Additional information in cert

schoen · November 4, 2017, 9:15pm

I think the QR code can be represented as a bitmapped image made of characters, as apparently the smallest one is 29 pixels by 29 pixels.

There might not be characters which have a sufficiently large and sufficiently small number of illuminated pixels to allow a QR code reader to recognize the code directly from the displayed text on screen, so people might have to transform the characters to increase the contrast before recognizing the QR code.

eisi123 · November 4, 2017, 9:24pm

Yes, i know
Print it out and use a pencil to “illuminate” the ones or zeros
This is a QR-Code too

rg305 · November 4, 2017, 9:24pm

I don’t think any default QR-code scanner will scan either of our ideas.
It may need a custom scanner app.

[edit] It is difficult for the QR code to be placed directly into the SAN without specialized app to read it.
If only a puzzle piece, that leads to another piece/prize/location, is held in the SAN then that makes things easier for cert coding.

eisi123 · November 4, 2017, 9:34pm

Copy this with a pencil to paper with squares ( I don’t know the English word)
Every QR-code scanner will scan it
Belive me geocachers in my area are very special ones
This is “only” difficult level 4/5

schoen · November 4, 2017, 9:37pm

In English this is called graph paper or a grid (sometimes also "grid paper").

It's nice to hear that this hobby has developed so far and is providing such sophisticated challenges to people. It reminds me quite a bit of puzzle competitions that I participate in as well.

schoen · November 4, 2017, 9:56pm

An example of what I was thinking of, following @rg305’s example (though I did not try to issue a certificate like this):

aa-----------------------------------------.example.com
ab-----------------------------------------.example.com
ac-----------------------------------------.example.com
ad-----------------------------------------.example.com
ae----XXXXXXX--X------X-XXXX-X--XXXXXXX----.example.com
af----X-----X-XX-XXX-XXX---XX-X-X-----X----.example.com
ag----X-XXX-X--XXX--XX---XXXX---X-XXX-X----.example.com
ah----X-XXX-X-XX-X-XXX-X-X--X---X-XXX-X----.example.com
ai----X-XXX-X---X-XX--X-XXXXXX--X-XXX-X----.example.com
aj----X-----X-X-X----XX---X---X-X-----X----.example.com
ak----XXXXXXX-X-X-X-X-X-X-X-X-X-XXXXXXX----.example.com
al----------------X-------XX-X-------------.example.com
am----XXXXX-XXXXX-XXXX-XX---XXXX-X-X-X-----.example.com
an------XX-----X------X-XXXX-X-XX---XXX----.example.com
ao-----X-XXXXXXX-XX-XXX-X--XX--X--X-XX-----.example.com
ap----XXX------XXX--X-X-X-XXX-X-X-XXXXX----.example.com
aq-----XX-X-X--X-X-XX--X-X--XXXX-XX--XX----.example.com
ar----XX--X---X-X-X-X-X-XXXXXX--X--XX-X----.example.com
as----XX-X-XXXXX---X-XXX------X-XXXXXX-----.example.com
at----X-XXX-----X-X--XX-X-XXX-XX-X--X------.example.com
au------XXX-XX-XX-XXXX-X-X--X-XX--X---X----.example.com
av----X-XXXX--XXX---X-XXXXXXXXX-X---X-X----.example.com
aw------X---XX--XXXX-XXX--XXX-XX-X--XX-----.example.com
ax-----X------XX-X--X-X----X-X---X-XX------.example.com
ay----X-X--XXXX--X---X-X----XXXX--XX-------.example.com
az----XXX--X------XX--X--XX--X--X--XX-X----.example.com
ba----X-XX--X-X-X--XXX-XX--X---X-X--X------.example.com
bb----X-X--X------XX-X--X--XX-XX-X-XXX-----.example.com
bc----X-X-XXX-XXX-X-XX-XXX--X-XXXXX---X----.example.com
bd------------XX--------XXX---X---X--------.example.com
be----XXXXXXX-X--XX--XX-X-X-XXX-X-X-XX-----.example.com
bf----X-----X--X-X--XXX-XX-X-XX---XXX------.example.com
bg----X-XXX-X-XX-X---X-X----X-XXXXX--------.example.com
bh----X-XXX-X-XX--XXX-X--XXX--XX-XX--------.example.com
bi----X-XXX-X-XXX--XXX------X-XXXX-XXX-----.example.com
bj----X-----X-XX--XX-X--X--XX-----XXX------.example.com
bk----XXXXXXX-XX--X-X--X------XXXX-X-X-----.example.com
bl-----------------------------------------.example.com
bm-----------------------------------------.example.com
bn-----------------------------------------.example.com
bo-----------------------------------------.example.com

