OpenSAML user discussion

["Scott Cantor" <>]

> A certificate can never be encoded in DER format and within content of
> an XML element.  You can either have semi-PEM (DER-encoded that is then
> Base64 encoded) or true PEM encoded (DER-encoded that is Base64 encoded
> plus appropriate headers).

For the purposes of this question, you can ignore the base64 part. The 
question is what the Java will do with the ASN.1 bytes when you hand it off, 
if the encoding there isn't DER.

> > So my question is:  If you were given an X.509 certificate of unknown
> > encoding, could you determine the encoding by simply inspecting the
> > bytes?  Does the OpenSAML library support such a function?

I've since done more checking into the OpenSSL functions I'm using, and the 
functions that I thought were DER-specific actually come right out and say 
they handle some forms of BER as well, at least in the ASN.1 -> certificate 
object direction.

So I think my original supposition (and the feedback I was getting from the 
xmlsec WG) is correct. This encoding, like XML's, is simply implicitly 
handled by the underlying code, at least to some degree.

-- Scott