346634613963616336373836346631353938336165633063346634656236663234643264393831322F63726C2E646572
998:d=9 hl=3 l= 149 cons: SEQUENCE
1001:d=10 hl=2 l= 8 prim: OBJECT :Authority Information Access
1011:d=10 hl=3 l= 136 prim: OCTET STRING [HEX DUMP]:30818530818206082B060105050730028676687474703A2F2F6E6F64656A732E727A2D6273642E6D792E636F72702F646F776E6C6F61642F526F6F742F326565323663326430393465626431323336363937393636346634613963616336373836346631353938336165633063346634656236663234643264393831322F63612E6372742E636572
1150:d=9 hl=2 l= 32 cons: SEQUENCE
1152:d=10 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
1157:d=10 hl=2 l= 25 prim: OCTET STRING [HEX DUMP]:301782156E6F64656A732E727A2D6273642E6D792E636F7270
1184:d=9 hl=2 l= 65 cons: SEQUENCE
1186:d=10 hl=2 l= 8 prim: OBJECT :Subject Information Access
1196:d=10 hl=2 l= 53 prim: OCTET STRING [HEX DUMP]:3033303106082B060105050730038625687474703A2F2F6E6F64656A732E727A2D6273642E6D792E636F72702F7473612F526F6F74
1251:d=6 hl=2 l= 10 cons: SEQUENCE
1253:d=7 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256
1263:d=6 hl=2 l= 105 prim: BIT STRING
1370:d=4 hl=4 l= 622 cons: SET
1374:d=5 hl=4 l= 618 cons: SEQUENCE
1378:d=6 hl=2 l= 1 prim: INTEGER :01
1381:d=6 hl=2 l= 106 cons: SEQUENCE
1383:d=7 hl=2 l= 69 cons: SEQUENCE
1385:d=8 hl=2 l= 11 cons: SET
1387:d=9 hl=2 l= 9 cons: SEQUENCE
1389:d=10 hl=2 l= 3 prim: OBJECT :countryName
1394:d=10 hl=2 l= 2 prim: PRINTABLESTRING :DE
1398:d=8 hl=2 l= 16 cons: SET
1400:d=9 hl=2 l= 14 cons: SEQUENCE
1402:d=10 hl=2 l= 3 prim: OBJECT :organizationName
1407:d=10 hl=2 l= 7 prim: UTF8STRING :My.Corp
1416:d=8 hl=2 l= 21 cons: SET
1418:d=9 hl=2 l= 19 cons: SEQUENCE
1420:d=10 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1425:d=10 hl=2 l= 12 prim: UTF8STRING :PKI Services
1439:d=8 hl=2 l= 13 cons: SET
1441:d=9 hl=2 l= 11 cons: SEQUENCE
1443:d=10 hl=2 l= 3 prim: OBJECT :commonName
1448:d=10 hl=2 l= 4 prim: UTF8STRING :Root
1454:d=7 hl=2 l= 33 prim: INTEGER :C400919B2F59157C4A9D41DB73A601C5D0D7360EC17EF917F7FE32D199BF9809
1489:d=6 hl=2 l= 9 cons: SEQUENCE
1491:d=7 hl=2 l= 5 prim: OBJECT :sha1
1498:d=7 hl=2 l= 0 prim: NULL
1500:d=6 hl=3 l= 218 cons: cont [ 0 ]
1503:d=7 hl=2 l= 24 cons: SEQUENCE
1505:d=8 hl=2 l= 9 prim: OBJECT :contentType
1516:d=8 hl=2 l= 11 cons: SET
1518:d=9 hl=2 l= 9 prim: OBJECT :pkcs7-data
1529:d=7 hl=2 l= 35 cons: SEQUENCE
1531:d=8 hl=2 l= 9 prim: OBJECT :messageDigest
