On Tue, Sep 20, 2005, [EMAIL PROTECTED] wrote: > > At a guess I'd say you are using an EXPLICIT tag when you > > need an IMPLICIT > > one. The top (working) example could be an IMPLICIT [6] > > SEQUENCE OF and the > > non working second one an EXPLICIT [6] SEQUENCE OF. However > > its not possible > > to say for sure. > > > > BTW if you want SubjectPublicKeyInfo the correct structure is > > X509_PUBKEY. > > Thanks Steve! That was the case, when I changed my EXPLICIT to > IMPLICIT everything works! I can't tell you how happy I am. > My enrollment works now. > > But this shows that I have no understanding of ASN1. ;) > > But I want to learn, what is then the difference between those two? > Can you point out some document or website where I can find the info? > >
Well if you have an EXPLICT FOO structure it places a tag round the structure itself. If you have an IMPLLICIT FOO it changes the tag of FOO. That's a bit of an overcimplification and may not help much if you don't know much about ASN1. Speaking personally I'm always very reluctant to use an ASN1 module for anything serious without examples of its use unless its very simple. Then I use the parser (d2i function) on the examples first before trying to generate anything. Then run the parser on the generated output. The reason for this is that the parser performs various sanity checks and will reject what it considers invalid data. It may be just my bad luck but it seems like half the time the cause is a minor typo in my module and the rest broken ASN1 used for the example! As for documentation on ASN1 in general, there was something called the "Layman's guide" on RSAs site which was a few pages of introduction. That's the first one I used may years ago... I don't know if its still available direct though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
