I tried to ask this question to the list before, but seemingly the attachment blocked itīs way. So the attachment is included as base64-block.
Requesting information on signtrust (german, Deutsche Post AG) generated smartcard certificates leads to a download of a "signed response".
Examining the respose shows that it is much like an ocsp response (binary example appended in base64) though feeding it into openssl with command
openssl ocsp -respin QNcLp5XvEIcAAGyqehE.rsp -noverify -text
leads to the following output:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Error parsing response
10240:error:0D084078:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:explicit tag not
constructed:tasn_dec.c:444:
10240:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:272:Field=value.byName, Type=OCSP_RESPID
10240:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:566:Field=responderId, Type=OCSP_RESPDATA
10240:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
error:tasn_dec.c:566:Field=tbsResponseData, Type=OCSP_BASICRESP
10240:error:0D08806E:asn1 encoding routines:ASN1_unpack_string:decode
error:asn_pack.c:189:
This output was generated by openssl--0.9.7-stable-SNAP-20040611 on linux 386.
Looking at the asn structure itself one notices that the ResponderId is coded as Tag 81: "Signtrust" (dunno how to interpret this) instead of the usual x509 representation.
RFC2560 tells:
ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }
but doesnīt specify Name itself.
So my question is: does the signtrust coding match the rfc rules? If it does can anybody give me a hint how to fix the asn1 paring so that it recognizes the coding?
Can anybody help?
The following base64-block is the file "QNcLp5XvEIcAAGyqehE.rsp" ---------------------------------------------------------------- MIIKUgoBAKCCCkswggpHBgkrBgEFBQcwAQEEggo4MIIKNDCCBOCgAwIBAIEJU2ln bnRydXN0GA8yMDA0MDYyMTE2MjQwOFowggS7MIIEtzA7MAkGBSsOAwIaBQAEFItW JvwPY4ThTS4mcFMwvOQ9xMzYBBRtK0+u34t5XGQlHqa1o1vj96ugbAICZemAABgP MjAwNDA2MjExNjI0MDhaoYIEYzCCBF8wLwYFKyQIAw0BAQAEIzAhMAkGBSsOAwIa BQAEFDduH3hof0U0cRxikcP6dXv0cqa7MB0GBSskCAMMAQEABBEYDzIwMDQwMTA1 MTYwMDM5WjCCBAsGBSskCAMKAQEABIID/TCCA/kwggNioAMCAQICAmXpMA0GCSqG SIb3DQEBBQUAMEsxCzAJBgNVBAYTAkRFMRIwEAYDVQQKFAlTaWdudHJ1c3QxKDAM BgcCggYBCgcUEwExMBgGA1UEAxQRQ0EgU0lHTlRSVVNUIDE6UE4wHhcNMDMxMjI5 MTIyODA5WhcNMDYxMjI5MTIyODA5WjBPMRQwEgYDVQQDDAtSYWluZXIgSGFuczEN MAsGA1UEBAwESGFuczEPMA0GA1UEKgwGUmFpbmVyMQswCQYDVQQGEwJERTEKMAgG A1UEBRMBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAisYU+cbff6z/iYjH oawIEDWwwN0n8HHvxIGicyK/SkF1mA4t7aYMaLXilqNsOKAhp2wIGmTqqUwGHj+j GvXEWGEwIRsq2xq7CeSyEX/2CY37/ERH74dpCJWV8of8i2wc+pq/Ja30gMv3YnjV jqUTDmAWjaO33VQzsQ2x8lxhEV8CAwEAAaOCAeYwggHiMIGcBgNVHSMEgZQwgZGA FBxnM2CF+dehdGbyHX5UhMLlxo1GoXOkcTBvMQswCQYDVQQGEwJERTE9MDsGA1UE ChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1 bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOggQAuzyu MB0GA1UdDgQWBBQdVlygrqLRpkRP1CWAHN2C6sxbSTAOBgNVHQ8BAf8EBAMCBkAw EgYDVR0gBAswCTAHBgUrJAgBATA0BgNVHRIELTArhilsZGFwOi8vbGRhcC5zaWdu dHJ1c3QuZGUvbz1TaWdudHJ1c3QsYz1kZTB1BgNVHR8EbjBsMGqgLaArhilsZGFw Oi8vbGRhcC5zaWdudHJ1c3QuZGUvbz1TaWdudHJ1c3QsYz1kZaI5pDcwNTESMBAG A1UEAxMJQ1JMR0VOOlBOMRIwEAYDVQQKEwlTaWdudHJ1c3QxCzAJBgNVBAYTAkRF MDcGCCsGAQUFBwIBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovL2d3LnNpZ250cnVz dC5kZS9PQ1NQMBgGCCsGAQUFBwIDBAwwCjAIBgYEAI5GAQEwDQYJKoZIhvcNAQEF BQADgYEAb97/67fkqJLGFsKGku1Krjd9e8n4+hFkGNuSlkPdk/hSDou+XAQyMnaN 2Q6Y/nIeVlciBXsPeoIytRSY8qAE0Y9oNnKo3jwr1DqN3S5IK4T0aJQMv4YTKxrH VLarPRK+WqYtxeD2wUwDNeiCo3YxTBGkXhJMQwhWGrM2n8pzNAwwDQYJKoZIhvcN AQEFBQADgYEAM7EhW15JUX1/dJhl4cdbv2ryIG8Kms/aVLP/dlJN95jyIFKStkqV Fx+sfVVXcHsO8m2DsEc0zQkjkkyb5ZG+Z6gf/sOf60JGSxtqWW+GOgihpBlGDfDg nIqp3E1fjMUvVE7dpNNRc6Zk7CBkUIJF476QTDEkNaE1JyTSZblsEpWgggS5MIIE tTCCAkUwggGxoAMCAQICBAC7PL0wCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUx PTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0EgMTpQ TjAiGA8yMDAxMDgyMDA4NTMyN1oYDzIwMDUwODIwMDg1MzI3WjBNMQswCQYDVQQG EwJERTESMBAGA1UEChQJU2lnbnRydXN0MSowDAYHAoIGAQoHFBMBMTAaBgNVBAMU E0RJUiBTSUdOVFJVU1QgMTY6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB AJ2VY2hImcHIJQf2cyj+5W8tavavDSlTuVMUADj5sKcGMj4x+IWBgrlgYsxMURYc iSPHP3U0fvpYVHPB6G5x4heF/krzMctXjasehkiF39fszOE2XN8CIKTb9HLdMN8J 2O1ZnFnArRrwsNb+flSjg9shlCA09iCNkKWtOZwVMtQJAgMBAAGjEjAQMA4GA1Ud DwEB/wQEAwIBAjAKBgYrJAMDAQIFAAOBgQARMIlAq8BfY6rynL8YVq2bTW4kP6Cw L/oLeK0llaMCxmhvN/uOLo3Fh7B9mCEnmfiJ0D20az4lj8hpGZkXXXoWMBqh5PJh og1v5vgFc3NqNxuRJGbv9kD7zEploRQzd6wDGc7L7a9f8O1jqfDRtAuObqaSFDjm h2EAsfLjtfyFPjCCAmgwggHUoAMCAQICAwyDqjAKBgYrJAMDAQIFADBvMQswCQYD VQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl a29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1 Ui1DQSAxOlBOMCIYDzIwMDAwMzIyMDg1NTUxWhgPMjAwNTAzMjIwODU1NTFaMG8x CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVy IFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNV BAMUCjVSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIoeQVMn HwaaioVPEQ7Gkr1eQLc1nl0EQqJS/Qh97dAyp4YygJSfInHBbSTb/nd24fG2/bId JmkUqOuO8T+4bB04yoExOMzOQWDX170k+/TrXDIAM65w4ho0CCFr/MW31dTKscXb WScoK8M0TG/YxggBqCRMpqMswDDRu7UnQVp1AgUAwAAAAaMSMBAwDgYDVR0PAQH/ BAQDAgEGMAoGBiskAwMBAgUAA4GBADmivIoVUgVHC9iHVQcWWGFCsDM+Zux986oT fFvcPomn1rnR+m/mmoZGxDRMM4Nwt7+YPJ83u7+7LGnEM3uueyx4z/nu5LFAyIHE uEdaVNnjdem40j/6hjxd64ayBB6CuZyVC5I5GWE7TYjr5kP/hu9E1w4tzrP08C5V kb7vu2Cz ---------------------------------------------------------------- Sorry, i had to code it this way to get it into the list.
Thanks in advance -- Christian Weber mailto:[EMAIL PROTECTED] Tel: 02361/91300 For information on InfoTech visit http://www.InfoTech.de/
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
