OpenSAML user discussion

["Tom Scavo" <>]

On Wed, Nov 5, 2008 at 10:51 AM, Scott Cantor 
<>
 wrote:
>
>> > So my question is:  If you were given an X.509 certificate of unknown
>> > encoding, could you determine the encoding by simply inspecting the
>> > bytes?  Does the OpenSAML library support such a function?
>
> I've since done more checking into the OpenSSL functions I'm using, and the 
> functions that I thought were DER-specific actually come right out and say 
> they handle some forms of BER as well, at least in the ASN.1 -> certificate 
> object direction.

That's because BER and DER are related, DER being a restricted form of
BER.  I can convert BER to DER but I don't know if the same algorithm
can be applied to DER in the first place.  If so, I can blindly apply
the algorithm to obtain DER.  If not, I need a away to detect the
encoding used.

Do your openssl functions require that you specify the encoding up
front or will it figure that out on its own?

> So I think my original supposition (and the feedback I was getting from the 
> xmlsec WG) is correct. This encoding, like XML's, is simply implicitly 
> handled by the underlying code, at least to some degree.

I think that's a stretch.  Even if BER and DER can be handled
programmatically, what about CER, PER, and XER?  Although I don't have
any hard evidence, I seriously doubt that such an algorithm could
exist.  Even if it does, it seems like a lot of unnecessary work that
could be easily avoided by specifying the encoding precisely.

Tom