Reaching out to you with a kind of unusual request. I am working on eSIMs (embedded SIM cards) and the matching Subscription Manager infrastructure (See GSMA SGP02 doc, barely 300 pages ).
Anyway to cut it short I am using ECC keys and have no trouble generating them using openSSL and LetsEncrypt to create my X509 certificates. However in the SIM card industry (and smart card in general) when we need to store public keys/certificates on the cards using Card Verifiable Certificate instead of x.509. For my usage I am referring to the certs described in GlobalPlatform Specification Amendment e.
Basically, I am building my String to be signed using defined TLVs, and need my CI to sign it for me, and then I add the signing data to the original string using an additional TLV and VOILA I got my card compatible cert.
So my question it:
- Is there a way of using custom CSR to do just that (i could find a way to do all I wanted)?
- Is there any way to use certbot and its verification mechanism to get Letsencrypt to sign data for me?
Thanks for your help.
For info, here is what the cert looks like:
The data to be signed is (more or less) the first part of the cert without the signature (new users like me can only post one image)