Pretty much just that. Is there any good guide to these?
I tried reading up on ASN.1 and DER... but got bogged down in some sort of weird abstract data structure syntax that looked a lot like the SNMP MIBs, which I also never fully understood. Someone recommended this to me, which is prolly where I'll start next: http://luca.ntop.org/Teaching/Appunti/asn1.html And with OpenSSL, I find that: 1) There's hardly any documentation, just a few bare manpages. 2) There's very few examples. Just today I was looking for some cookbook ways to, say, verify a signature in a PKCS#7 DER-encoded file and... very little. 3) There's a few books, but there doesn't seem to be any with good overarching structure. They tend to launch into a encyclopedic-like discussion of the functions. Reading them tends to be like reading Microsoft documentation - full of detail, with no conceptual framework in which to hang it. 4) It should have been written with an OOD, even if it wasn't implemented in a OOPL. 5) Error handling is very weird. Oh, and don't get me started on X.509. My hunch is that the OOP bindings to openssl (e.g. in python, ruby) would make it much simpler, but that they're likely to be poorly documented, or (worse) buggy. Buggy is worse because I'd just have to go back and learn OpenSSL again. Before I learn the hard way, anyone have any opinions? Every time I have to debug C OpenSSL code, I start seeing red. If we really want people to be cryptographers (and I think we know we'll need more of them), we should have a gentler slope up into this stuff. It's not that it's hard; crypto is hard, I'm okay with that. My problem is that it's unrewarding. -- Good code works on most inputs; correct code works on all inputs. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email [email protected] to get blacklisted.
pgpcT7UxNtCI3.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
