On Mon, Mar 07, 2005, Peter Cope wrote: > > Steve > > > > Many thanks for this; I should have persevered with delving into the > relevant RFC’s and checking the ASN.1 was valid and well formed. So I’m > assuming Outlook is “tolerant” (to some extent) of ‘badly formed’ ASN.1 > whereas openssl adheres to the standards (which is how it should be). One > other observation (I’m much more familiar with BER than DER, having had the > pleasure and honour of working alongside Professors Chadwick [Mr X500] and > Larmouth [Mr ASN1] in the 1980’s); openssl uses ‘unspecified length > strings’ in the encoding, whereas the (errant) ASN.1 I posted uses > ‘absolute length strings’, the question is (having not read the ISO > standard for DER .. too expensive to buy) is this the only variable thing in > the DER encoding? … because I thought DER, unlike BER, did a 1:1 encoding > so you could use the diff command (et al) to compare two independent > encodings of the same thing. Just wondering, enquiring minds etc ;-) > >
OpenSSL uses DER for just about everything when encoding ASN1 whereas the decoder will tolerate DER or BER. There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but that's only at an early stage and no one's really been that interested in it at present. I'm not sure what Outlook is doing with that structure. Many ASN1 compilers would reject something like that. There isn't an IV either though it may be using all zeroes. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
