Cryptography Reference
In-Depth Information
the identifi er. So 840, in binary, is 1101001000. This is longer than seven bits,
so break it up into chunks of seven or less:
110 1001000
Now, add the high-order bits (and pad the fi rst one):
10000110 01001000
Or hexadecimal 86 48.
The decoder then sees the fi rst byte, recognizes that the high-order bit
is 1, continues on to the next byte, sees that the high-order bit is zero, and
concatenates the seven lower-order bits of the two constituent bytes back
into the value 1101001000, or decimal 840. Likewise, 113549 encodes to
11011101110001101 in binary. This requires 20 bits to encode, so you use three
bytes (
20
=
7
), with the high-order bits of the fi rst two being set to 1, which
tells the decoder that this should be concatenated with the next byte:
10000110 11110111 00001101
Or 86 F7 0D in hexadecimal.
Is your head spinning yet? Actually, it gets worse. Notice that the hex encoding
of the “1.2” on the very beginning of the OID is a single byte: 2A. To save space,
X.690 dictates that the fi rst byte encodes two numeric elements according to the
algebraic equation Z = 40X + Y. So, 1.2 is 40 * 1 + 2 = 42 (0x2A). On the unpack-
ing side, it's safe to assume that if the byte is in the range 0-40, the decoded
value should be 0.(byte); if it's in the range of 41-80, it should be 1.(byte - 40); if
it is in the range of 81-120, it should be 2.(byte - 80); and so on. Obviously, this
limits the range of values that can be encoded by the fi rst byte.
Fortunately, I've done all of the conversion for you, so you don't have to
understand any of this to code around it. All you need to know is that the
unique byte sequence 2A 86 48 86 F7 0D 01 01 04 represents the MD5withRSA
signature algorithm.
There is also an optional section for parameters. DSS includes a few parameters,
so you re-examine this when DSA is covered. Notice that the
ANY DEFINED BY
algorithm
indicates that if the object identifi er is one of the two RSA algorithms,
the
parameters
fi eld is not present.
issuer
issuer Name
If you found the subject of OIDs slightly complicated, hold on to your hat as
you examine X.509
distinguished names
. You've likely seen a distinguished name
written out at some point in long form, such as
CN=Joshua Davies,OU=Architecture,O=Travelocity,L=Southlake,ST=Texas,C=USA
You may even be familiar with the meanings of the terse one- and two-letter
codes shown in the example, but in case you aren't, they expand to the long
names shown in Table 5-2.
Search WWH ::
Custom Search