Questions tagged [asn1]
30 questions
14
votes
1 answer
Why does openssl writes EC parameters when generating private key?
When I'm generating a private key with openssl, it writes the curve's parameters, and the actual private key:
❯ openssl ecparam -name secp256k1 -genkey
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE…
Elazar Leibovich
- 519
- 2
- 7
- 14
10
votes
2 answers
Are there any meta-formats for crypto?
Are there are any (properly specified) meta-formats / schema formats for describing cryptographic message structures?
I'm looking for a way to describe the format (where some channels might want symmetric/asymmetric encoding or signatures) that's…
cloudfeet
- 2,528
- 17
- 22
8
votes
2 answers
ASN.1: ENUMERATED vs INTEGER
From the X.509 specs:
CRLReason ::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
…
ansur
- 183
- 1
- 3
6
votes
3 answers
How do I test and secure ASN.1 Parsers?
As far as I can tell, .NET doesn't have an ASN.1 parser for reading or writing data built in the framework. This means that any code that creates or verifies ASN.1 data is using a 3rd party library of varying quality. Bouncy Castle, and…
makerofthings7
- 50,090
- 54
- 250
- 536
5
votes
3 answers
What part of the CSR is hashed in order to create its signature?
I'd like to change the CSR before it is transferred to the CA without going through the CSR creation process again. To do that I need to know how to calculate the signature of the CSR after I modified it. Unfortunately I couldn't find out exactly…
jhscheer
- 201
- 2
- 6
5
votes
3 answers
ASN.1 encapsulated BITSTRING type in openSSL
I am currently building an ASN.1 parser which supposed to decode X.509v3 certificates and epoch files in ASN.1 DER format. The parser is working well apart from one issue which I couldn't seem to get.
If I decode the DER format I see that for the…
Dima Shifrin
- 129
- 7
5
votes
1 answer
Why are there leading 0x00 bytes in the subjectPublicKey field of a DER X.509 cert?
For a simple example, I'm using a 512-bit RSA cert to illustrate my question. The cert can be found in both DER and PEM form here. I've been going through the certificate using this ASN.1 decoder (the provided link to the decoder already has the…
Stipe Matic
- 153
- 2
4
votes
1 answer
How to verify the signature in an iOS Passbook pass?
The Passbook application in the new iOS6 keeps track of movie tickets, coupons, and other 'passes' for you, and the passes themselves are loaded onto the user's device via file packages with the .pkpass extension. I'm looking to write a script to…
MidnightLightning
- 263
- 3
- 6
4
votes
0 answers
ASN.1 encoding question
RecipientInfo ::= CHOICE {
ktri KeyTransRecipientInfo,
kari [1] KeyAgreeRecipientInfo,
kekri [2] KEKRecipientInfo,
pwri [3] PasswordRecipientInfo,
ori [4] OtherRecipientInfo }
KeyAgreeRecipientInfo ::= SEQUENCE { ... }
With the above ASN.1 schema,…
Chris
- 141
- 2
4
votes
1 answer
encoding of optional NULL in DER
In PKCS1 there's DigestInfo:
DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING
}
AlgorithmIdentifier is defined in RFC5280:
AlgorithmIdentifier ::= SEQUENCE {
algorithm …
neubert
- 1,605
- 3
- 18
- 36
2
votes
1 answer
Why is the digest algorithm specified in two places in CMS / PKCS7?
In RFC5652, Cryptographic Message Syntax (CMS), section 5.3. SignerInfo Type, there's a digestAlgorithm field that has values like id-sha256, id-sha1, etc.
In that same RFC, section 5.1. SignedData Type there's a digestAlgorithms field that in my…
neubert
- 1,605
- 3
- 18
- 36
2
votes
0 answers
CMS/PKCS#7: specifying signatureAlgorithm with digest?
I'm confused about algorithm selection for Cryptographic Message Syntax (a.k.a. CMS, PKCS#7) signed objects (RFC5652 Section 5.1).
The SignerInfo structure (RFC5652 Section 5.3) has two separate algorithm identifier fields:
digestAlgorithm for the…
Richard Hansen
- 376
- 3
- 13
2
votes
1 answer
Downloadable Autonomous System contact information
When under (a security) attack, it might be useful for the victim to first identify the source IP, then potentially contact the offending ISP. There seem to be plenty of tools for the part where an IP can be mapped to an ASN.
How do we go about…
sandyp
- 1,146
- 1
- 9
- 17
2
votes
0 answers
ASN.1-based network protocol fuzzer
I want to do network protocol-based fuzzing using a network protocol specified in ASN.1.
After investigating the available open source tools, I need to decide between the Peach community edition, Sulley and Boofuzz. But because Peach and Sulley are…
Pete
- 21
- 1
2
votes
0 answers
ASN1 Public Key Signature Verification
I'm interested in handling licenses I distribute with my app with ASN1 and including the Public Key within my application. I've already created the Private/Public Keys, but my confusion is in how the Public Key that will also be distributed with the…
Jack O'Leary
- 121
- 3