[Cryptography] Is ASN.1 still the thing?
Viktor Dukhovni
cryptography at dukhovni.org
Thu Nov 16 01:25:20 EST 2017
> On Nov 15, 2017, at 9:15 PM, Carl Wallace <carl at redhoundsoftware.com> wrote:
>
> You do not have to decode and re-encode. You can parse enough to verify
> the signature then continue parsing the TBSCertificate structure. I tend
> to doubt many implementations re-encode because that will fail too often
> if you try that approach. I am curious, has anyone ever seen a certificate
> that was presented with a BER encoded TBSCertificate structure that
> required DER re-encoding to verify? I have not, but I have seen structures
> that will not verify if you re-encode.
I doubt that's at all common. OpenSSL caches the "wire-form" of TBSCertificate,
and verifies that instead of re-encoding. We don't hear too many complaints
(about that).
--
Viktor.
More information about the cryptography
mailing list