> > 00 20 : Illegal DER, leading 00 not needed
> > 00 80 : Legal, leading 00 needed to make number positive
> > FF 03 : Legal, leading FF needed to make number negative
> > FF D0 : Illegal DER, FF not needed


> > Note that these are all legal BER and are all perfectly valid and
> > meaningful integer encodings. DER, however, requires the
> > minimum number of
> > octets to be used.


> As rightfully pointed out by Peter Sylvester, in this respect BER is
> equivalent to DER as well.


You are correct. For some reason, 8.3.2 prohibits using additional octets
in an integer encoding even in BER. I'm really not sure why, but that's a
fact.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org