Hi All: Here is a question for the ASN1 encoding gods :)
Given: LogotypeExtn ::= SEQUENCE { communityLogos [0] EXPLICIT SEQUENCE OF LogotypeInfo OPTIONAL, issuerLogo [1] EXPLICIT LogotypeInfo OPTIONAL, subjectLogo [2] EXPLICIT LogotypeInfo OPTIONAL, otherLogos [3] EXPLICIT SEQUENCE OF OtherLogotypeInfo OPTIONAL } LogotypeInfo ::= CHOICE { direct [0] LogotypeData, indirect [1] LogotypeReference } LogotypeReference ::= SEQUENCE { refStructHash SEQUENCE SIZE (1..MAX) OF HashAlgAndValue, refStructURI SEQUENCE SIZE (1..MAX) OF IA5String } -- Places to get the same "LTD" file HashAlgAndValue ::= SEQUENCE { hashAlg AlgorithmIdentifier, hashValue OCTET STRING } I believe that an indirect issuerLogo SHOULD be encoded in openssl.cnf as: [extra_extensions] 1.3.6.1.5.5.7.1.12 = ASN1:SEQUENCE:logotype_ext [logotype_ext] issuerLogo=EXPLICIT:1,SEQUENCE:logotype_indirect [logotype_indirect] refStructHash=SEQUENCE:HashAlgAndValue refStructURI=SEQWRAP,IA5STRING:http://some.valid.url.here [HashAlgAndValue] hashAlg=SEQUENCE:logo_algid hashValue=FORMAT:HEX,OCTETSTRING:ebd6c473fe37a0f90f2c4c654bf4d4087ab45fc [logo_algid] capabilityID = OID:sha1 parameter = NULL (and please ignore the fact that I've mangled the value of the sha1 sum) Should the above actually encode the extension correctly, or is there something additional that I need to do for the CHOICE. The other thing is to know is if anyone knows whether, for implementation of 3709, if AlgorithmIdentifier parameters really should be NULL, or omitted. Thanks. --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org