I sent the CMC request off to the CA. I got back a binary reply which is stored in a byte[]. I write this to a file, run dumpasn1 on it and it says 0 errors, 0 warnings and it looks like a nice big SignedData sequence.
I'm trying to decode this into an actual SignedData object so I can begin to pull it apart using the following line of code (binaryResponse is the byte[] that I get back from CA and looks fine using dumpasn1, also I got this general format of decoding from some PKCS12 code (http://groups.google.com/group/netscape.public.mozilla.crypto/browse_frm/thread/42701df02911c90/661c2362de8e74f2?lnk=gst&q=asn1util&rnum=4#661c2362de8e74f2), I'm using code similar to this elsewhere in the project to export PKCS12 files and I'm using that line of code.): SignedData response = (SignedData) ASN1Util.decode(SignedData.getTemplate(), binaryResponse); The above nets me the following exception: org.mozilla.jss.asn1.InvalidBERException: SEQUENCE(item #0) >> Missing item #0: found UNIVERSAL 6 at org.mozilla.jss.asn1.SEQUENCE$Template.decode(SEQUENCE.java:389) at org.mozilla.jss.pkix.cms.SignedData$Template.decode(SignedData.java:419) at org.mozilla.jss.pkix.cms.SignedData$Template.decode(SignedData.java:413) at org.mozilla.jss.asn1.ASN1Util.decode(ASN1Util.java:68) The first few lines of output from dumpasn1: $ dumpasn1 -ahitd revoke-response.bin <30 82 0A 80> 0 2688: SEQUENCE { <06 09> 4 9: . OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) This meshes with RFC 2797 section 2.2 Figure 2 which shows the Full PKI Response being a CMS SignedData object. I know I'm getting a Full PKI Response by inspecting the output using dumpasn1, plus I'm not sending enrollment requests at the moment, it's a revocation request. The only place I find UNIVERSAL is in org.mozilla.jss.asn1.Tag and it means nothing to me with my floundering knowledge of ASN1. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
