>Hi all,
>can me someone explain, how is encoded e.g. OCTET_STRING whit UNKNOWN length
>into DER code? Especially if data in octed_string contain 0x00 0x00.
>
You cannot encode an OCTET STRING with unknown length in DER. You must use
the definite length forms.
In BER you can encode an OCTET STRING using the indefinite length form as
follows:
0x24 -- (Tag value for a constructed OCTET STRING from memory)
0x80 -- Indefinite length
Then one or more encoded OCTET STRINGs containing the components of the value,
these may be primitve or constructed.
Lastly, the end-of-contents Octets 0x00 0x00. Note that you can think of
the end-of-contents octets as a new tag and length. The OCTET STRING is
then formed by the concatenation of all the other encoded values. Having
0x00 0x00 in the data part of the OCTET STRING doesn't matter as this
sequence is only significant when you are attempting to decode the next
tag.
Hope this helps.
--
Dean Povey, | e-m: [EMAIL PROTECTED] | JCSI: Java Crypto Toolkit
Research Scientist | ph: +61 7 3864 5120 | uPKI: C PKI toolkit for embedded
Security Unit, DSTC | fax: +61 7 3864 1282 | systems
Brisbane, Australia | www: security.dstc.com |
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
