[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: encoding an X.509 certificate
Tom Scavo wrote:
> I've asked the following question in a number of forums with no luck.
> I'm hoping someone with intimate knowledge of ASN.1 encodings can help
> me out here. Many thanks in advance.
> Currently there are three profiles before the OASIS Security Services
> Technical Committee (SSTC) that rely on XML elements of the form:
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> Interestingly, the above element has sparked a vigorous debate within
> the SSTC, which has since spread to the W3C XML Signature WG. The
> issue involves the ASN.1 encoding of the underlying certificate (which
> is base64 encoded in the XML). Specifically, should the certificate
> be DER-encoded or should the encoding be left unspecified?
> So my question is: If you were given an X.509 certificate of unknown
> encoding, could you determine the encoding by simply inspecting the
> bytes? Does your favorite ASN.1 library support such a function?
Surely an X.509 certificate is, by definition, in DER?
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff