[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Authority Key Identifier

To: "'Jong 't, D (Dennis)'" <D.Jong@xxxxxxxxxxxxxx>
Subject: RE: Authority Key Identifier
From: "Hamrick, Matt" <HamrickM@xxxxxxxxxxxxx>
Date: Wed, 23 Oct 2002 10:18:43 -0400
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Also... as a followup to Denis' response, you can find information about
ASN.1 and BER encoding in the X.680 family of specifications. Burt Kalliski
has also authored an article titled "a layman's guide to ASN.1" You can
search google or cryptonomicon.net to find the URLs for these articles. As a
fyi, most ITU specs cost money, but they allow people to download two or
three without charge each year. If you're going to spend money trying to
figure out ASN.1 and BER (and you really should figure these things out if
you have to do serious certificate work,) there are a couple of books on
ASN.1 I saw referenced on cryptonomicon.net. I think you could go there or
amazon.com and search for "ASN.1". I think I saw the book by Olivier
Dubuisson and thought it was a reasonable introduction to the subject.

-----Original Message-----
From: Jong 't, D (Dennis) [mailto:D.Jong@xxxxxxxxxxxxxx]
Sent: Monday, October 21, 2002 7:29 AM
To: 'ietf-pkix@xxxxxxx'
Subject: Authority Key Identifier



LS,

I have a question regarding the Authority Key Identifier (AKI) in an x509
certificate. When we resolve the AKI from the "CERT_CONTEXT" (MS IIS), it
returns a 24 bytes structure, like:
30 16 80 14 b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 e2 df 2f d5 20 69

The AKI should be 20 bytes long (RFC 2459, 4.2.1.2 using 160 bit SHA-1),
like:
b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 e2 df 2f d5 20 69

Does anyone know the purpose of those 4 trailing bytes? If Yes, is it save
to cut them off to substract the original AKI?

Met vriendelijke groet/with kind regards,
 
Dennis 't Jong
Technisch Specialist
Windows Server Management O&O - Beveiliging 

Rabobank ICT           Tel:    +31 30 21 52772
Kamer ZL-R255          Fax:    +31 30 21 51893
Laan van Eikenstein 9  Mobiel: +31 6 24481180
3705 AR Zeist          Email:  D.Jong@xxxxxxxxxxxxxx 
Nederland              Web:    http://www.RabobankICT.nl 




================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Follow-Ups:
- Re: Authority Key Identifier
  - From: DUBUISSON Olivier

Prev by Date: RE: draft-ietf-pkix-logotypes-06.txt
Next by Date: Re: Authority Key Identifier
Previous by thread: RE: Authority Key Identifier
Next by thread: Re: Authority Key Identifier
Index(es):
- Date
- Thread