[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on client auth
I agree that writing a DER dumper is not very hard. A DER encoder is
a complete pain in the butt.
This is because DER uses fixed length recursive encodings, before writing the
first byte of the message it is necessary to analyse the entire message.
Consider the structure :-
This is translated into tag - length value as follows
TAG-STRUCT length (struct length (a) +
length (struct + length (b) + length (c)))
TAG-INTEGER length (a) a
TAG-STRUCT length (struct + length (b) + length (c))
TAG-INTEGER length (b) b
TAG-INTEGER length (c) c
Ie to calculate the length of the outer wrapper one must first encode the inner
content. This is a pain, it is impossible to do it with a linear traversal of
Plus the length of length items is itself variable so its all a lot of hard
I know that there are ASN.1 supporters but having written code myself and found
the spec to be baddly thought out, the documentation baddly organised and the
architecture needlessly complex I'm not amongst them.