[Cryptography] Is ASN.1 still the thing?

Viktor Dukhovni cryptography at dukhovni.org
Thu Nov 16 01:25:20 EST 2017

> On Nov 15, 2017, at 9:15 PM, Carl Wallace <carl at redhoundsoftware.com> wrote:
> You do not have to decode and re-encode. You can parse enough to verify
> the signature then continue parsing the TBSCertificate structure. I tend
> to doubt many implementations re-encode because that will fail too often
> if you try that approach. I am curious, has anyone ever seen a certificate
> that was presented with a BER encoded TBSCertificate structure that
> required DER re-encoding to verify? I have not, but I have seen structures
> that will not verify if you re-encode.

I doubt that's at all common.  OpenSSL caches the "wire-form" of TBSCertificate,
and verifies that instead of re-encoding.  We don't hear too many complaints
(about that).


More information about the cryptography mailing list