On 2012-04-03 12:05 +0200 (Tue), Erwann Abalea wrote: > In this private key, exponent1, exponent2 and coefficient are > encoded with different lengths because they *are* of different > lengths. Is there anything somewhere preventing these numbers to be > of different lengths? > ... > 8.3 Encoding of an integer value
Just to be clear, the integers themselves are of different lengths by their nature; what we're talking about (as is clear from context of the full post) is that we're talking about the ASN.1 encoding of the integers. > Where in this text is said that a sequence of integers must be > encoded with the same length? In fact, if one can be encoded in a shorter form than the other, it MUST be encoded in that shorter format. This is because certificates use DER, not BER, and DER says that. Using DER ensures that two different machines producing an encoding of a particular certificate will produce the same encoded output. (This might not be the case for BER.) This is necessary because two different encodings of the same certificate data would have different signatures. (This is my understanding of what's going on, anyway; anybody should feel free to jump in and correct me if I've gone wrong somewhere.) cjs -- Curt Sampson <c...@cynic.net> +81 90 7737 2974 Measuring programming progress by lines of code is like measuring aircraft building progress by weight. --Bill Gates ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
