Hi, I'm integrating a DLMS library to an energy meter. I'm using Gurux DLMSDirector in order to check that the device can communicate with a client.
At the moment I'm trying to perform security personalisation of the server, as described in Green Book.
Generate Key Pair method call finishes successfully. After that I call Generate CSR and get "Invalid count." pop-up. You can find the trace below:
17:25:37
<WRAPPER len="22" >
<SourceAddress Value="20" />
<TargetAddress Value="1" />
<PDU>
<!-- Invocation Counter: 53 -->
<!-- Decrypt data: C3 01 C1 00 40 00 00 2B 00 01 FF 05 01 16 00
<ActionRequest>
<ActionRequestNormal>
# Priority: High, ServiceClass: Confirmed, Invoke ID: 1
<InvokeIdAndPriority Value="C1" />
<MethodDescriptor>
# SecuritySetup
<ClassId Value="0040" />
# 0.0.43.0.1.255
<InstanceId Value="00002B0001FF" />
# Generate certificate request
<MethodId Value="05" />
</MethodDescriptor>
<MethodInvocationParameters>
<Enum Value="00" />
</MethodInvocationParameters>
</ActionRequestNormal>
</ActionRequest>
</PDU>
</WRAPPER>
17:25:39
<WRAPPER len="170" >
<SourceAddress Value="1" />
<TargetAddress Value="20" />
<PDU>
<!-- Invocation Counter: 48 -->
<!-- Decrypt data: C7 01 C1 00 01 00 09 82 01 51 30 82 01 0D 30 81 B4 02 01 00 30 34 31 0F 30 0D 06 03 55 04 06 13 06 49 53 52 41 45 4C 31 0E 30 0C 06 03 55 04 0A 0C 05 53 41 54 45 43 31 11 30 0F 06 03 55 04 03 0C 08 53 41 54 61 34 61 66 61 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 61 B7 13 D5 46 4B F6 C3 D1 9F 94 C2 F3 68 F7 F0 EE E4 57 93 26 34 E0 9D 49 70 12 02 EF CF 76 B6 E3 73 F3 FF 3A 86 94 8E 42 C9 0A 88 32 03 90 BB B4 57 6E 52 C0 7B AD 58 3E 9A 92 4A 5C 4E 7B EA A0 1E 30 1C 06 09 2A 86 48 86 F7 0D 01 09 0E 31 0F 30 0D 30 0B 06 03 55 1D 0F 04 04 03 02 00 03 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 48 00 30 45 02 20 61 B7 13 D5 46 4B F6 C3 D1 9F 94 C2 F3 68 F7 F0 EE E4 57 93 26 34 E0 9D 49 70 12 02 EF CF 76 B6 02 21 00 B6 70 34 F2 4F B1 43 85 E0 70 AC 85 D6 5C 3B F8 CE AC FB 1A 77 8C 54 91 B1 91 45 68 A8 CF C1 51 61 B7 13 D5 46 4B F6 C3 D1 9F 94 C2 F3 68 F7 F0 EE E4 57 93 26 34 E0 9D 49 70 12 02 EF CF 76 B6 69 1E BC C4 73 93 4F A8 FD 66 16 32 A2 98 63 8F 0A 9C F0 BD 27 17 61 72 9B 0B B6 99 10 08 45 68
<ActionResponse>
<ActionResponseNormal>
# Priority: High, ServiceClass: Confirmed, Invoke ID: 1
<InvokeIdAndPriority Value="C1" />
<Result Value="Success" />
<ReturnParameters>
<Data>
<OctetString Value="3082010D3081B40201003034310F300D0603550406130649535241454C310E300C060355040A0C0553415445433111300F06035504030C0853415461346166613059301306072A8648CE3D020106082A8648CE3D0301070342000461B713D5464BF6C3D19F94C2F368F7F0EEE457932634E09D49701202EFCF76B6E373F3FF3A86948E42C90A88320390BBB4576E52C07BAD583E9A924A5C4E7BEAA01E301C06092A864886F70D01090E310F300D300B0603551D0F040403020003300A06082A8648CE3D0403020348003045022061B713D5464BF6C3D19F94C2F368F7F0EEE457932634E09D49701202EFCF76B6022100B67034F24FB14385E070AC85D65C3BF8CEACFB1A778C5491B1914568A8CFC15161B713D5464BF6C3D19F94C2F368F7F0EEE457932634E09D49701202EFCF76B6691EBCC473934FA8FD661632A298638F0A9CF0BD271761729B0BB69910084568" />
</Data>
</ReturnParameters>
</ActionResponseNormal>
</ActionResponse>
</PDU>
</WRAPPER>
I converted generated CSR from DER to PEM format and CSR looks correct. The length also looks fine. Could you please help me to figure out what is wrong?
Best regards,
Artsiom.
Hi, You have not encoded the…
Hi,
You have not encoded the length correctly. You cannot directly specify a length greater than 127. You can check your data with GXPkcs10.FromHexString method. It will help you to solve your problem.
GXPkcs10.FromHexString("3082010D3081B40201003034310F300D0603550406130649535241454C310E300C060355040A0C0553415445433111300F06035504030C0853415461346166613059301306072A8648CE3D020106082A8648CE3D0301070342000461B713D5464BF6C3D19F94C2F368F7F0EEE457932634E09D49701202EFCF76B6E373F3FF3A86948E42C90A88320390BBB4576E52C07BAD583E9A924A5C4E7BEAA01E301C06092A864886F70D01090E310F300D300B0603551D0F040403020003300A06082A8648CE3D0403020348003045022061B713D5464BF6C3D19F94C2F368F7F0EEE457932634E09D49701202EFCF76B6022100B67034F24FB14385E070AC85D65C3BF8CEACFB1A778C5491B1914568A8CFC15161B713D5464BF6C3D19F94C2F368F7F0EEE457932634E09D49701202EFCF76B6691EBCC473934FA8FD661632A298638F0A9CF0BD271761729B0BB69910084568");
BR,
Mikko
Hi Mikko, It looks like the…
Hi Mikko,
It looks like the length was encoded correctly, the length itself was incorrect. A DLMS library which I use appeared to have generated CSR incorrectly (it added a signature twice). After the lib had been fixed, I was able to generate certificate.
Best regards,
Artsiom.