RE: [Asn1] Temporarily encrypt part of a ASN.1 module

Mon, 04 Dec 2006 07:56:39 -0800 

What I would like to do is to extract the payload from the PER encoded
PDU then encrypt it and replace the payload in the PDU with the
encrypted "payload".



But once you encrypt the payload, it is no longer a SEQUENCE. That is, the 
length and value fields of dataA and dataB are scrambled. Perhaps you 
would prefer either



a) encrypt dataA and dataB before inserting them into the payload 
SEQUENCE; or

b) not specifying payload as a SEQUENCE, but instead an OCTET STRING.


In the case of (b), you could encode the entire payload SEQUENCE, then 
insert it as an OCTET STRING into pdu.



This way of describing data with different views
requires something like a "C" UNION functionality. Is this available in
ASN.1?


Yes, it's called a CHOICE, but I don't see how it applies.


How is this normally treated in a ASN1 specification?

The padding is needed since I currently operate on the PER encoded data
when I replace the payload the size of it must fit with the block size
of encryption algorithm.



The encryption is outside of the ASN.1 definition. If you were to encrypt 
something, then it's encrypted, but only you know! By way of example, if 
I have


   Payload SEQUENCE {
              dataA   INTEGER,
              dataB   INTEGER
   }


where dataA is 15 and dataB is 91, I code (as I described in (a)) encode 
dataA and dataB separately. Let's say the algorithm requires 32 bits as 
input. I would feed the algorithm 15 right-adjusted in a 32-bit field and 
again 91 right-adjusted. Let's say the encrypted values are 410578725 and 
18826982128433. I would then take those two values and, simply treating 
them as integers, populate the Payload struct. Would this not work?


In ASN.1 it might be specified like this

   Payload ::= SEQUENCE {
       dataA INTEGER (CONSTRAINED BY { -- encryption -- }),
       dataB INTEGER (CONSTRAINED BY { -- encryption -- })
   }


which says that dataA and dataB are handled by a user-defined constraint. 
In the case of the OSS ASN.1 Tools, this is implemented with a user 
supplied function; other vendors might do it differently. If you are 
encoding it by hand, you can do it however you wish.



=====================================================================
Conrad Sigona                    Voice Mail     : 1-732-302-9669 x400
OSS Nokalva                      Fax            : 1-614-388-4156
[EMAIL PROTECTED]                   My direct line : 1-315-845-1773
_______________________________________________
Asn1 mailing list
[email protected]
http://lists.asn1.org/mailman/listinfo/asn1






















					Reply via email to