On Fri, May 22, 2009 at 4:42 AM, Peter SYLVESTER <peter.sylves...@edelweb.fr> wrote: > Selon Kyle Hamilton <aerow...@gmail.com>: > >> On Thu, May 21, 2009 at 11:55 PM, loody <milo...@gmail.com> wrote: >> > Hi: >> > >> > thanks for your help. >> > By your explanation, in der form, the leading 00 seems like a padding byte. >> > ( Is there spec which says it must put 00 here?) >> > from my example, the number af:4f:8a:97:....14:f7 is negative, since >> > the high bit, 0xaf, is set. >> > appreciate your kind help, >> > miloody >> >> Yes, there is a specification which states that you must put 00 there. >> It's called the "Distinguished Encoding Rules" of the "Abstract >> Syntax Notation One" (ASN.1). The DER can be found in the ITU >> document number X.690; the ASN.1 can be found in ITU document number >> X.680. > > This is specified in BER, not in DER: X.690 8.3.
DER is a specialized, more-restricted encoding of BER. If BER does it, DER *may* do it; if DER does it, BER *must* do it. Any BER decoder will decode DER. DER-specific decoders will see certain BER constructs and flag them as invalid. Since DER builds on the BER (Basic Encoding Rules), since certificates are always DER, and since it's the same document that defines both BER and DER (X.690), I figured a tiny bit of sophistry wouldn't hurt. You're technically correct, but it confuses the issue for a beginner. -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
