[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DER encoding of KeyUsage BIT STRING

To: ietf-pkix@xxxxxxx
Subject: Re: DER encoding of KeyUsage BIT STRING
From: Dr S N Henson <drh@xxxxxxxxxxx>
Date: Tue, 06 Mar 2001 23:11:27 +0000
Organization: S N Henson
References: <>

Ambarish Malpani wrote:
> 
> SSLeay/OpenSSL does that. Seems to work pretty well with most
> things.
> 

The way OpenSSL handles BIT STRINGs goes something like this...

If the BIT STRING comes from an decoding a BIT STRING then the encoded
structure will precisely match the decoded one. This is primarily to
avoid breaking signatures.

If the BIT STRING is created internally then the number of unused bits
is set appropriately according to the number of trailing zeroes.

If the BIT STRING has certain flags set (which effectively mark it as
unnamed) then the number of bits is set to zero.

None of this however applies to certificate extensions because the
actual encoding is wrapped in an OCTET STRING. The actual extension
could contain completely unstructured garbage and it would still
reencode properly. 

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@xxxxxxxxxxxxxxxxxxxxxxxxxxx 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: drh@xxxxxxxxxxx PGP key: via homepage.

References:
- RE: DER encoding of KeyUsage BIT STRING
  - From: Ambarish Malpani

Prev by Date: RE: DER encoding of KeyUsage BIT STRING
Next by Date: Son-of-2459 - AIA with multiple AccessDescriptions with the sameaccessMethod
Previous by thread: RE: DER encoding of KeyUsage BIT STRING
Next by thread: RE: DER encoding of KeyUsage BIT STRING
Index(es):
- Date
- Thread