ASN.1 encoding question

Asked Jan 13 '17 at 00:47

Active Jan 13 '17 at 13:13

Viewed 210 times

RecipientInfo ::= CHOICE {
ktri KeyTransRecipientInfo,
kari [1] KeyAgreeRecipientInfo,
kekri [2] KEKRecipientInfo,
pwri [3] PasswordRecipientInfo,
ori [4] OtherRecipientInfo }

KeyAgreeRecipientInfo ::= SEQUENCE { ... }

With the above ASN.1 schema, how would a RecipientInfo.kari be DER-encoded?

A1 <length> <KeyAgreeRecipientInfo fields>...
or A1 <length> 30 <length> <KeyAgreeRecipientInfo fields>...

The module uses implicit default tagging, so I reckon it should be the former, but Apple's security tool is encoding with the latter.

To see what I'm talking about, do:

security cms -E -r <identity> -i <file> | openssl asn1parse -inform der

and you'll see in the output:

24:d=4  hl=4 l= 374 cons: cont [ 1 ]        
28:d=5  hl=4 l= 370 cons: SEQUENCE

Thanks!

edited Jan 13 '17 at 13:13

asked Jan 13 '17 at 00:47

Chris

ASN.1 encoding question

0 Answers0