Thanks for the hint. I found out that i looked at the right signature value. The only difference is that my signature starts with '00'H (it always does). Looking at the actually OCSP binary response shows me that this '00'H is really part of the data but it is somehow skipped by the openssl implemenation. My question now is: why is the '00'H part of the asn.1 stream but not used at all?
Openssl signature value: 0000: 0d 68 18 d4 8a 35 b0 a4 - 40 79 af c3 a1 93 6f ea [EMAIL PROTECTED] 0010: 2a 91 51 e4 f6 07 6c a2 - 8e 52 5d 07 87 77 0e 2c *æQõ÷.lóÄR].çw., 0020: bb 26 4e 07 e1 46 c5 fc - ad 56 ad b2 6a b4 12 fe ╗&N.ßF┼³¡V¡▓j┤.■ 0030: c4 0d 89 3f 83 32 6f 5e - 05 eb 10 0b 21 4a ba 56 ─.ë?â2o^.Ù..!J║V 0040: f8 53 0a 13 0d e3 57 87 - 0f e0 80 d3 a7 f9 a2 78 °S...ÒWç.ÓÇ˺¨óx 0050: bd 40 dc 4e 95 e3 ca 0a - 4c 02 08 c0 de 5f b9 72 [EMAIL PROTECTED] 0060: 4e b7 16 7f 10 76 89 0f - ee 59 6c 5c 48 4a cb cb NÀ.⌂.vë.¯Yl\HJ╦╦ 0070: 5e e7 f6 82 8d b5 e0 97 - 8b 80 38 5c c7 81 a5 e5 ^þ÷éìÁÓùïÇ8\ÃüÑÕ My signature value: 0000: 00 0d 68 18 d4 8a 35 b0 - a4 40 79 af c3 a1 93 6f [EMAIL PROTECTED] 0010: ea 2a 91 51 e4 f6 07 6c - a2 8e 52 5d 07 87 77 0e Û*æQõ÷.lóÄR].çw. 0020: 2c bb 26 4e 07 e1 46 c5 - fc ad 56 ad b2 6a b4 12 ,╗&N.ßF┼³¡V¡▓j┤. 0030: fe c4 0d 89 3f 83 32 6f - 5e 05 eb 10 0b 21 4a ba ■─.ë?â2o^.Ù..!J║ 0040: 56 f8 53 0a 13 0d e3 57 - 87 0f e0 80 d3 a7 f9 a2 V°S...ÒWç.ÓÇ˺¨ó 0050: 78 bd 40 dc 4e 95 e3 ca - 0a 4c 02 08 c0 de 5f b9 [EMAIL PROTECTED] 0060: 72 4e b7 16 7f 10 76 89 - 0f ee 59 6c 5c 48 4a cb rNÀ.⌂.vë.¯Yl\HJ╦ 0070: cb 5e e7 f6 82 8d b5 e0 - 97 8b 80 38 5c c7 81 a5 ╦^þ÷éìÁÓùïÇ8\ÃüÑ 0080: e5 - Õ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson > Sent: Freitag, 27. April 2007 20:36 > To: [email protected] > Subject: Re: OCSP Response Signature > > On Fri, Apr 27, 2007, Sascha Kiefer wrote: > > > Thanks for your response. > > Please see the other mail i wrote in response. > > The one that has the complete ocsp response dump. > > > > You should be able to use the OpenSSL ocsp utility to test > that stuff, including (with a debugger or printf) the > expected hash value of the response. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see > homepage OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
