> > 00 20 : Illegal DER, leading 00 not needed > > 00 80 : Legal, leading 00 needed to make number positive > > FF 03 : Legal, leading FF needed to make number negative > > FF D0 : Illegal DER, FF not needed
> > Note that these are all legal BER and are all perfectly valid and > > meaningful integer encodings. DER, however, requires the > > minimum number of > > octets to be used. > As rightfully pointed out by Peter Sylvester, in this respect BER is > equivalent to DER as well. You are correct. For some reason, 8.3.2 prohibits using additional octets in an integer encoding even in BER. I'm really not sure why, but that's a fact. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]