[x500standard] Re: [pkix] DER encoding of certificates
- From: Peter Rybar <peterryb@xxxxxxxxx>
- To: Erik Andersen <era@xxxxxxx>
- Date: Wed, 6 Jul 2011 08:52:04 +0200
Erik,
detail information is in ITU-T X.509
http://www.itu.int/rec/T-REC-X.509-200508-I
RFC 5280 is only a profile for Internet on-line services like TSL/SSL, ...
ITU-T Rec. X.509 (08/2005)
6.1 Digital signatures
The value of the bit string is generated by taking the octets which form the
complete encoding (using the ASN.1 Basic Encoding Rules – ITU-T Rec. X.690
(2002) | ISO/IEC 8825-1:2002) of the value of the ToBeEnciphered type and
applying an encipherment procedure to those octets.
New certificates for any test or use you can generate in "Utility" tab, "New
Key" button.
http://lockitin.webnode.sk/products/produkt-1/
Peter Rybar
National Security Authority
Information Security and Electronic Signature Department
Budatinska 30, 850 07 Bratislava 57, Slovak Republic
tel.: +421 2 6869 2163
mob.: +421 902 891 155
fax: +421 2 6869 1701
e-mail: peter.rybar@xxxxxxxx
e-mail: peterryb@xxxxxxxxx
2011/7/6 Erik Andersen <era@xxxxxxx>
> Hi folks,
>
>
>
> In contrast to RFC 5280, X.509 does not require DER encoding. It only
> requires that the signature is generated across a DER encoded certificate,
> but the itself certificate may be encoded using BER.
>
>
>
> Should we add a sentence somewhere in X.509 and possibly in RFC 5280
> specifying that when verifying a signature a relying party shall decode and
> then encode the certificate in DER to verifying the signature?
>
>
>
> Erik Andersen
>
> Andersen's L-Service
>
> Elsevej 48,
>
> DK-3500 Vaerloese
>
> Denmark
>
> Mobile: +45 2097 1490
>
> e-amail: era@xxxxxxx
>
> Skype: andersen-erik
>
> http://www.x500.eu/
>
> http://www.x500standard.com/
>
> http://dk.linkedin.com/in/andersenerik
>
>
>
> _______________________________________________
> pkix mailing list
> pkix@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/pkix
>
>
Other related posts:
