you can see using the lengths the second sequence contains only algoritm oid and parameters (in this case NULL parameters). This is AlgorithmIdentifier. Below the bit string contains the der encoding of subjectPublicKey (encoded).
Francesco Petruzzi [EMAIL PROTECTED] ----- Original Message ----- From: "Roger Boden" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, April 22, 2008 11:43 AM Subject: RE: DER encoding SubjectPublicKeyInfo Thanks, that explains the 0x30 tag value. What about the DER encoding? Is that correct? The 'openssl asn1parse' output of the DER encoding is: 0:d=0 hl=3 l= 159 cons: SEQUENCE 3:d=1 hl=2 l= 13 cons: SEQUENCE 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 16:d=2 hl=2 l= 0 prim: NULL 18:d=1 hl=3 l= 141 prim: BIT STRING To me this does not look correct. There is a NULL object that should not be there. Also the algorithm identifier and the bit string should be in the same sequence. What ASN.1 type is i2d_X509_PUBKEY() supposed to encode? Is this a bug in this function, or am I using the wrong API? Regards Roger ---------------------------------------- > To: [email protected] > Subject: Re: DER encoding SubjectPublicKeyInfo > From: [EMAIL PROTECTED] > Date: Tue, 22 Apr 2008 00:09:21 +0200 > > Hello, > > [EMAIL PROTECTED] wrote on 04/21/2008 10:45:18 PM: > >> >> Hi, >> >> I need to DER encode an RSA public key as a SubjectPublicKeyInfo. The > ASN.1 definition >> of SubjectPublicKeyInfo is >> SubjectPublicKeyInfo ::= SEQUENCE { >> algorithm AlgorithmIdentifier, >> subjectPublicKey BIT STRING } >> >> According to rfc 3279, the bit string subjectPublicKey should hold the > DER encoding of >> the following ASN.1 defintion: >> RSAPublicKey ::= SEQUENCE { >> modulus INTEGER, -- n >> publicExponent INTEGER } -- e >> >> In order to achieve this encoding I tried to call i2d_X509_PUBKEY(). The > DER output of >> this function for an RSA test key is: >> 0x30 0x81 0x9f 0x30 0x0d 0x06 0x09 0x2a >> 0x86 0x48 0x86 0xf7 0x0d 0x01 0x01 0x01 >> 0x05 0x00 0x03 0x81 0x8d 0x00 0x30 0x81 >> 0x89 0x02 0x81 0x81 0x00 0xac 0xaa 0x98 >> 0xf8 0xeb 0x58 0x8c 0x0d 0xec 0xf3 0xbe >> 0xd4 0xd0 0xd0 0xe8 0x0a 0x4d 0x02 0x70 >> 0x30 0xa1 0x1f 0xea 0xa1 0x02 0xaa 0x9d >> 0xb0 0x16 0x91 0x8a 0x39 0xfe 0x79 0x9a >> 0xf3 0x46 0xbb 0xc9 0x49 0x23 0x9d 0x37 >> 0xa5 0x13 0xe6 0x2f 0x9e 0xe3 0x94 0xfb >> 0x31 0xd9 0x8d 0x80 0x79 0x7d 0xbe 0xdf >> 0x1e 0xf4 0x88 0x6c 0x45 0xc6 0x3e 0xbf >> 0x4c 0x93 0x58 0xe9 0x5c 0x7a 0x63 0xd5 >> 0x9e 0xb1 0x23 0xf0 0x43 0x50 0x23 0x0d >> 0xe8 0xc6 0x9f 0x40 0x79 0x3e 0x5a 0x15 >> 0xf0 0x4a 0x1a 0x68 0xc5 0xdb 0xb1 0x69 >> 0x9b 0x5d 0x5c 0x6c 0x12 0x1b 0xaa 0x24 >> 0x36 0x15 0x11 0x45 0x12 0xe5 0x37 0x85 >> 0xa4 0xa8 0x59 0xeb 0x2b 0x2c 0xc4 0x14 >> 0xa4 0x70 0x11 0x72 0x51 0x02 0x03 0x01 >> 0x00 0x01 >> >> What type encoding is 0x30? I was expecting to see 0x10 (the type value > for SEQUENCE). > ASN.1 encodes objects as TLV (tag, length, value). > Tag is constructed with class, type, object value. > If object value is less then 31 all this information is encoded > in one byte (class - 2bits, type - 1bit, object value - 5bits). > Because ASN.1 SEQUENCE has value of 0x10 (which is less then 31) > all this is encoded in one byte as: > > ASN_CLASS_UNIVERSAL | ASN_TYPE_CONSTRUCTED | ASN_OBJECT_SEQUENCE > > where: > ASN_CLASS_UNIVERSAL = 0x00 > ASN_TYPE_CONSTRUCTED = 0x20 > ASN_OBJECT_SEQUENCE = 0x10 > > which gives you 0x30 > > Best regards, > -- > Marek Marcola > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] _________________________________________________________________ Ladda ner hela Windows Live gratis och upptäck fördelarna! http://get.live.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
