Re: questions about ASN.1


yawnmoth wrote:
Say I'm trying to decode the following:

http://www.geocities.com/terra1024/paypal_cert_pem.txt

openssl asn1parse -inform PEM -in paypal_cert_pem.txt -i

:-)

I remove the ---- stuff from the start and end and do a base64 decode.
The first few bytes are as follows:

30:82:03:a1:30:82:03:0a:a0

My interpretation of that is this. There's a constructed SEQUENCE of
929 bytes containing a constructed SEQUENCE of 778 bytes. This second
constructed SEQUENCE contains a constructed Context-specific class.

Is this correct? If so, then is there such a thing as a primitive
sequence?

Yes, your decoding of the SEQUENCE headers sounds right. Not that I
know about the context specific stuff (though my use of ASN1 is
limited to crypto). There are also SEQUENCE OF, SET and SET OF types
to look at :-) (though the set is tag 0x11 not 0x10).

Also, how do I decode something with a Context-specific class?
<http://www.columbia.edu/~ariel/ssleay/layman.html> suggests that
Universal classes can be decoded in any number of ways. The tag is the
ultimate determiner of how something gets decoded. So what about
Context-specific classes?

Dunno off hand. Decoding is easy. Interpreting is harder :-)

Especially when there are DEFAULT and OPTIONAL components.

In the case of x509 it seems to include a set of sequences of the form

SEQUENCE {
ID OBJECT IDENTIFIER,
value TYPE, -- e.g. PRINTABLESTRING, T61STRING, UTCTIME
}

So you'd decode these and use the ID to figure out what the value means
(hint: think key-value pairings).

To be more accurate, the BER/DER encoding rules use "octet"
and not byte, an important distinction.

What is the distinction?

byte is not strictly eight bits. A byte is typically associated with a
"char" which can change in shape and size depending on the platform.

That said, thanks for the help, thus far, Tom St Denis and Jeff Jacoby!

NP.

I have a "ASN.1 Flexi" decoder in LibTomCrypt that can decode any ASN.1
structure that it can identify the tags from. The eventual goal was to
use it for 509 certs which can come in all shapes and sizes. Currently
I lack a few of the *String types required like UNICODE and T61String
(I've just recently added UTF8 to the CVS).

You may want to take a look at that for ideas. It's not perfect, but
imho a decent start. And given that it's public domain it's ripe for
the picking :-)

Tom

.

Relevant Pages

  • Re: PEP on path module for standard library
    ... >>> rather than a sequence of characters. ... >> for element in pathobject: ... ISTM a path is essentially a representation of a script whose interpretation ... One point from this is that a path string represents an ordered sequence of elements, but is heterogenous, ...
    (comp.lang.python)
  • Re: 100 Mbit manchester coded signal in FPGA
    ... If you had an algorithm that would decode the stream I gave you as the ... +-1/4 of a bit time to allow for distortion and jitter in the signal. ... and was an appropriate transition to start your process. ... the encoded sequence would be either 10100101 or ...
    (comp.arch.fpga)
  • Re: Cohens paper on byte order
    ... > 'perfect bit sequence FIPS'. ... the other interpretation, ... > sequence but as a sequence of pairs of hex digits clearly implies that it is ...
    (sci.crypt)
  • Re: 100 Mbit manchester coded signal in FPGA
    ... When you sample the incoming signal with a 3x clock or a 4x clock there ... There is more than one way to do a decode. ... The three bits would "slide" further by one bit if another sequence of 4 constant samples showed up, throwing away the extra bit and aligning a new bit trio for analysis. ...
    (comp.arch.fpga)
  • Re: 100 Mbit manchester coded signal in FPGA
    ... You may not notice but I did decode exactly what you show BUT I included the ... the encoded sequence would be either 10100101 or ... Without knowing the clock rate, Manchester encoding has pulses that are ... Time sampling does not produce ...
    (comp.arch.fpga)