Comments (2)
OpenSSL is apparently more forgiving and treats the negative integer as a positive one, essentially adding one null '00' octet on the front. The output from the command even shows it as "00:81:55:22..." even though that is NOT what's encoded in the ASN.1. OpenSSL does not try re-encoding the certificate, either: it will spit out exactly what it took in, so that representation is very misleading. However, openssl x509 -inform der -pubkey -noout < der_cert_bytes
will produce a corrected key.
In short, however, this certificate is malformed, period.
asn1crypto doesn't make any such assumptions, and keeps it as a negative integer. I would have to imagine plenty of other crypto software would choke: see mirleft/ocaml-x509#56 (comment) for this exact same problem surfacing elsewhere, and I agree with the sentiment, "I am very reluctant to add warts to support other people's old bugs."
OpenSSL's own asn1parse
command will show you that it's a negative value:
> openssl asn1parse -offset 146 -length 73 < der_cert_bytes
0:d=0 hl=2 l= 71 cons: SEQUENCE
2:d=1 hl=2 l= 64 prim: INTEGER :-7EAADD46755B901229182699F0AA4328322A43B1BFFDDE5D4E0878CF7AA12D0DBB4623648A4904B9A0BD4962DCC9F421ABF03242E066D5EFA7EE34BF344A58BF
68:d=1 hl=2 l= 3 prim: INTEGER :010001
The offset is necessary since asn1parse
won't try to read inside the bit-string where the public key is stored.
from asn1crypto.
@geitda I meant to respond to this earlier - thank you for the explanation. I also agree with not adding warts to support other people's old bugs, even though the project I'm working on is surfacing an awful lot of other people's old bugs!
from asn1crypto.
Related Issues (20)
- ERROR: No matching distribution found for ans1crypto HOT 1
- Bug in commit 'Handle BER-encoded indefinite length values better' HOT 7
- How to parse certificate_policies_value HOT 4
- PublicKeyAlgorithm does not encode None parameters as ASN1 Null element for RSA Keys HOT 3
- CI Test throw error due to expired certificate HOT 1
- What is the difference between x509.Certificate.contents and x509.Certificate.dump() HOT 2
- Calling dump on a SignedData object took 30 seconds HOT 12
- How to add support for custom OIDs in the x509 module HOT 1
- Issue report: x509.Name fails to process the TCG OIDs (2.23.133.2.*) HOT 8
- Crash with UTF8String in Subject (akash provider certificates) HOT 2
- OCSP response extension parsing fails HOT 1
- ValueError: Hash algorithm not known for rsassa_pkcs1v15 HOT 3
- Error parsing valid EncryptedContentInfo HOT 6
- Support Python 3.12 HOT 1
- NameTypeAndValue of type "unique_indentifier" cannot be prepared
- Please make a new release HOT 2
- pem.unarmor very poor performance
- v1.5.1 CMSAttributes does not return a DER from dump() making message digest from a CMS confusing HOT 3
- How to sign the signed_attrs? How was the test file cms-signed.der created? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asn1crypto.