RE: DN Handling (for BER to DN converter) (corrected again!)

["Arredondo, Tomas" <tArredondo@unispherenetworks.com>]

{Sorry but I'm not sure why the extra > are being put in the email but here
is my last try to send one without them (I ran it through notepad).}

I need some help with the encoding of the Object Identifier Value.

I get the 06 for OBJECT ID, the length 3 octets and 
I get the "formula": (X*40)  +  Y  but from there on I don't see
where the 813403 comes from...

Example From X690E [1]:
An OBJECT IDENTIFIER value of:
{joint-iso-itu-t  100  3}
which is the same as:
{2  100  3}
 has a first subidentifier of 180 and a second subidentifier of 3. The
resulting encoding is:

OBJECT		
IDENTIFIER	Length	Contents
06(base16)	03(base16)	813403(base16)


Another ex is the one in A Layman's Guide to a Subset of ASN.1 [2] in
section
6.2.1 I don's see how they get the content octets for country name.  I mean
sure 40*2 + 5 = 85 but the 5516; 4; and 6, 10, or 3 part?

6.2.1 AttributeType

The three AttributeType values are OCTET STRING values, so
their DER encoding follows the primitive, definite-length
method:

06 03 55 04 06                                   countryName

06 03 55 04 0a                              organizationName

06 03 55 04 03                                    commonName

The identifier octets follow the low-tag form, since the tag
is 6 for OBJECT IDENTIFIER. Bits 8 and 7 have value "0,"
indicating universal class, and bit 6 has value "0,"
indicating that the encoding is primitive. The length octets
follow the short form. The contents octets are the
concatenation of three octet strings derived from
subidentifiers (in decimal): 40 * 2 + 5 = 85 = 5516; 4; and
6, 10, or 3.

I'm assuming it's something to do with the eigth bit (?)

Thanks,
Tomas


REFs:

1- From X690E:

Encoding of an object identifier value
8.19.1	The encoding of an object identifier value shall be primitive.
8.19.2	The contents octets shall be an (ordered) list of encodings of
subidentifiers (see 8.19.3 and 8.19.4) concatenated together.
Each subidentifier is represented as a series of (one or more) octets. Bit 8
of each octet indicates whether it is the last in the series: bit 8 of the
last octet is zero; bit 8 of each preceding octet is one. Bits 7 to 1 of the
octets in the series collectively encode the subidentifier. Conceptually,
these groups of bits are concatenated to form an unsigned binary number
whose most significant bit is bit 7 of the first octet and whose least
significant bit is bit 1 of the last octet. The subidentifier shall be
encoded in the fewest possible octets, that is, the leading octet of the
subidentifier shall not have the value 8016.

8.19.3	The number of subidentifiers (N) shall be one less than the number
of object identifier components in the object identifier value being
encoded.

8.19.4	The numerical value of the first subidentifier is derived from the
values of the first two object identifier components in the object
identifier value being encoded, using the formula:
(X*40)  +  Y
where X is the value of the first object identifier component and Y is the
value of the second object identifier component.
NOTE - This packing of the first two object identifier components recognizes
that only three values are allocated from the root node, and at most 39
subsequent values from nodes reached by X = 0 and X = 1.

8.19.5	The numerical value of the ith subidentifier, (2 £ i £ N) is that of
the (i + 1)th object identifier component.

Example
An OBJECT IDENTIFIER value of:
{joint-iso-itu-t  100  3}
which is the same as:
{2  100  3}
 has a first subidentifier of 180 and a second subidentifier of 3. The
resulting encoding is:

OBJECT		
IDENTIFIER	Length	Contents
0616	0316	81340316


2- A Layman's ...: ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc