Re: Problem with including DER extentions

Thu, 05 Aug 2004 08:23:10 -0700 

Abdou,
 The 04:20 is teh DER encoding for an OctetString that is 0x20 bytes long.  What I 
would have expected to happen was my Sequence to be place right after the DER encoded 
OID for 2.5.29.16, but allas it is deciding that the DER data that I am providing must 
 be an OctetString.
 The problem is when this certificate is imported to IE the extension shows up, but 
the data is interpreted as an OctetString and not two GeneratlizedTimes...

Craig.




El hallabi-Kettani Abderrahmane wrote:

--- Craig Gleadall <[EMAIL PROTECTED]> a écrit :

Hello,
I am trying to get my CA to issue a user
certificate with the privateKeyUsagePeriod extention (2.5.29.16). This
extension includes a notBefore and notAfter GeneralizedTime attribute. I
saw in the openssl.cnf file that I can specify attributes with
DER encoded data. I tried this for 2.5.29.16 in my x509_extentions
section but it got encoded into the certificate as an OCTET STRING.

 In the new_oids section I added:
privateKeyUsagePeriod=2.5.29.16

In the section referenced as the x509_extentions
from the 'CA' section I have:
keyUsage = critical,digitalSignature:true
2.5.29.16 =



DER:30:1E:17:0D:30:34:31:30:32:32:30:39:34:32:30:31:5A:17:0D:30:35:30:31:32:32:30:39:34:32:30:31:5A


As you can see this is the exact data that I would
have expected to see in the certificate for the 2.5.29.16 extention, but
in the cert just after the DER encoded OID is
04:20:30:1E....5A



for the 04 is a tag wich determine the type used as an
Octet string, and the 20 i think , as i know it's a
mask "DER constructed" or "DER-encoding-Mask", but
really i don't see how to hide these tags , may be the
output of the der encode , you have to neglect them .

good luck . 


Abdou,



Vous manquez d’espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/

Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer 
instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]





______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to