Well the what I'm trying to do is send as part of an application msg the senders certificate in the most efficient from a network perspective (i.e. DER right?) I can load from PEM a X509 structure. How would I then but that in a memory buffer to send via a socket? As I would like to read that back in on the other side right into a x509 structure is possible without having to write it to the HD and read it ack in.
Thanks, Frank Massimiliano Pala wrote: > Frank wrote: > > Ok, I got a few pieces meal answers (and no answers) here so I wanted to > > recap to make sure I have it all straight. > > > > Certificates - Even though you may wish to send the cert DER encoded > > over the network, it is advisable to create and work with it while PEM > > encoded, correct? Now all the examples I got from people have it > > converting it from a PKCS7 structure. That confuses me a little as > > PKCS7 is basically the mail/Smime standard right? I know it can hold a > > cert but is that the thing to do? Just covert it using something like > > the following (seems like I would have a lot of other PKCS7 junk, not > > just the cert)?: > > I guess you are confusing things a little bit. Let's start from the formats > (let's be brief): > > DER - Binary form > PEM - ASCII form of DER (Usually a B64 with Armours) > > PKCS#7 - Format used to transport a lot of things, usually for > signatures and needed pieces for its verification. > > Usually there is no preferred format because once loaded you actually use > its internal rappresentation of the certificate ... my suggestion: if you > have DER just use it and forget the PKCS7 - you don't need it to simply > manage a certificate. > > -- > > C'you, > > Massimiliano Pala > > --o------------------------------------------------------------------------- > Dr. Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] > Tel.: +39 (0)59 270 094 > http://www.openca.org Fax: +39 178 221 8225 > http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
