To: "'openldap-devel@openldap.org'" <openldap-devel@OpenLDAP.org>
Subject: RE: DN Handling (for BER to DN converter) (corrected again!)
From: "Arredondo, Tomas" <tArredondo@unispherenetworks.com>
Date: Fri, 10 Aug 2001 09:53:12 -0400

{Sorry but I'm not sure why the extra > are being put in the email but here is my last try to send one without them (I ran it through notepad).} I need some help with the encoding of the Object Identifier Value. I get the 06 for OBJECT ID, the length 3 octets and I get the "formula": (X*40) + Y but from there on I don't see where the 813403 comes from... Example From X690E [1]: An OBJECT IDENTIFIER value of: {joint-iso-itu-t 100 3} which is the same as: {2 100 3} has a first subidentifier of 180 and a second subidentifier of 3. The resulting encoding is: OBJECT IDENTIFIER Length Contents 06(base16) 03(base16) 813403(base16) Another ex is the one in A Layman's Guide to a Subset of ASN.1 [2] in section 6.2.1 I don's see how they get the content octets for country name. I mean sure 40*2 + 5 = 85 but the 5516; 4; and 6, 10, or 3 part? 6.2.1 AttributeType The three AttributeType values are OCTET STRING values, so their DER encoding follows the primitive, definite-length method: 06 03 55 04 06 countryName 06 03 55 04 0a organizationName 06 03 55 04 03 commonName The identifier octets follow the low-tag form, since the tag is 6 for OBJECT IDENTIFIER. Bits 8 and 7 have value "0," indicating universal class, and bit 6 has value "0," indicating that the encoding is primitive. The length octets follow the short form. The contents octets are the concatenation of three octet strings derived from subidentifiers (in decimal): 40 * 2 + 5 = 85 = 5516; 4; and 6, 10, or 3. I'm assuming it's something to do with the eigth bit (?) Thanks, Tomas REFs: 1- From X690E: Encoding of an object identifier value 8.19.1 The encoding of an object identifier value shall be primitive. 8.19.2 The contents octets shall be an (ordered) list of encodings of subidentifiers (see 8.19.3 and 8.19.4) concatenated together. Each subidentifier is represented as a series of (one or more) octets. Bit 8 of each octet indicates whether it is the last in the series: bit 8 of the last octet is zero; bit 8 of each preceding octet is one. Bits 7 to 1 of the octets in the series collectively encode the subidentifier. Conceptually, these groups of bits are concatenated to form an unsigned binary number whose most significant bit is bit 7 of the first octet and whose least significant bit is bit 1 of the last octet. The subidentifier shall be encoded in the fewest possible octets, that is, the leading octet of the subidentifier shall not have the value 8016. 8.19.3 The number of subidentifiers (N) shall be one less than the number of object identifier components in the object identifier value being encoded. 8.19.4 The numerical value of the first subidentifier is derived from the values of the first two object identifier components in the object identifier value being encoded, using the formula: (X*40) + Y where X is the value of the first object identifier component and Y is the value of the second object identifier component. NOTE - This packing of the first two object identifier components recognizes that only three values are allocated from the root node, and at most 39 subsequent values from nodes reached by X = 0 and X = 1. 8.19.5 The numerical value of the ith subidentifier, (2 £ i £ N) is that of the (i + 1)th object identifier component. Example An OBJECT IDENTIFIER value of: {joint-iso-itu-t 100 3} which is the same as: {2 100 3} has a first subidentifier of 180 and a second subidentifier of 3. The resulting encoding is: OBJECT IDENTIFIER Length Contents 0616 0316 81340316 2- A Layman's ...: ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc

