pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RFC 1114 Certificate Encoding

1992-03-17 16:11:00
from [Richard . Ankney] [Permanent Link] 

Concerning Appendix A.1 and Jeff Thompson's comments on it, I
don't find X.509 particularly ambiguous as to the syntax of a
(signed) certificate (the same can't be said for other portions of
the standard, though).  The SIGNED macro expands to
 
        SEQUENCE {
                ToBeSigned,             -- data being signed
                AlgorithmIdentifier,
                ENCRYPTED OCTET STRING }        -- signature
 
and ENCRYPTED expands to a BIT STRING.  The data being signed is
a SEQUENCE as shown in Appendix A.1 of RFC 1114.  So the SEQUENCE
shown above contains a SEQUENCE, algorithm ID, and BIT STRING. There
is no need to re-encode anything as an octet string.  The signed
certificate is a
 
        SEQUENCE {
                SEQUENCE { ... the certificate components ...},
                AlgorithmIdentifier,
                BIT STRING }            -- the signature
 
 
Regards,
Rich
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Mailing List, Elise A. Locker
Next by Date:  RFC 1114 Certificate Encoding, Burt Kaliski
Previous by Thread:  Cert signatures in 1114 draft, Jeff Thompson
Next by Thread:  RFC 1114 Certificate Encoding, Burt Kaliski
Indexes:  [Date] [Thread] [Top] [All Lists]