By using explicit tagging the underlying object is encoded as it would be if
standalone. Implict tagging avoids adding a wrapper around the object but
results in the underlying object being slightly altered.
As an example, the encoding of the certificate within MyStructExplicit will
be the same as the encoding on MyCertificate (for the same certificate),
whereas the encoding of the certificate within MyStructImplicit will be
different due to the tag being modified.
MyCertificate ::= Certificate
MyStructExplicit ::= SEQUENCE {
certificate [0] EXPLICIT Certificate }
MyStructImplicit ::= SEQUENCE {
certificate [0] IMPLICIT Certificate }
Is that any clearer?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of sravan
Sent: Thursday, 8 September 2005 3:53 PM
To: openssl-users@openssl.org
Subject: Re: OCSP, Nonce and the requestExtensions
Hi Steven,
I would like to know point 2.
- Sravan
Steven Reddie wrote:
>I'm sure someone will jump in if they see a mismatch in your question
>and my answer. In the meantime let's break it down. Are you:
>1. Looking at some existing data model expressed in ASN.1 (such as
>X.509 or
>OCSP) and are curious about when you need to worry about explicit vs
>implicit?
>2. Curious about when to use explicit vs implicit when specifying a
>data model in ASN.1?
>3. Something else?
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of sravan
>Sent: Thursday, 8 September 2005 3:37 PM
>To: openssl-users@openssl.org
>Subject: Re: OCSP, Nonce and the requestExtensions
>
>Hi Steven,
>I am sorry to say that I couldn't get what you have explained in your mail.
>I don't say that it is a problem in your explaination but I can't
>understand this(may be a problem in my comprehension). Any one out
>there who can explain this plz help us out...
>
>- Sravan
>
>Steven Reddie wrote:
>
>
>
>>I meant to say that I don't know of any specific reason other than not
>>changing the underlying type. I imagine that not changing the
>>underlying type can be important/helpful in some situations. An
>>example being an encoded certificate as a member of some other structure.
>>
>>
>In order to "hand"
>
>
>>the certificate portion of the DER to an X.509 decoder an implicit tag
>>would have to changed to the universal tag expected of the certificate.
>>For verifying the signature it would also be necessary to "correct" an
>>implicit tag. Using an explicit tag instead means that the underlying
>>object is still a standalone certificate.
>>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie
>>Sent: Thursday, 8 September 2005 2:17 PM
>>To: openssl-users@openssl.org
>>Subject: RE: OCSP, Nonce and the requestExtensions
>>
>>When working with encodings of an existing data model then the use of
>>implicit vs explicit comes down to what the designers specified. ie.
>>for interoperability you can't work against the specification.
>>
>>When designing a data model with ASN.1 I don't know of any specific
>>reason for using one over the other. Explicit tags wrapper the
>>underlying object and as such add a little bloat but leave the
>>underlying encoded object unchanged. Implicit tags replace the
>>underlying tag in the encoding, avoiding the little bloat, but
>>altering the encoded representation of the underlying object.
>>
>>For example, the INTEGER zero is encoded in DER as 02 01 00. Applying
>>a context-specific tag of 2 results in:
>>Implicit: 82 01 00
>>Explicit: 82 03 02 01 00
>>
>>Regards,
>>
>>Steven
>>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] On Behalf Of sravan
>>Sent: Thursday, 8 September 2005 1:55 PM
>>To: openssl-users@openssl.org
>>Subject: Re: OCSP, Nonce and the requestExtensions
>>
>>Hi Steven and others,
>>i have a doubt regd these tags in ASN1:
>>when do we use implicit tags & when do we use explicit tags?
>>
>>i have read the 'layman's guide to a subset of ASN.1, BER & DER' but
>>it seems i didn't get the exact difference b/n the two types of tags -
>>in the sense of exact context in which each of these types of tags are
used.
>>
>>bye & thnx
>>- sravan
>>
>>
>>
>>
>
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager [EMAIL PROTECTED]
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager [EMAIL PROTECTED]
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
