[Cryptography] Is ASN.1 still the thing?

Ben Laurie ben at links.org
Mon Nov 13 05:57:28 EST 2017

On 13 November 2017 at 03:11, James A. Donald <jamesd at echeque.com> wrote:
> Do JSON, Yaml, or protobuff allow representing data format in ways that give
> a unique and well defined checksum, that will not be affected by endianess
> or compiler options?

JSON is a terrible interchange format, as I've been discovering to my
cost with objecthash: https://github.com/benlaurie/objecthash - I
should not have used JSON as the example.

Most obvious problems: different capabilities in different languages,
can't represent ints over 2^53, no way to transmit raw bytes natively.

> Cryptographers specify data formats are in ASN.1 because that way you can
> get a unique hash or checksum of the data, regardless of which compiler you
> are using, and whether your machine is big endian or little endian.
> But these days everyone seems to be using JSON to represent data in transit,
> because that is the language of the web and of node.js, or YAML, which is
> JSON polished up to support more kinds of data and to actually be genuinely
> human readable, or protobuff, because people who write in C++ despise the
> horrible inefficiency of translating data to and from ascii representation.
> ASN.1 provides canonical format so that you can hash it or checksum it,
> ultra efficient binary format for C and C++ purists, and supposedly human
> readable format, though its human readable format is not particularly human
> readable.  You are a lot better off with YAML if, as in ini files, you want
> human readability.

This is precisely why I made objecthash: so you hash the parsed
object, not its serialisation. As a result, objecthash is
serialisation agnostic.

It turns out this raises problems of its own, the most obvious being
"what do you mean by an object?" - but still, it seems useful. I will
be working on a new version starting ... soon.

More information about the cryptography mailing list