On Fri, May 09, 2008, Anthony Floyd wrote: > To generate the signature, has that first embedded SEQUENCE (the one > that contains the certificate data) been hashed entirely? Including the > tag and length fields? Or has some subset of that been hashed? I > assume that the SEQUENCE with the hash/encryption algorithm is omitted > and clearly the signature isn't included. Is there anything else > omitted?
Well the first embedded SEQUENCE is the tbsCertificate data. You need to hash all of that including the SEQUENCE tag+length bytes. >From the top you skip the first SEQUENCE tag+length and hash the second one. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
