Justin Wienckowski wrote:
>
>
> However, the structure of Netscape's message is boggling me. The AuthenticatedSafe
>sequence doesn't seem to conform to the PKCS#12 spec, with a bazillion one-byte octet
>strings with some longer ones included. Obviously the key and certificate info is in
>here, but I'm having trouble seeing where. Any advice on how I need to parse these
>out to yield meaningful data?
>
It does indeed look a little bit odd but its a perfectly legitimate BER
encoding. Its using indefinite length constructed encoding which in this
case looks like this:
OCTET STRING (constructed, length=inf)
OCTET STRING (primitive, definite length = a)
OCTET STRING (primitive, definite length = b)
OCTET STRING (primitive, definite length = c)
OCTET STRING (primitive, definite length = d)
OCTET STRING (primitive, definite length = e)
etc.
EOC
BER actually allows you to do much worse than that and have nested
indefinite lengths inside (to arbitrary depth) but I've never come
across an example "in the field" of that. I contrived one though to test
the new ASN1 code.
Anyway to make sense of this mess you concatenate all the content octets
of definite length primitive octet strings to get the result.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
