Hi All:
Here is a question for the ASN1 encoding gods :)
Given:
LogotypeExtn ::= SEQUENCE {
communityLogos [0] EXPLICIT SEQUENCE OF LogotypeInfo OPTIONAL,
issuerLogo [1] EXPLICIT LogotypeInfo OPTIONAL,
subjectLogo [2] EXPLICIT LogotypeInfo OPTIONAL,
otherLogos [3] EXPLICIT SEQUENCE OF OtherLogotypeInfo OPTIONAL }
LogotypeInfo ::= CHOICE {
direct [0] LogotypeData,
indirect [1] LogotypeReference }
LogotypeReference ::= SEQUENCE {
refStructHash SEQUENCE SIZE (1..MAX) OF HashAlgAndValue,
refStructURI SEQUENCE SIZE (1..MAX) OF IA5String }
-- Places to get the same "LTD" file
HashAlgAndValue ::= SEQUENCE {
hashAlg AlgorithmIdentifier,
hashValue OCTET STRING }
I believe that an indirect issuerLogo SHOULD be encoded in openssl.cnf as:
[extra_extensions]
1.3.6.1.5.5.7.1.12 = ASN1:SEQUENCE:logotype_ext
[logotype_ext]
issuerLogo=EXPLICIT:1,SEQUENCE:logotype_indirect
[logotype_indirect]
refStructHash=SEQUENCE:HashAlgAndValue
refStructURI=SEQWRAP,IA5STRING:http://some.valid.url.here
[HashAlgAndValue]
hashAlg=SEQUENCE:logo_algid
hashValue=FORMAT:HEX,OCTETSTRING:ebd6c473fe37a0f90f2c4c654bf4d4087ab45fc
[logo_algid]
capabilityID = OID:sha1
parameter = NULL
(and please ignore the fact that I've mangled the value of the sha1 sum)
Should the above actually encode the extension correctly, or is there something
additional that I need to do for the CHOICE. The other thing is to know is if
anyone knows whether, for implementation of 3709, if AlgorithmIdentifier
parameters really should be NULL, or omitted.
Thanks.
---
Patrick Patterson
Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
