[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Inconsistent CKA_EC_POINT encoding
All, I just bumped into this today. My understanding is that CKA_EC_POINT needs to be ASN.1 DER-encoded as an OCTET STRING (0x04). For public key values with length less than 128 bytes I believe there is only one way to encode it (0x04|1-byte length|public key). However, for public key values with 128 or more bytes there are multiple ways to encode it 0x04|1-byte length bytes|1-byte length|public key 0x04|1-byte length bytes|2-byte length|public key 0x04|1-byte length bytes|3-byte length|public key … Where the X-byte length field is zero padded. For example: 0481850401a8f3fad872e92fa34e3cb0c1ec631fa8a6b2797c727aadea6b41bd1c28972c6d12fac8fc9e6d0d544a7d062cd9d427c36102a49cbc6d960edcd87d8730e1b8d33c005e2bb06e2b7cddad51b2c9a599fca8025f884ccd722c19701cf00cc1e8708d2a9a23b6056252e5982ac71593b2e548754fbf19180f2898189c3a238f583b261f7f vs 048200850401a8f3fad872e92fa34e3cb0c1ec631fa8a6b2797c727aadea6b41bd1c28972c6d12fac8fc9e6d0d544a7d062cd9d427c36102a49cbc6d960edcd87d8730e1b8d33c005e2bb06e2b7cddad51b2c9a599fca8025f884ccd722c19701cf00cc1e8708d2a9a23b6056252e5982ac71593b2e548754fbf19180f2898189c3a238f583b261f7f This makes it difficult to find objects with a particular public key in them without trying multiple types of encoding. Is it correct that both encodings are acceptable? If so, can we clarify the spec so that the minimal length DER-encoded value is used? Thanks, Jonathan Jonathan Schulze-Hewett Director of Development 708-445-1704 (o) | 708-822-2926 (m) schulze-hewett@infoseccorp.com |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]