On Fri, Nov 05, 2010, Martin Bolet wrote: > > A more general problem is that many signatures pretend to be DER-encoded but > they actually apply the wrong order in DER sets. Thus, computing the message > digest also fails because the set elements are put out in a different order > than the original one, although the set elements themselves are > DER-encoded... >
OpenSSL should handle this properly by default. It does this by computing the signature as though it were a SEQUENCE OF (with SET tag) which retains the original order. When it generates signatures itself it is encoded as a SET OF. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
