Skip to Content.
Sympa Menu

mace-opensaml-users - encoding an X.509 certificate

Subject: OpenSAML user discussion

List archive

encoding an X.509 certificate


Chronological Thread 
  • From: "Tom Scavo" <>
  • To: OpenSAML <>
  • Subject: encoding an X.509 certificate
  • Date: Wed, 5 Nov 2008 08:52:47 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=rJ7dwHgA7+6827SDFE5hM5p0iOJ1V1zxXn6EHwfNhP1qL+SmvB0qI43mS9N1lZeDys zPcWFYFyiWDa42gNLc9Wruaa49rX9egZfBy82swukFnntQRqpUP1JqIy4L83wdKvlpRk 74L6jRQOkn+DnsWGkQb5v1Taou6LWnkGyq0t8=

Currently there are three profiles before the OASIS Security Services
Technical Committee (SSTC) that rely on XML elements of the form:

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>
MIIDuDCC...
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>

Interestingly, the above element has sparked a vigorous debate within
the SSTC, which has spread to the W3C XML Signature WG. The issue
involves the ASN.1 encoding of the underlying certificate.
Specifically, should the certificate be DER-encoded or should the
encoding be left unspecified?

So my question is: If you were given an X.509 certificate of unknown
encoding, could you determine the encoding by simply inspecting the
bytes? Does the OpenSAML library support such a function?

Thanks for shedding some light on this issue.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page