[Botan-devel] Getting the binary form of the key

tiredashell at gmail.com tiredashell at gmail.com
Sat Oct 10 14:52:12 EDT 2009


Thanks for taking a look, it's not a big issue so no worries. I actually had
one more question while we're on the subject, though -- should I worry about
endianness when sharing a RAW_BER encoded public key over a network, or
other binary things like signatures and MACs? The clients could potentially
be different OSes so I'm wondering whether base64 encoding would be
necessary.

On Fri, Oct 9, 2009 at 11:56 PM, Jack Lloyd <lloyd at randombit.net> wrote:

> On Fri, Oct 09, 2009 at 11:31:00PM -0400, Jack Lloyd wrote:
> > On Fri, Oct 09, 2009 at 10:08:15PM -0400, Z. S. O. wrote:
> > > By the way, I'm guessing that the load_key function is still unable to
> > > decode a RAW_BER encoded key, correct?
> >
> > It should be able to do so, but something has clearly become broken at
> > some point because it's not working for me either. I'm poking at it
> > now. Thanks for the report.
>
> Ahhh.
>
> OK, not exactly a bug, precisely, just something that is unfortunate
> and not really well specified at all. (I mean, contemplate that I
> thought this was a bug for at least 10 minutes, and I wrote the code).
>
> PKCS #8 has two forms - unencrypted and encrypted. To tell the
> difference, if the input is PEM the code looks at if the PEM
> description is "ENCRYPTED PRIVATE KEY" or "PRIVATE KEY". However if it
> is not PEM then there is no (easy) way to distinguish, and the code
> assumes encrypted, throwing a decoding failure if it is not because
> the format of course is wrong in that case. When you PEM encode, you
> are giving the needed hint on the decoding side.
>
> This is certainly on the wow-thats-ugly-this-should-be-fixed list,
> along with a general redo of the PKCS #8 code (which dates back many
> years and is somewhat funky, I think it could be done in a much better
> way), but, as always, limits on time/money/energy constrain.
>
> -Jack
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20091010/97c1d466/attachment.html>


More information about the botan-devel mailing list