CAcert System Admins discussion list

[Wytze van der Raay <wytze AT cacert.org>]

Hi Ulrich,

On 24.06.2013 00:02, 
ulrich AT cacert.org
 wrote:
> regarding the index.txt file ...
> 
>> * Take a copy of the index.txt file to USB stick for off-site analysis
> of
>>   the serial number collision problem.
> 
> What's the content / structure of the index.txt file ?

It's a simple ascii file, containing one line per issued certificate.
Each line contains 6 tab-separated fields, which are:
 1. record type (V = valid, R = revoked, E = expired)
 2. expiration date
 3. revocation date (empty when not revoked)
 4. serial number of the certificate
 5. filename of the certificate (currently unused, always set to "unknown")
 6. the certificate subject, for example something like
    /C=AU/ST=NSW/L=Sydney/O=CA Cert/OU=Server
Administration/CN=secure.cacert.org/Email=support AT cacert.org

Note that "E" (expired_ entries do not occur in CAcert's index.txt files
at this moment, since the option (-updatedb) to create them is currently
not enabled.

> does it include only the issued key's serial numbers ?
> or is other personal identifiable information included in this file ?

The certificate subject contains clearly personal identifiable information,
especially with e-mail certificates.

> or is a documentation about the structure of the index.txt file
> located somewhere else that is unknown to me ?

I haven't found any "official" documentation for this format, it's easily
learned though from the openssl source code (see in particular apps/apps.h,
the definitions for DB_*), or by observing an actual index.txt file, for
example on cacert1.it-sls.de:/etc/ssl/CA/index.txt

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature