Hey there: On 2011-03-08, at 10:03 AM, ikuzar wrote: > my questions : > 1) What does DER format means ? is it equivalent to a string format ? > In the following function, we have a parameter named "out" : int > i2d_X509(X509 *x, unsigned char **out); this function convert X509 internal > data into DER format. Result is stored in "out" That's why I am wondering if > DER <=> string ... ?
DER is the "Distinguished Encoding Rules" - it is a binary format that is designed to be a concise and machine independent representation of the ASN.1 structure of whatever is encoded that way. It is MOST DEFINITELY NOT a string. > 2) is it possible to verify ( by hand ) certificate in string format ? I have no idea even what you are referring to... what does "convert to a string" mean - you need to validate/verify the certificate according to the rules outlined in IETF RFC5260, and that involves verifying the signature, and this involves dealing with the certificate in the same format it was signed in (which, I believe, is the binary DER encoding). > 3) what kind of data structure ( vector, etc..) is the best way to store > certificate with string format ? PEM of course. > 4) is a bad idea to handle everywhere certificates in string format ? > VERY, VERY bad... Have fun! --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
