--- Craig Gleadall <[EMAIL PROTECTED]> a écrit : > Hello, > I am trying to get my CA to issue a user > certificate with the > privateKeyUsagePeriod extention (2.5.29.16). This > extension includes a > notBefore and notAfter GeneralizedTime attribute. I > saw in the > openssl.cnf file that I can specify attributes with > DER encoded data. I > tried this for 2.5.29.16 in my x509_extentions > section but it got > encoded into the certificate as an OCTET STRING. > > In the new_oids section I added: > privateKeyUsagePeriod=2.5.29.16 > > In the section referenced as the x509_extentions > from the 'CA' section > I have: > keyUsage = critical,digitalSignature:true > 2.5.29.16 = > DER:30:1E:17:0D:30:34:31:30:32:32:30:39:34:32:30:31:5A:17:0D:30:35:30:31:32:32:30:39:34:32:30:31:5A > > As you can see this is the exact data that I would > have expected to see > in the certificate for the 2.5.29.16 extention, but > in the cert just > after the DER encoded OID is > 04:20:30:1E....5A
for the 04 is a tag wich determine the type used as an Octet string, and the 20 i think , as i know it's a mask "DER constructed" or "DER-encoding-Mask", but really i don't see how to hide these tags , may be the output of the der encode , you have to neglect them . good luck . Abdou, Vous manquez d’espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]