> To do that properly you do need to at least parse some of the > ASN1 data. There > is some header information at the start which contains the > SEQUENCE tag+length > bytes. > > The actual bit you will hash is in the middle of the data. One SEQUENCE > header is deleted from the start and some data from the ends. If > you parse a > few tag+length bytes you can work out how much to hash and the position > and length of the signature. > > If you use the asn1parse tool from OpenSSL it will give you lots of useful > info.
This page is helpful as well: http://en.wikipedia.org/wiki/X.509 Under "Structure of a certificate", it shows that a certificate consists of an inner certificate (sometimes called the TBS certificate), followed by the certificate signature algorithm and the signature itself. The signature is on the hash of the data in the inner certificate object (not include its type and length bytes). DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
