mace-opensaml-users - RE: [OpenSAML] encoding an X.509 certificate
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [OpenSAML] encoding an X.509 certificate
- Date: Wed, 5 Nov 2008 10:51:57 -0500
- Organization: The Ohio State University
> A certificate can never be encoded in DER format and within content of
> an XML element. You can either have semi-PEM (DER-encoded that is then
> Base64 encoded) or true PEM encoded (DER-encoded that is Base64 encoded
> plus appropriate headers).
For the purposes of this question, you can ignore the base64 part. The
question is what the Java will do with the ASN.1 bytes when you hand it off,
if the encoding there isn't DER.
> > So my question is: If you were given an X.509 certificate of unknown
> > encoding, could you determine the encoding by simply inspecting the
> > bytes? Does the OpenSAML library support such a function?
I've since done more checking into the OpenSSL functions I'm using, and the
functions that I thought were DER-specific actually come right out and say
they handle some forms of BER as well, at least in the ASN.1 -> certificate
object direction.
So I think my original supposition (and the feedback I was getting from the
xmlsec WG) is correct. This encoding, like XML's, is simply implicitly
handled by the underlying code, at least to some degree.
-- Scott
- encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Message not available
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
Archive powered by MHonArc 2.6.16.