Re: OCSP Response Signature

Fri, 27 Apr 2007 01:27:05 -0700

What do you mean it's not ASN.1? Raw bytes with no tag? Then what's the 1st byte? 

Max


Sascha Kiefer wrote:

Hello,

This is not directly related to OpenSSL, but more to OCSP in general.
I wrote my own ASN.1 Parser and doing my own crypthography using MS
CryptAPI.

I wrote my own OCSP client. Everything works fine.
The only part i can not figure out, is the ocsp response signature part.
I guess, i do not have a problem with ASN.1 or the MSCAPI, but of the way
the
Signature is encoded.

Here, the sample output of my program:

eCrypt: OCSP Response Summary:
eCrypt: ----------------------

eCrypt: Response Version:     1
eCrypt: Response Status:      Successful (0)
eCrypt: Response Type:        BasicResponse (1.3.6.1.5.5.7.48.1.1)
eCrypt: Responder Id: eCrypt: Response Produced At: Donnerstag, 26. April 2007 21:05:42 
eCrypt: # Of Responses:       1

eCrypt: Response #:           1
eCrypt: Hash Algorithm:       1.3.14.3.2.26
eCrypt: Issuer Name Hash      03B4FCFFD21C3177B7291FBB5277900E90C9D72B
eCrypt: Issuer Key Hash       CEFE469D632F89FDF2381625D8F16CDE47F8CEC1
eCrypt: Serialnumber:         04E8
eCrypt: Cert Status :         good (0)
eCrypt: This Update:          Donnerstag, 26. April 2007 21:00:23
eCrypt: Next Update:          Montag, 30. April 2007 01:30:23
eCrypt: eCrypt: Signature Algorithm: 1.2.840.113549.1.1.5 
eCrypt: Signature Value:
0023D13F7E0CB0336CA8B459C230591795B8FC88740AEE7F08FE128E8B7D335DF63BDDDE9E01
31D7F577B382E90A805040069E557739AFB6C4BFDD69B102CEBE89A4B863FBA425E9805A9397
4C8F5622E278822C6F4B31F52A67E33C458E6DC96CAB3030B1BE8975BB1299524BF451C30B32
6FBF5AAD2DBACC4413B33BA6590340
eCrypt: Signature Validated:  failed
eCrypt: # Of Certificates:    1

As you can see, the Signature Value is no longer ASN.1, is it?
Does the format of the Signature Value still make sense?

Thanks for any helps and hints?

Kind of regards,
Sascha Kiefer

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to