[pyasn1-users] Dealing with big [unsigned] integers
Brought to you by:
elie
From: Alex <ral...@gm...> - 2014-09-29 13:39:37
|
Hello, I have recently stumbled upon certain structures that contain large numbers and I am not sure if pyasn1 handles them correctly. Here is an example of a PKIMessage structure, with a tricky certificate inside: http://pastebin.com/zkqwLn6s Windows displays that serial number as „80 00 00 00 06 f8 01 cf db de 60 37 40 1e”, while pyasn1 turns that into '-2596148429245794099646196239092594'; I did not expect a signed integer. Indeed, the most significant bit in that number is 1, but the specifications say it must be non negative. The definition, according to RFC2459 is for it to be a unique integer { 4.1.2.2 Serial number The serial number is an integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate). } However, RFC3280 deprecates that and says this instead { 4.1.2.2. Serial Number The serial number MUST be a positive integer assigned by the CA to each certificate. It MUST be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate). CAs MUST force the serialNumber to be a non-negative integer. Given the uniqueness requirements above, serial numbers can be expected to contain long integers. Certificate users MUST be able to handle serialNumber values up to 20 octets. Conforming CAs MUST NOT use serialNumber values longer than 20 octets. Note: Non-conforming CAs may issue certificates with serial numbers that are negative or zero. Certificate users SHOULD be prepared to gracefully handle such certificates. } My questions: 1. is there a way to force pyasn1 to interpret that as an unsigned integer? 2. assuming there is no way to influence the CA and make it pad the MSB with zeros, how can this be handled gracefully on the decoder's end? Thank you for your help, Alex |