Maybe i figured it out: The first byte of a bit string tells the number of unused bits in the last byte of the bit string, right?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sascha Kiefer > Sent: Dienstag, 1. Mai 2007 09:08 > To: [email protected] > Subject: RE: OCSP Response Signature > > Thanks for the hint. > I found out that i looked at the right signature value. > The only difference is that my signature starts with '00'H > (it always does). > Looking at the actually OCSP binary response shows me that > this '00'H is really part of the data but it is somehow > skipped by the openssl implemenation. > My question now is: why is the '00'H part of the asn.1 stream > but not used at all? > > Openssl signature value: > > 0000: 0d 68 18 d4 8a 35 b0 a4 - 40 79 af c3 a1 93 6f ea > [EMAIL PROTECTED] > 0010: 2a 91 51 e4 f6 07 6c a2 - 8e 52 5d 07 87 77 0e 2c > *æQõ÷.lóÄR].çw., > 0020: bb 26 4e 07 e1 46 c5 fc - ad 56 ad b2 6a b4 12 fe > +&N.ßF+³¡V¡¦j¦.¦ > 0030: c4 0d 89 3f 83 32 6f 5e - 05 eb 10 0b 21 4a ba 56 > -.ë?â2o^.Ù..!J¦V > 0040: f8 53 0a 13 0d e3 57 87 - 0f e0 80 d3 a7 f9 a2 78 > °S...ÒWç.ÓÇ˺¨óx > 0050: bd 40 dc 4e 95 e3 ca 0a - 4c 02 08 c0 de 5f b9 72 > [EMAIL PROTECTED] > 0060: 4e b7 16 7f 10 76 89 0f - ee 59 6c 5c 48 4a cb cb > NÀ.¦.vë.¯Yl\HJ-- > 0070: 5e e7 f6 82 8d b5 e0 97 - 8b 80 38 5c c7 81 a5 e5 > ^þ÷éìÁÓùïÇ8\ÃüÑÕ > > My signature value: > > 0000: 00 0d 68 18 d4 8a 35 b0 - a4 40 79 af c3 a1 93 6f > [EMAIL PROTECTED] > 0010: ea 2a 91 51 e4 f6 07 6c - a2 8e 52 5d 07 87 77 0e > Û*æQõ÷.lóÄR].çw. > 0020: 2c bb 26 4e 07 e1 46 c5 - fc ad 56 ad b2 6a b4 12 > ,+&N.ßF+³¡V¡¦j¦. > 0030: fe c4 0d 89 3f 83 32 6f - 5e 05 eb 10 0b 21 4a ba > ¦-.ë?â2o^.Ù..!J¦ > 0040: 56 f8 53 0a 13 0d e3 57 - 87 0f e0 80 d3 a7 f9 a2 > V°S...ÒWç.ÓÇ˺¨ó > 0050: 78 bd 40 dc 4e 95 e3 ca - 0a 4c 02 08 c0 de 5f b9 > [EMAIL PROTECTED] > 0060: 72 4e b7 16 7f 10 76 89 - 0f ee 59 6c 5c 48 4a cb > rNÀ.¦.vë.¯Yl\HJ- > 0070: cb 5e e7 f6 82 8d b5 e0 - 97 8b 80 38 5c c7 81 a5 > -^þ÷éìÁÓùïÇ8\ÃüÑ > 0080: e5 - Õ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Dr. > Stephen Henson > > Sent: Freitag, 27. April 2007 20:36 > > To: [email protected] > > Subject: Re: OCSP Response Signature > > > > On Fri, Apr 27, 2007, Sascha Kiefer wrote: > > > > > Thanks for your response. > > > Please see the other mail i wrote in response. > > > The one that has the complete ocsp response dump. > > > > > > > You should be able to use the OpenSSL ocsp utility to test > that stuff, > > including (with a debugger or printf) the expected hash > value of the > > response. > > > > Steve. > > -- > > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see > homepage OpenSSL > > project core developer and freelance consultant. > > Funding needed! Details on homepage. > > Homepage: http://www.drh-consultancy.demon.co.uk > > > ______________________________________________________________________ > > OpenSSL Project > http://www.openssl.org > > Development Mailing List > [email protected] > > Automated List Manager > [EMAIL PROTECTED] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
