Cryptography Reference
In-Depth Information
for multi-byte types as well — and has complex rules on how to encode and
recognize them — but X.509 doesn't need to make use of them and sticks with
single-byte types. Therefore, the integer value 5 is encoded, according to DER, as
02 01 05
That's type 2 (integer), one byte in length, value 5. The integer value 65535
is encoded as
02 02 FF FF
That's type 2, two bytes, value 0xFFFF equals 65535. The length byte tells you
when to stop reading the value and start looking for another tag.
So far, so good. It's pretty simple. OID's are just as simple to encode. They're
stored just like integers, but they have a type of 6 instead of 2. Otherwise, they're
encoded the same way: type, length, value. The OID common name (in the subject
and issuer distinguished name fi elds) of 55 04 03 is represented as
06 03 55 04 03
The length byte tells you that there are three bytes of OID.
Strings and Dates
Strings and dates are both encoded similarly. The type code for a date is either
23 or 24; 23 is a generalized — four-digit year — time. 24 is a UTC — two-digit
year — time. Although the type actually includes enough information to infer
the length — you know that generalized times are 15 digits, and UTC times
are 13 — for consistency's sake the lengths are included as well. After that, the
year, month, day, hour, minute, second and Z are included in ASCII format. So
the date Feb. 23, 2010, 6:50:13 is encoded in UTC time as
17
0d
31
30
30
32
32
33
30
36
35
30
31
33
5A
t gl th1 00223065013Z
and is encoded in generalized time as
16
0f
32
30
31
30
30
32
32
33
30
36
35
30
31
33
5A
t gl th20100223065013Z
Strings are also coded this way. However, there are quite a few different string
types to account for different byte encodings (among other things). The offi cial
specifi cation is actually not proscriptive about which type of string should be used,
and you actually see different kinds. However, the most common are IA5Strings
(type 22) and printable strings (type 19), which you can treat interchangeably.
Given, for example, the country code “US” in a name fi eld, the encoding would be
13 02 55 53
which is the ASCII representation of the string “US.”
Previous Page
Next Page
Implementing SSL/TLS Using Cryptography and PKI
Search WWH ::




Custom Search
Home