decoder <deco...@own-hero.net> writes: [...]
> Now the problem is that I am almost hitting the maximum size of the > certificate (the practical limit seems to be around 15-16 kb) and I'd > like to know if hex encoding is really necessary or if I can simply > include the data directly without violating any standards (as the hex > encoding bloats the data by a factor of ~3). Hex encoding surely ought to increase the size by a factor of exactly 2? (Plus a few bytes for the tag and length.) An extension has an OID, a criticality flag, and a value. The value is an OCTET STRING containing the DER encoding of some ASN.1 type (defined by the extension). For a private extension you can stick any type in there you choose. An obvious choice for a binary blob is OCTET STRING. (It's probably not safe to stick any binary blob directly in the extnValue OCTET STRING, since processors (like OpenSSL) probably assume they can decode the value as DER even if they can't do much with it.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
