0

I'm studying RFC 5280 (https://www.rfc-editor.org/rfc/rfc5280) and have noticed strange marks ([0], [1], [2], [3]) in TBSCertificate structure definition

TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    extensions      [3]  EXPLICIT Extensions OPTIONAL
                         -- If present, version MUST be v3
    }

In ASN.1 it codes using special bytes 0xA0, 0xA1, 0xA2, 0xA3. Can't find any explanation on these bytes encoding. Can someone explain me?

Community
  • 1
  • 1
academica
  • 325
  • 3
  • 13

1 Answers1

4

It is a tagged type. See X.680 section 31.2. [0] means that the value is encoded with a context-specific class and number 0. In DER (X.690 sections 8.1.2 and 8.14), a constructed context-specific class with number 0 is encoded as 0xA0.

Mats
  • 8,528
  • 1
  • 29
  • 35
  • How do I know which type it going to represent under this context-specific conditions? – academica Sep 30 '16 at 17:15
  • I don't understand your question in the comment above. You might be misunderstanding what "context-specific" means. There are four classes of tags in ASN.1: universal, application, context-specific, and private. If the tag were written [APPLICATION 1] it would be an application tag. As written, it is a context-specific tag. Context-specific here does not mean there will be a different tag in different contexts. This question might help: http://stackoverflow.com/questions/15035349/how-does-0-and-3-work-in-asn1 – Kevin Oct 01 '16 at 15:34