Tomas Gustavsson wrote:
Hmm, chapter 4.1 in RFC3280 clearly states: ----- 4.1 Basic Certificate Fields The X.509 v3 certificate basic syntax is as follows. For signature calculation, the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER) [X.690]. ASN.1 DER encoding is a tag, length, value encoding system for each element. -----
It says 'For signature calculation the date is encoded'. It does not say that how you encode it when you transfer it to someone.
Cheers, Tomas Peter Sylvester wrote:Juan Gonzalez wrote:Tom:From my pont of view, the X.509 standard assumes DER encoding for certificates.IMO it does not do that at all. A certficate is an ASN.1 data structurewhich is independant from a transfer syntax. X.509 does not even indicate that one must encode it in DER when it is transfered or stored. I vaguelyremember that somewhere else in ASN.1 there is a suggestion that when a part of a data structure is signed, that one should use DER as a transfer syntax in order to avoid reencoding. In practice I have never seen a certficate encoded in anything else than DER except in XER like flavour.
-- <http://www.edelweb.fr> *Edel/W/eb* Peter SYLVESTER Consultant Sécurité des Systèmes d'Information ----------------------------------------------------------- EdelWeb - Groupe ON-X 15, quai de Dion-Bouton F-92816 Puteaux Cedex Tel : +33.1.40.99.14.14 / Fax : +33.1.40.99.99.58 www.edelweb.fr <http://www.edelweb.fr> / www.on-x.com <http://www.on-x.com> -----------------------------------------------------------To verify the message signature, see edelpki.edelweb.fr <http://edelpki.edelweb.fr/> Cela vous permet de charger le certificat de l'autorité de racine <http://edelpki.edelweb.fr/cacerts/EdelPKI-ca.der>;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature