Re: Question about x509

Fri, 22 May 2009 04:43:02 -0700 

Selon Kyle Hamilton <aerow...@gmail.com>:

> On Thu, May 21, 2009 at 11:55 PM, loody <milo...@gmail.com> wrote:
> > Hi:
> >
> > thanks for your help.
> > By your explanation, in der form, the leading 00 seems like a padding byte.
> > ( Is there spec which says it must put 00 here?)
> > from my example, the number af:4f:8a:97:....14:f7 is negative, since
> > the high bit, 0xaf, is set.
> > appreciate your kind help,
> > miloody
>
> Yes, there is a specification which states that you must put 00 there.
>  It's called the "Distinguished Encoding Rules" of the "Abstract
> Syntax Notation One" (ASN.1).  The DER can be found in the ITU
> document number X.690; the ASN.1 can be found in ITU document number
> X.680.

This is specified in BER, not in DER: X.690 8.3.

8.3 ENCODING OF AN INTEGER VALUE
8.3.1 The encoding of an integer value shall be primitive. The contents octets
shall consist of one or more octets.
8.3.2 If the contents octets of an integer value encoding consist of more than
one octet, then the bits of the first octet
and bit 8 of the second octet
a) shall not all be ones; and
b) shall not all be zero.
NOTE – These rules ensure that an integer value is always encoded in the
smallest possible number of octets.
8.3.3The contents octets shall be a two’s complement binary number equal to the
integer value, and consisting of
bits 8 to 1 of the first octet, followed by bits 8 to 1 of the second octet,
followed by bits 8 to 1 of each octet in turn up to
and including the last octet of the contents octets.
NOTE – The value of a two’s complement binary number is derived by numbering the
bits in the contents octets, starting
with bit 1 of the last octet as bit zero and ending the numbering with bit 8 of
the first octet. Each bit is assigned a numerical value
of 2N, where N is its position in the above numbering sequence. The value of the
two’s complement binary number is obtained by
summing the numerical values assigned to each bit for those bits which are set
to one, excluding bit 8 of the first octet, and then
reducing this value by the numerical value assigned to bit 8 of the first octet
if that bit is set to one.


> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
>


:—§I"Ï®ˆÞrØm¶ŸÿÃ
(¥éì²Z+K­+©¦Ší1¨¥ŠxŠËh¥éì²[¬z»(¥éì²Z+€­¢f­yÒâ²Ó¨®f£¢·hšŠ)z{,–Šà

Reply via email to