Hello Dr. Henson,
Thank u very much for all the replies... Now Iam perfectly clear about what
I am doing. I have clearly understood the differences between the two
encodings....
Thank u very much once again...
Also thank u very much Mr. Greg for the nice pointer which explains the
encodings...
Regards
Suram
----- Original Message -----
From: Dr S N Henson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 05, 2001 10:11 PM
Subject: Re: Doubt regarding BER encode(specific question)
chandu wrote:
>
> Hello Dr. Henson,
> Sorry for troubling u again. But the fact is that Iam TOTALLY confused
>
> I understand the following from ur replies...
>
> 1. You say that DER is a special case of BER encoding.
> 2. X509_REQ_set_pubkey() will set the public key in X509_REQ structure in
> BER format.
>
> The information which I have is that the key type is RSA.
>
> Is that right.
>
> But the code of X509_REQ_set_pubkey() tells me that it will set the public
> key in DER format...
>
> Here Iam totally confused...
> I want the function to be set in BER format....
>
> Please forgive my ignorance and help me to understand better the
difference
> between the two formats when using the X509_REQ_set_pubkey().
>
> I understand that I should sign the request with the private key.
> The setting of the public key in BER format troubles me a lot...
>
OK let me expand a bit about the DER, BER business.
BER (basic encoding rules) defines some rules that specify how certain
structures are encoded. There are actually several ways under BER to
encode the same value.
DER (distinguished encoding rules) follows all the BER rules and has
some additional restrictions which mean there is only one way to encode
a given value.
In other words a DER encoding is a perfectly valid BER encoding.
So if you want something BER encoded then DER is perfectly OK.
Currently just about everything in OpenSSL uses DER encoding.
Now you mentioned you wanted to set the public key in a request. Well
thats just one part of creating a certificate request. What actually do
you want to do? Would some sample code showing how to create a PKCS#10
(which is what X509_REQ uses) certificate request help?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
