On Thu, May 21, 2009 at 11:55 PM, loody <milo...@gmail.com> wrote: > Hi: > > thanks for your help. > By your explanation, in der form, the leading 00 seems like a padding byte. > ( Is there spec which says it must put 00 here?) > from my example, the number af:4f:8a:97:....14:f7 is negative, since > the high bit, 0xaf, is set. > appreciate your kind help, > miloody
Yes, there is a specification which states that you must put 00 there. It's called the "Distinguished Encoding Rules" of the "Abstract Syntax Notation One" (ASN.1). The DER can be found in the ITU document number X.690; the ASN.1 can be found in ITU document number X.680. These can be found for free on the http://www.itu.int/ website; I would also highly recommend http://www.oss.com/asn1/dubuisson.html ("ASN.1 - Communication Between Heterogeneous Systems") for probably far more information than you could ever possibly want to know, in a way that doesn't involve tail recursion to figure out what the spec means. DER was developed so that there is only one possible way to encode any given stream of data, so that there could be no ambiguity in digital signatures over a given structure. (LDAP schema are written in ASN.1, so it's not simply related to X.509 -- however, it is mostly related to the X series of ITU documents. LDAP was created as a 'lightweight' way to access X.500 directories.) -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