1542:d=8 hl=2 l= 22 cons: SET
1544:d=9 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:4ECA1A64B0DFC885BCDA2EF3B4227760A430FF89
1566:d=7 hl=3 l= 152 cons: SEQUENCE
1569:d=8 hl=2 l= 11 prim: OBJECT :id-smime-aa-signingCertificate
1582:d=8 hl=3 l= 136 cons: SET
1585:d=9 hl=3 l= 133 cons: SEQUENCE
1588:d=10 hl=3 l= 130 cons: SEQUENCE
1591:d=11 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:004E12E52285CB8B15061F0F469A68FA1FF1AAA9
1613:d=11 hl=2 l= 106 cons: SEQUENCE
1615:d=12 hl=2 l= 69 cons: SEQUENCE
1617:d=13 hl=2 l= 11 cons: SET
1619:d=14 hl=2 l= 9 cons: SEQUENCE
1621:d=15 hl=2 l= 3 prim: OBJECT :countryName
1626:d=15 hl=2 l= 2 prim: PRINTABLESTRING :DE
1630:d=13 hl=2 l= 16 cons: SET
1632:d=14 hl=2 l= 14 cons: SEQUENCE
1634:d=15 hl=2 l= 3 prim: OBJECT :organizationName
1639:d=15 hl=2 l= 7 prim: UTF8STRING :My.Corp
1648:d=13 hl=2 l= 21 cons: SET
1650:d=14 hl=2 l= 19 cons: SEQUENCE
1652:d=15 hl=2 l= 3 prim: OBJECT :organizationalUnitName
1657:d=15 hl=2 l= 12 prim: UTF8STRING :PKI Services
1671:d=13 hl=2 l= 13 cons: SET
1673:d=14 hl=2 l= 11 cons: SEQUENCE
1675:d=15 hl=2 l= 3 prim: OBJECT :commonName
1680:d=15 hl=2 l= 4 prim: UTF8STRING :Root
1686:d=12 hl=2 l= 33 prim: INTEGER :C400919B2F59157C4A9D41DB73A601C5D0D7360EC17EF917F7FE32D199BF9809
1721:d=6 hl=2 l= 13 cons: SEQUENCE
1723:d=7 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
1734:d=7 hl=2 l= 0 prim: NULL
1736:d=6 hl=4 l= 256 prim: OCTET STRING [HEX DUMP]:5874FF5E461AFB877F34FE1B0B877D42DDADBF74577DC05DA7099BB18791DCBF02DD25214EBF29959B12039C953191759DE4864013A87BD5570C472977B636AAA9DEFADD28D513262208B59B388318AE13F53CC68C3C85EA2C63B1D2E87C2996DD91BB1B4009BBC368C7BB8268167D3FB5A8478623A3F3B50F4BD13C1B46F157C1CE8654BF07C866D2FE5538A1C2A338CB27B1BA213ED46B40AEE1EE4DC3F39678A82331D4CFCEC3F7E6538EC12EEE6ACB6D44B6F4723B0665EE96C5A438AE66C699F72397F626C90E9B6BD7C53069AA641807D27FB80926FB02139759BD32B6028F9D7433AFDEE5D7E362241883E49D00A0EEA8E5C54C4AD162908C50C17627
While parsing the timestamp seems to work (as long as TSA isn't specified):
(venv) node@nodejs /u/h/node> openssl ts -reply -in tsr.tcpdump.der -text
Using configuration from /etc/ssl/openssl.cnf
Status info:
Status: Granted.
Status description: OK
Failure info: unspecified
TST info:
Version: 1
Policy OID: 1.3.6.1.4.31337.5.1.2
Hash Algorithm: sha256
Message data:
0000 - 72 ef 83 16 67 47 85 50-35 76 21 01 bf a1 84 8c r...gG.P5v!.....
