Ok, I think that PKCS7 accepts both DER and BER. So I suppose that the verImpl.txt is perfectly legal. Right?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson > Sent: Friday, November 14, 2003 5:53 PM > To: [EMAIL PROTECTED] > Subject: Re: ASN1 implicit/explicit tagging > > > On Fri, Nov 14, 2003, Pierre De Boeck wrote: > > > Hi all, > > > > I have 2 versions of a DER-encoded pkcs7-enveloped-data and I would > > like to know which one is correct: > > > > I have attached their printable parsed form and they only differ > > in one point, namely at the > > EnvelopedData.encryptedContentInfo.encryptedContent component: > > > > - the verExpl.txt encodes it as > > [0] { > > 368 04 1312: OCTET STRING > > : FE FE 9F 9C C5 C7 FC 28 FD B0 BA 4B > 08 AF AD 3C > > : E3 05 A6 89 FF 8A 9A C7 48 FC CC 7B > 98 31 DA 3D > > : F0 6A 82 6B 7A 47 32 53 F5 C6 F1 39 > 6B 77 C6 FE > > : 8E B0 01 F4 15 9C 51 4A 72 12 71 51 > 5C 10 BC D4 > > : 9E F4 AD E5 B3 B1 B9 7F D5 26 BD E1 > 44 13 24 DD > > : 30 A1 32 63 2D 65 B6 71 64 09 52 32 > 0D FB 6A 65 > > : 8F 71 86 72 C3 13 61 37 F4 EF E6 73 > 92 DB F5 7E > > : 23 79 82 64 C6 4A 7B 3F BD 3A F6 6B > C9 EE A9 14 > > : [ Another 1184 bytes skipped ] > > : } > > > > while the verImpl.txt encodes it as > > [0] > > : 19 83 FD 11 13 B8 20 3C ED C9 CB B7 3F 06 97 3B > > : 46 C7 03 09 FE 24 B8 7B 1D B7 DD F6 05 68 81 85 > > : B4 21 70 95 6B AB A7 33 54 77 00 F5 D7 CC FC 5F > > : 18 47 7E 63 41 94 22 A9 C7 5C 56 09 89 49 BD C7 > > : 67 D8 9B 48 82 B7 4B 64 F8 D9 11 F3 F8 AE 04 81 > > : E7 C1 4F 37 F0 37 36 D0 A3 B1 A9 DB 67 09 C1 64 > > : B6 E0 4B 2D 2A D6 47 2C 24 49 D5 7A 5E 4B 6F FF > > : 0E 6E 8B D8 8E 58 85 E9 76 41 02 7D A1 A3 D4 AD > > : [ Another 1192 bytes skipped ] > > > > If I check the grammar of that objetct ([0] IMPLICIT EncryptedContent > > OPTIONAL), > > it seems that it is the verImpl.txt that is correct since > IMPLICIT tagging > > is used. > > > > Am I correct? > > > > Well yes and no. If it was an IMPLICIT and EXPLICIT issue then > yes it should > be IMPLICIT. However from your attachment: > > > > 366 A0 NDEF: [0] { > > 368 04 1312: OCTET STRING > > : FE FE 9F 9C C5 C7 FC 28 FD B0 BA 4B > 08 AF AD 3C > > : E3 05 A6 89 FF 8A 9A C7 48 FC CC 7B > 98 31 DA 3D > > : F0 6A 82 6B 7A 47 32 53 F5 C6 F1 39 > 6B 77 C6 FE > > : 8E B0 01 F4 15 9C 51 4A 72 12 71 51 > 5C 10 BC D4 > > : 9E F4 AD E5 B3 B1 B9 7F D5 26 BD E1 > 44 13 24 DD > > : 30 A1 32 63 2D 65 B6 71 64 09 52 32 > 0D FB 6A 65 > > : 8F 71 86 72 C3 13 61 37 F4 EF E6 73 > 92 DB F5 7E > > : 23 79 82 64 C6 4A 7B 3F BD 3A F6 6B > C9 EE A9 14 > > : [ Another 1184 bytes skipped ] > > The first thing to notice here is that NDEF. This is therefore not DER but > BER: NDEF is not allowed in DER. > > That might indeed be an explicitly tagged octet string with an > indefinte length > construted outer tag enclosing a definite length octet string. > That would be > wrong, however I'd say that isn't the case here. > > What IMHO is much more likely is that it is an implicitly tagged > indefinite > length *constructed* octet string which would be perfectly acceptable. > > It isn't actually possible to distinguish between the two because > they both > have the same encoding. > > So the probable answer to you question is that if DER is not > compulsory then > both are correct. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
