On Wed, 07 Oct 2009, Wan-Teh Chang wrote:
On Wed, Oct 7, 2009 at 4:09 AM, Konstantin Andreev <andr...@swemel.ru> wrote:
I've checked this. SEC_ASN1_ANY saves tag-length prefix, but ignores tag
number, thus matches anything.
If SEC_ASN1_ANY doesn't work for you, the only solution I have is to re-encode
the decoded SECItem.
I think it's better to manually check the tag numbers, catched by SEC_ASN1_ANY.
I agree. Also, don't you need to eventually decode this DER-encoded item?
Oh, no.
At that time the decoder will have to check the tag numbers. Or is it the
recipient who will decode the DER-encoded item and you want to make sure you're
sending the right kind of item?
The question was inspired by decoding the following ASN1 structure
[RFC4491,sect.2.3.2]
GostR3410-2001-PublicKeyParameters ::=
SEQUENCE {
publicKeyParamSet OBJECT IDENTIFIER,
digestParamSet OBJECT IDENTIFIER,
encryptionParamSet OBJECT IDENTIFIER DEFAULT
id-Gost28147-89-CryptoPro-A-ParamSet
}
which comes from AlgorithmIdentifier.parameters field of the GOST private or
public key.
Later these parameters are used to create PKCS#11 objects. PKCS#11 mandates DER
encoding with tag-length prefix for them.
Best regards,
--
Konstantin Andreev, software engineer.
Swemel JSC
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