0010 - 44 6f e9 19 6d b5 02 38-9f 8c ec a2 11 0f e4 37 Do..m..8.......7
Serial number: 0x05
Time stamp: Aug 16 07:57:26.229 2020 GMT
Accuracy: unspecified seconds, unspecified millis, 0x01F4 micros
Ordering: yes
Nonce: 0x052424C099002EE3
TSA: unspecified
Extensions:
The verification fails, too:
(venv) node@nodejs /u/h/node> cat Root.ca.crt.pem
-----BEGIN CERTIFICATE-----
MIICHjCCAaOgAwIBAgIgLuJsLQlOvRI2aXlmT0qcrGeGTxWYOuwMT0628k0tmBIw
CgYIKoZIzj0EAwIwRTELMAkGA1UEBhMCREUxEDAOBgNVBAoMB015LkNvcnAxFTAT
BgNVBAsMDFBLSSBTZXJ2aWNlczENMAsGA1UEAwwEUm9vdDAeFw0yMDA4MDIxMjM5
NThaFw0zMDA4MDIxMjM5NThaMEUxCzAJBgNVBAYTAkRFMRAwDgYDVQQKDAdNeS5D
b3JwMRUwEwYDVQQLDAxQS0kgU2VydmljZXMxDTALBgNVBAMMBFJvb3QwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAATDOP1vOk4lEfYxQtP7Sy7QzfYX3+Tu0I0PTSR1eHJq
sjVYWw9xS1z/rMyBofT9C349YldyA/TPvhcreLdBhMnhj+1lbR64bTpRfvx4A+XJ
ioAYprXYMzwFhlcSmRtBj+GjSDBGMCkGA1UdDgQiBCC6NyC5ZTUBwkvbCtoKkAd2
XiM5O5NhfAM067eSSO+h+zAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBhjAKBggq
hkjOPQQDAgNpADBmAjEA4I8uUMQCC3Jh8nlYRK+mMr17nXf4mPhPUUDl9KTc6sbE
arM8WUUEpPQBg4KV26U8AjEAgGsJRoWDpxSk0uQhTaezfX39go5onkHLShZcZIp7
sDV6gZklbX9bC8kcgSj6/VO1
-----END CERTIFICATE-----
(venv) node@nodejs /u/h/node> openssl ts -verify -in tsr.tcpdump.der -digest 72ef831667478550 -CAfile Root.ca.crt
Using configuration from /etc/ssl/openssl.cnf
Verification: FAILED
34371092480:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:1130:
34371092480:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:290:Type=ESS_CERT_ID
34371092480:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:596:Field=cert_ids, Type=ESS_SIGNING_CERT
34371092480:error:2F067065:time stamp routines:ts_check_signing_certs:ess signing certificate error:/usr/src/crypto/openssl/crypto/ts/ts_rsp_verify.c:254:
When using openssl cms the signature can be verified:
(venv) node@nodejs /u/h/node [0|1]> openssl ts -reply -in tsr.tcpdump.der -token_out -out tsr.tcpdump.cms.der
Using configuration from /etc/ssl/openssl.cnf
(venv) node@nodejs /u/h/node [0|1]> openssl cms -in tsr.tcpdump.cms.der -inform DER -cmsout -verify -CAfile Root.ca.crt -purpose any | openssl asn1parse -inform DER
Verification successful
0:d=0 hl=2 l= 109 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :01
5:d=1 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.31337.5.1.2
17:d=1 hl=2 l= 49 cons: SEQUENCE
19:d=2 hl=2 l= 13 cons: SEQUENCE
21:d=3 hl=2 l= 9 prim: OBJECT :sha256
32:d=3 hl=2 l= 0 prim: NULL
34:d=2 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:72EF83166747855035762101BFA1848C446FE9196DB502389F8CECA2110FE437
68:d=1 hl=2 l= 1 prim: INTEGER :05
71:d=1 hl=2 l= 19 prim: GENERALIZEDTIME :20200816075726.229Z
92:d=1 hl=2 l= 4 cons: SEQUENCE
94:d=2 hl=2 l= 2 prim: cont [ 1 ]
98:d=1 hl=2 l= 1 prim: BOOLEAN :255
101:d=1 hl=2 l= 8 prim: INTEGER :052424C099002EE3
Am I doing something wrong here? How can jsrsasign to be used to generate timestemp for use with openssl ts or jsrsasign?