mace-opensaml-users - Re: [OpenSAML] encoding an X.509 certificate
Subject: OpenSAML user discussion
List archive
- From: "Tom Scavo" <>
- To:
- Subject: Re: [OpenSAML] encoding an X.509 certificate
- Date: Wed, 5 Nov 2008 12:50:29 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=PFHEClo3j+85zgVaz/A4GskD1qI+Pg94hbu4NX7hE4pa4GHM3pQQhpW9Spoz8kLGU0 VoaUJ7xWJwKGJ8ekPdJM6ckT7eHpQ/GHfVb6Bi6223jMfGi/yddolg0IqGLfLE3m96Y6 l4zSxkPkp35e9AVnoG95d9r7iiWKgvmmVF0gk=
On Wed, Nov 5, 2008 at 10:51 AM, Scott Cantor
<>
wrote:
>
>> > So my question is: If you were given an X.509 certificate of unknown
>> > encoding, could you determine the encoding by simply inspecting the
>> > bytes? Does the OpenSAML library support such a function?
>
> I've since done more checking into the OpenSSL functions I'm using, and the
> functions that I thought were DER-specific actually come right out and say
> they handle some forms of BER as well, at least in the ASN.1 -> certificate
> object direction.
That's because BER and DER are related, DER being a restricted form of
BER. I can convert BER to DER but I don't know if the same algorithm
can be applied to DER in the first place. If so, I can blindly apply
the algorithm to obtain DER. If not, I need a away to detect the
encoding used.
Do your openssl functions require that you specify the encoding up
front or will it figure that out on its own?
> So I think my original supposition (and the feedback I was getting from the
> xmlsec WG) is correct. This encoding, like XML's, is simply implicitly
> handled by the underlying code, at least to some degree.
I think that's a stretch. Even if BER and DER can be handled
programmatically, what about CER, PER, and XER? Although I don't have
any hard evidence, I seriously doubt that such an algorithm could
exist. Even if it does, it seems like a lot of unnecessary work that
could be easily avoided by specifying the encoding precisely.
Tom
- encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Message not available
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
Archive powered by MHonArc 2.6.16.