rg305 · November 4, 2017, 9:58pm

I wonder if you could store more and access it easier via Crypto-Coin systems…
Maybe even start a GeoCachersCoin (with no intended value) just for the sake of coders having an easy place to put stuff.

eisi123 · November 4, 2017, 10:06pm

Grid Okay. Next time I should know this
Okay, this looks great.
Maybe I should change the “-” to zero and the “x” to one.
Or if this become very sick change the “-” to 2^x and the “x” to a prime number
I think we should stop now. I think if we have one or two more days they don’t hate me they will kill me
Some of the local cachers know my realname

rg305 · November 4, 2017, 10:17pm

After much “manipulation”…
That seems to do the “trick” !
“I hope this provides an interesting challenge for the geocachers” was revealed.

Final working manipulation:
change “-” to <space>
change “X” to <alt 219>

Unfortunately it only worked on iPhone, Android not liking it…

rg305 · November 5, 2017, 4:27am

Yeah I think this format may not pass checks; as the 3rd and 4th char fields are “–”.
I think it should work using three “lead sorting” chars.

schoen · November 5, 2017, 4:32am

The problem for me in solving your puzzle was that the solution method was considerably easier than I thought (a very common occurrence when solving puzzles that may involve codes and ciphers or hidden information ). The coordinates are N51 10.444 E7 10.444 (the same ones cited by @eisi123 above, somewhere near Remscheid, North Rhine-Westphalia, Germany).

Maybe you’ll go down in history as the first person to make a working puzzle based on a valid PKI certificate.

rg305 · November 5, 2017, 4:37am

That would be a nice epitaph - LOL

schoen · November 5, 2017, 4:40am

You're correct. I think @jsha posted about this a few months ago, but I was unable to find his post just now. However, the Boulder CA code exactly supports your recollection of this restriction (which is related to standards for internationalized domain names):

github.com

letsencrypt/boulder/blob/53a180bf22e42dcac18fe2f383733185bcf91c91/policy/pa.go#L107


      
          	// RFC 1034 says DNS labels have a max of 63 octets, and names have a max of 255
          	// octets: https://tools.ietf.org/html/rfc1035#page-10. Since two of those octets
          	// are taken up by the leading length byte and the trailing root period the actual
          	// max length becomes 253.
          	maxLabelLength         = 63
          	maxDNSIdentifierLength = 253
          )
          
          var dnsLabelRegexp = regexp.MustCompile("^[a-z0-9][a-z0-9-]{0,62}$")
          var punycodeRegexp = regexp.MustCompile("^xn--")
          var idnReservedRegexp = regexp.MustCompile("^[a-z0-9]{2}--")
          
          func isDNSCharacter(ch byte) bool {
          	return ('a' <= ch && ch <= 'z') ||
          		('A' <= ch && ch <= 'Z') ||
          		('0' <= ch && ch <= '9') ||
          		ch == '.' || ch == '-'
          }
          
          var (
          	errInvalidIdentifier   = berrors.MalformedError("Invalid identifier type")

According to this code, your suggestion of three alphanumeric characters before the hyphens (instead of two) should also work.

system · December 5, 2017, 4:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The problem of certificate Help	13	635	June 18, 2023
Google Chrome EV/CA Fake name? Help	7	883	January 29, 2020
How much a stranger can learn about my certificate? Help	10	349	June 15, 2024
Certificate issues - works in chrome but not IE Help	5	994	October 6, 2018
Certificate issues - works in chrome but not IE Help	6	1272	August 23, 2019

Additional information in cert

Related topics