[pyasn1-users] Dealing with big [unsigned] integers

[Alex <ral...@gm...>]

Hello,

I have recently stumbled upon certain structures that contain large
numbers and I am not sure if pyasn1 handles them correctly. Here is an
example of a PKIMessage structure, with a tricky certificate inside:
http://pastebin.com/zkqwLn6s

Windows displays that serial number as „80 00 00 00 06 f8 01 cf db de
60 37 40 1e”, while pyasn1 turns that into
'-2596148429245794099646196239092594'; I did not expect a signed
integer.

Indeed, the most significant bit in that number is 1, but the
specifications say it must be non negative.


The definition, according to RFC2459 is for it to be a unique integer
{
4.1.2.2  Serial number

   The serial number is an integer assigned by the CA to each
   certificate.  It MUST be unique for each certificate issued by a
   given CA (i.e., the issuer name and serial number identify a unique
   certificate).
}


However, RFC3280 deprecates that and says this instead
{
4.1.2.2.  Serial Number

   The serial number MUST be a positive integer assigned by the CA to
   each certificate.  It MUST be unique for each certificate issued by a
   given CA (i.e., the issuer name and serial number identify a unique
   certificate).  CAs MUST force the serialNumber to be a non-negative
   integer.

   Given the uniqueness requirements above, serial numbers can be
   expected to contain long integers.  Certificate users MUST be able to
   handle serialNumber values up to 20 octets.  Conforming CAs MUST NOT
   use serialNumber values longer than 20 octets.

   Note: Non-conforming CAs may issue certificates with serial numbers
   that are negative or zero.  Certificate users SHOULD be prepared to
   gracefully handle such certificates.
}


My questions:
1. is there a way to force pyasn1 to interpret that as an unsigned integer?
2. assuming there is no way to influence the CA and make it pad the
MSB with zeros, how can this be handled gracefully on the decoder's
end?



Thank you for your help,
Alex