Cryptography Reference
In-Depth Information
You pass this in to your certifi cate request:
[jdavies@localhost ssl]$ openssl req -x509 -newkey dsa:dsaparam.cer -keyout \
dsakey.der -keyform der -out dsacert.der -outform der
Generating a 512 bit DSA private key
writing new private key to 'dsakey.der'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Texas
Locality Name (eg, city) [Newbury]:Southlake
Organization Name (eg, company) [My Company Ltd]:Travelocity
Organizational Unit Name (eg, section) []:Architecture
Common Name (eg, your name or your server's hostname) []:Joshua Davies
Email Address []:joshua.davies@travelocity.com
Developing an ASN.1 Parser
By now, you're probably itching to see some code. You develop code to parse
an X.509 certifi cate in two parts; fi rst, deconstruct the DER-encoded ASN.1
structure into its constituent parts and then interpret these parts as an X.509
certifi cate. ASN.1-encoded values can be represented naturally as nodes of the
form shown in Listing 5-3.
Listing 5-3:
“asn1.h” asn1struct defi nition
struct asn1struct
{
int constructed; // bit 6 of the identifier byte
int tag_class; // bits 7-8 of the identifier byte
int tag; // bits 1-5 of the identifier byte
int length;
const unsigned char *data;
struct asn1struct *children;
struct asn1struct *next;
};
Converting a Byte Stream into an ASN.1 Structure
The fi rst fi ve elements ought to be relatively straightforward if you understood
the description of ASN.1 DER in the previous section. The last two are used to
Search WWH ::
Custom Search