tags:

views:

46

answers:

1
Q: 

How to recognize x509 flags

Is there any way to tell the difference between data after flags and sub-flags after the flag? in a yahoo certificate i exported, there is a section with a0 2d a0 2b ..., where its all flags. on the other hand, the subject key ID is "a0 1e 6e 0c 9b 6e 6a eb d2 ae 5a 4a 18 ff 0e 93 46 1a d6 32". how would i tell the difference between which is what? other flags such as 03, 04, and 06 do this a lot

also, does anyone recognize the string 86 29? its neither a flag nor readable data (the 29 is ")", but that doesnt seem to contribute to anything)

A: 

You can export the certificate in a file and then use CertUtil.exe -dump to examine contain of the certificate.

UPDATED based on the comment: Because of you pasted a long string in the comment, comments can be bad read. So I repeat the text of my last comment here:

The simplest way to decode the X.509 Extensions is using of CryptDecodeObjectEx with X509_EXTENSIONS. As a result you will receive CERT_EXTENSIONS - an array of CERT_EXTENSION (see msdn.microsoft.com/en-us/library/aa377195.aspx). An extension consist of an OID which define the extension, an attribute whether the extension if critical (whether you really MUST understand it) and an optional additional encoded extension data, which are in the most cases BER encoded NULL. Of cause you can decode the information yourself corresponds to 4.2 of RFC 3280, X.509 PKI (see http://www.ietf.org/rfc/rfc3280.txt).

Oleg  2010-08-03 23:11:06
i know what the data says. im trying to extract the info myself
calccrypto  2010-08-04 00:30:37
What part of X.509 certificate do you name "x509 flags" and "sub-flags"? If you describes what do you mean I can explain you how decode the information. Some years ago to have more understanding of ASN.1, BER, DER and X.509 I wrote a utility which produce output which can be compared with `CertUtil.exe -dump`. Is that what you try to do?
Oleg  2010-08-04 00:42:57
err... i think so. the part im having trouble with is: "3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e04160414a01e6e0c9b6e6aebd2ae5a4a18ff0e93461ad632303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d250416301406082b0601050507030106082b06010505070302" this is only the "extensions" section. i managed to get the rest of the certificate (up to "65537"), signature algorithm, and signatureValue. to me,sub flag is any group in the string im on
calccrypto  2010-08-04 01:42:27
The simplest way to decode the X.509 Extensions is using of `CryptDecodeObjectEx` with `X509_EXTENSIONS`. As a result you will receive `CERT_EXTENSIONS` - an array of `CERT_EXTENSION` (see http://msdn.microsoft.com/en-us/library/aa377195.aspx). An extension consist of an OID which define the extension, an attribute whether the extension if critical (whether you really MUST understand it) and an optional additional encoded extension data, which are in the most cases BER encoded NULL. Of cause you can decode the information yourself corresponds to 4.2 of RFC 3280, X.509 PKI.
Oleg  2010-08-05 12:37:45

related questions

Change datatype when importing Excel file into Access
What powers Google Charts?
Storing SAS data (including table structure) in a single flat file
How would you go about reverse engineering a set of binary data pulled from a device?
How to get scientific results from non-experimental data (datamining?)
Looking for tool to generate random CSV data
Suggestions for human editable data file format/parsing library
Advice on handling large data volumes.
What's a good way to store raster data?
How do I protect my file data from disk corruption?
Sql Server compatibility mode
Infopath 2007 - How do I perform data validation on the current view ONLY?
Mending bad BAD database design once data is in the system.
Embed data in a C++ program
Astoria vs. SQL Server Data Services
What is the best way to implement soft deletion?
C# NetCDF Library
Program for working with large CSV Files
What is the best strategy for retainment of large data sets?
Data Auditing in NHibernate and SqlServer
Large Data Sets
Configurable Table Prefixes with a .Net OR/M?
Are there any decent free JAVA data plotting libraries out there?
Peak detection of measured signal
Data verifications in Getter/Setter or elsewhere ?