> I understood what will be the encoding when we use explicit & implicit
> tagging. that is what you explained.
> But what i really want to know is - In which context we will use explict
> tagging & in which context we will use implicit tagging.
If one or the other is specified in a proto
I thank Steven & David for taking their time in explaining the concept
of tagging.
now with david's mail, i am almost near the point(thanks again, david)
if possible please point me to one practical situation(like x509 cert,
ocsp format...) where in this explicit vs implict tagging matters.
let
> By using explicit tagging the underlying object is encoded as it
> would be if
> standalone. Implict tagging avoids adding a wrapper around the object but
> results in the underlying object being slightly altered.
And it results in it being impossible to tell the type of the object
un
Hi Steven,
I understood what will be the encoding when we use explicit & implicit
tagging. that is what you explained.
But what i really want to know is - In which context we will use explict
tagging & in which context we will use implicit tagging.
- Sravan
Steven Reddie wrote:
By using exp
By using explicit tagging the underlying object is encoded as it would be if
standalone. Implict tagging avoids adding a wrapper around the object but
results in the underlying object being slightly altered.
As an example, the encoding of the certificate within MyStructExplicit will
be the same a
Hi Steven,
I would like to know point 2.
- Sravan
Steven Reddie wrote:
I'm sure someone will jump in if they see a mismatch in your question and my
answer. In the meantime let's break it down. Are you:
1. Looking at some existing data model expressed in ASN.1 (such as X.509 or
OCSP) and are
I'm sure someone will jump in if they see a mismatch in your question and my
answer. In the meantime let's break it down. Are you:
1. Looking at some existing data model expressed in ASN.1 (such as X.509 or
OCSP) and are curious about when you need to worry about explicit vs
implicit?
2. Curious
Hi Steven,
I am sorry to say that I couldn't get what you have explained in your
mail. I don't say that it is a problem in your explaination but I can't
understand this(may be a problem in my comprehension). Any one out there
who can explain this plz help us out...
- Sravan
Steven Reddie wro
I meant to say that I don't know of any specific reason other than not
changing the underlying type. I imagine that not changing the underlying
type can be important/helpful in some situations. An example being an
encoded certificate as a member of some other structure. In order to "hand"
the ce
When working with encodings of an existing data model then the use of
implicit vs explicit comes down to what the designers specified. ie. for
interoperability you can't work against the specification.
When designing a data model with ASN.1 I don't know of any specific reason
for using one over t
Hi Steven and others,
i have a doubt regd these tags in ASN1:
when do we use implicit tags & when do we use explicit tags?
i have read the 'layman's guide to a subset of ASN.1, BER & DER' but it
seems i didn't get the exact difference b/n the two types of tags - in
the sense of exact context in
I should clarify that tags aren't blindly used to identify members of
structured types, only when there would otherwise be ambiguity such as with
optional members in a SEQUENCE, or in a CHOICE.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steven Reddie
Do a search for a document titled "A Layman's Guide to a Subset of ASN.1,
BER, and DER". The tags in this case, and generally, are used to identify
the components in the structure. Since the last two members are optional it
is necessary to encode the structure so that it is possible to tell which
C Wegrzyn wrote:
> BTW, this is a programming issue so using a command line function isn't
> useful. I have an X509 certificate and a pointer to a data buffer. Using
> the X509 cert and given a pre-determined block-chaining cipher (from the
> Openssl collection) I need to encrypt and decrypt the c
[EMAIL PROTECTED] wrote:
> Hello Goetz,
>
> your hint to bother about apps/dgst.c at first was great.
> It took me two days but now im able to create a PEM-message
> for a Certificate-Request which works.
> My next problem is to create a complete PEM-message
> as shown below :
I fear creating a c
I have a problem that I am working on. I am certain there must be a
simple way to do it but I haven't yet discovered it in the docs yet. I
am hoping someone can point me in the correct direction.
BTW, this is a programming issue so using a command line function isn't
useful. I have an X509 certifi
Hi,
I need help with importing a server SSL certificate to my linux cert
store using OpenSSL. The installed version is 'OpenSSL 0.9.6j'.
I'm able to create a certificate using the 'CA.pl' utility, but I
need help with import an existing server certificate (myserver.com).
(FYI : I'm te
Hello Goetz,
your hint to bother about apps/dgst.c at first was great.
It took me two days but now im able to create a PEM-message
for a Certificate-Request which works.
My next problem is to create a complete PEM-message
as shown below :
-BEGIN PRIVACY-ENHANCED MESSAGE-
Proc-Type: 4,ENCRY
ah, okay. thank you!
now i know what's the number for! :)
Steven Reddie schrieb:
That's the [2] in:
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQ
Hello,
I get this error with openssl when I request a client
certificate verification.
# openssl s_server .
.
.
verify error:num=26:unsupported certificate purpose
verify return:1
.
.
the purposes for the CA file are:
# openssl x509 -in fadesa-cacert.pem -noout -purpose
Certificate purpo
That's the [2] in:
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
well, i do not see the CONTEXT SPECIFIC part in the spec!!!
Sascha.
Dr. Stephen Henson schrieb:
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
no, that's misunderstanding (well, my english is not that great);
here is the complete ocsp request generated by openssl (i'm not sure
about the vers
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
> no, that's misunderstanding (well, my english is not that great);
> here is the complete ocsp request generated by openssl (i'm not sure
> about the version; i'm at work and tried it at home):
>
> Offset| Len |LenByte|
> ==+==+===+===
On Wed, 31 Aug 2005 22:53:51 +0200
Nils Larsch <[EMAIL PROTECTED]> wrote:
> Steffen Pankratz wrote:
> > On Tue, 30 Aug 2005 23:53:37 +0200
> > Nils Larsch <[EMAIL PROTECTED]> wrote:
> >
> >
> >>Steffen Pankratz wrote:
> >>...
> >>
> well, if openssl is build without DES support the DES nids
no, that's misunderstanding (well, my english is not that great);
here is the complete ocsp request generated by openssl (i'm not sure
about the version; i'm at work and tried it at home):
Offset| Len |LenByte|
==+==+===+=
On Wed, Sep 07, 2005, Sascha Kiefer wrote:
> Hi list,
>
> openssl makes - for example: OCSP request with nonce - the
> requestExtensions a "context specific" integer.
> Why does it do this? I mean, it works, but is it mandatory?
>
>
Which version of OpenSSL are you using? Some of the older ve
Hi list,
openssl makes - for example: OCSP request with nonce - the
requestExtensions a "context specific" integer.
Why does it do this? I mean, it works, but is it mandatory?
Here the openssl output.
Offset| Len |LenByte|
==+==+===+===
Well, it seems that efence stands for Electric Fence Malloc
Debugger by Bruce Perens.
The problem was that I searched for the deb package efence,
not for electric-fence. (Sometimes I feel stupid...)
Now everythiing seems OK. I suppose it's not a bad idea to
put a note in the INSTALL file that fo
Stefan Vatev wrote:
I'm struggling in compiling the openssl with the debug
option. As it's written in the INSTALL file I type in
./config -d
The last line of the output is : "Configured for
debug-linux-elf", so I think it's configured well.
The error i get when I try to make it is :
"/usr/bin/ld:
I'm struggling in compiling the openssl with the debug
option. As it's written in the INSTALL file I type in
./config -d
The last line of the output is : "Configured for
debug-linux-elf", so I think it's configured well.
The error i get when I try to make it is :
"/usr/bin/ld: cannot find -lefence
30 matches
Mail list logo
