[Cryptography] Is ASN.1 still the thing?
Florian Weimer
fw at deneb.enyo.de
Sat Nov 25 06:32:59 EST 2017
* Peter Gutmann:
> ASN.1 has a lot of design-by-committee junk in it (the date format, for
> example), but BER and DER are pretty clean.
What I find very hard, as someone who has never been formally trained
in the ASN.1 arts, is going from a specification like this:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
to the BER/DER encoding. The problem is this:
version [0] EXPLICIT Version DEFAULT v1,
which has a funny impact on the encoding, which turns out rather
irregular at this point. The reset is pretty boring TLV stuff and
easy to implement, but I never found a specification of what
*actually* happens here. If it's described in X.690 (07/2002), I
really don't see it.
More information about the cryptography
mailing list