[xmlsec] Problem with some cert which has a negative serial number
Andrew Fan
Xuelei.Fan at Sun.COM
Mon Feb 21 20:29:18 PST 2005
Michael Mi wrote:
>
>
> Andrew Fan wrote:
>
>> Aleksey Sanin wrote:
>>
>>>> Can a bn like "00 00 01" can be a legal serial number?
>>>
>>>
>>>
>>> Yes. It is equal to "1".
>>>
>> No, it is not a legal serial number. decimal "01", "0001", "1" must
>> be represent as "01" in serial number.
>
>
> Why not? Can you show us any standard forbiding that?
>
Read another mail with encoding and decoding rules attached, or please
read X.690 "Information technology – ASN.1 encoding rules: Specification
of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)"
-Andrew
> Michael
>
>>
>>
>> -Andrew
>>
>>>> If so (*assumption #1*), I think the leading zero should be
>>>> reserved in string format, this can guarantee when converting back
>>>> to a bn, it is "00 00 01" again.
>>>
>>>
>>>
>>> Not necessary. "00 00 01" and "01" both represent the same bn. The
>>> functions that searches for a certificate MUST understand this.
>>>
>>> Aleksey
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
More information about the xmlsec
mailing list