On Fri, Nov 14, 2003, Pierre De Boeck wrote:
> Hi all,
>
> I have 2 versions of a DER-encoded pkcs7-enveloped-data and I would
> like to know which one is correct:
>
> I have attached their printable parsed form and they only differ
> in one point, namely at the
> EnvelopedData.encryptedContentInfo.encryptedContent component:
>
> - the verExpl.txt encodes it as
> [0] {
> 368 04 1312: OCTET STRING
> : FE FE 9F 9C C5 C7 FC 28 FD B0 BA 4B 08 AF AD 3C
> : E3 05 A6 89 FF 8A 9A C7 48 FC CC 7B 98 31 DA 3D
> : F0 6A 82 6B 7A 47 32 53 F5 C6 F1 39 6B 77 C6 FE
> : 8E B0 01 F4 15 9C 51 4A 72 12 71 51 5C 10 BC D4
> : 9E F4 AD E5 B3 B1 B9 7F D5 26 BD E1 44 13 24 DD
> : 30 A1 32 63 2D 65 B6 71 64 09 52 32 0D FB 6A 65
> : 8F 71 86 72 C3 13 61 37 F4 EF E6 73 92 DB F5 7E
> : 23 79 82 64 C6 4A 7B 3F BD 3A F6 6B C9 EE A9 14
> : [ Another 1184 bytes skipped ]
> : }
>
> while the verImpl.txt encodes it as
> [0]
> : 19 83 FD 11 13 B8 20 3C ED C9 CB B7 3F 06 97 3B
> : 46 C7 03 09 FE 24 B8 7B 1D B7 DD F6 05 68 81 85
> : B4 21 70 95 6B AB A7 33 54 77 00 F5 D7 CC FC 5F
> : 18 47 7E 63 41 94 22 A9 C7 5C 56 09 89 49 BD C7
> : 67 D8 9B 48 82 B7 4B 64 F8 D9 11 F3 F8 AE 04 81
> : E7 C1 4F 37 F0 37 36 D0 A3 B1 A9 DB 67 09 C1 64
> : B6 E0 4B 2D 2A D6 47 2C 24 49 D5 7A 5E 4B 6F FF
> : 0E 6E 8B D8 8E 58 85 E9 76 41 02 7D A1 A3 D4 AD
> : [ Another 1192 bytes skipped ]
>
> If I check the grammar of that objetct ([0] IMPLICIT EncryptedContent
> OPTIONAL),
> it seems that it is the verImpl.txt that is correct since IMPLICIT tagging
> is used.
>
> Am I correct?
>
Well yes and no. If it was an IMPLICIT and EXPLICIT issue then yes it should
be IMPLICIT. However from your attachment:
> 366 A0 NDEF: [0] {
> 368 04 1312: OCTET STRING
> : FE FE 9F 9C C5 C7 FC 28 FD B0 BA 4B 08 AF AD 3C
> : E3 05 A6 89 FF 8A 9A C7 48 FC CC 7B 98 31 DA 3D
> : F0 6A 82 6B 7A 47 32 53 F5 C6 F1 39 6B 77 C6 FE
> : 8E B0 01 F4 15 9C 51 4A 72 12 71 51 5C 10 BC D4
> : 9E F4 AD E5 B3 B1 B9 7F D5 26 BD E1 44 13 24 DD
> : 30 A1 32 63 2D 65 B6 71 64 09 52 32 0D FB 6A 65
> : 8F 71 86 72 C3 13 61 37 F4 EF E6 73 92 DB F5 7E
> : 23 79 82 64 C6 4A 7B 3F BD 3A F6 6B C9 EE A9 14
> : [ Another 1184 bytes skipped ]
The first thing to notice here is that NDEF. This is therefore not DER but
BER: NDEF is not allowed in DER.
That might indeed be an explicitly tagged octet string with an indefinte length
construted outer tag enclosing a definite length octet string. That would be
wrong, however I'd say that isn't the case here.
What IMHO is much more likely is that it is an implicitly tagged indefinite
length *constructed* octet string which would be perfectly acceptable.
It isn't actually possible to distinguish between the two because they both
have the same encoding.
So the probable answer to you question is that if DER is not compulsory then
both are correct.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
