On Mon, Sep 22, 2003, BP wrote:
> Well, sorry, the RFC fragment was uncomplete, so my understanding.
>
> My only question is then :
> What stands OCTET STRING (16 bits long) for, when cont[0] really
> contains the encrypted bytes ?
>
> SEQUENCE
> OBJECT : pkcs7-data
> SEQUENCE
> OBJECT : aes-128-cbc
> OCTET STRING
> cont[0]
>
> RFC 3369 says:
> EncryptedContentInfo ::= SEQUENCE {
> contentType ContentType,
> contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
> encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
>
> EncryptedContent ::= OCTET STRING
>
The second SEQUENCE (containing aes-128-cbs and the OS) is the
contentEncryptionAlgorithm field. It obeys the standards for the
AlgorithmIdentifier for 128 bit AES in CBC mode. That is the OCTET STRING
(which should be 16 bytes not 16 bits) is the IV.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
