Re: Leading Zeros in ASN1_INTEGER?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Jan 28, 2017, at 10:01 AM, Matthias Ballreich <matthias.ballreich@xxxxxxxxxx> wrote:
> 
> is it normal that OpenSSL removes the leading Zeros in an ASN1_INTEGER?
> I tried to read the Certificate Serial and the Certificate Serial in the
> AuthorityKeyID-Extension with C++, which works very well, but i noticed
> that OpenSSL removes the leading Zeros on it.
> 
> The real ASN1-Value is: 00BEED73EE for example, but i got only BEED73EE.
> If i view the Certificate inside Microsoft Cert Tool (Certmgr.exe) the
> leading Zeros are listed there. Same on Firefox, if i Import and view
> the Certificate there. So is this the correct way of handling inside
> OpenSSL or is it a bug or?

Integers don't have leading zeros.  Octet strings representing integers
(in non-DER form) might have leading zeros, but you should not confuse
the data type with its representation.  OpenSSL outputs the correct DER
form of the serial *number* in certificates.

Leading zeros are needed in the DER representation of positive integers
whose most significant nibble is in the range from 8 to F.  Otherwise
the leading bit would cause the integer to be interpreted as negative.

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux