Kevin Coffman wrote:
> The syntax of the preauth data with padata-type PA_PK_AS_REQ is
> defined in section 3.2 of RFC 4556.
>
> You might want to look at Peter Gutmann's dumpasn1 tool
> http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c
>
> You should be able to capture the request packet and feed it to this
> tool. (Details left to the reader.) It might point out ASN.1
> problems.
>
> K.C.
>
> On Tue, Jun 17, 2008 at 6:25 AM, naveen.bn <naveen.bn at globaledgesoft.com> wrote:
>
>> Hi all,
>>
>> Can any one provide me the link which gives the expected values for the ASN.1 identifier for PA_PK_AS_REQ
>> used in krb5-1.6.3 because i am getting ASN1_BAD_ID.
>>
>> Thank you .
>>
>> with regards
>> naveen
>>
>
>
Hi Kevin,
I am sending the dump generated by dumpasn.1.c, Is the problem with the signed data part from the
pa-data structure of as_req .
0 1931: [APPLICATION 10] {
4 1927: SEQUENCE {
8 3: [1] {
10 1: INTEGER 5
: }
13 3: [2] {
15 1: INTEGER 10
: }
18 1709: [3] {
22 1705: SEQUENCE {
26 1701: SEQUENCE {
30 3: [1] {
32 1: INTEGER 14
: }
35 1692: [2] {
39 1688: OCTET STRING, encapsulates {
43 1684: SEQUENCE {
47 1680: [0] {
51 1676: SEQUENCE {
55 9: OBJECT IDENTIFIER
: signedData (1 2 840 113549 1 7 2)
66 1661: [0] {
70 1657: SEQUENCE {
74 1: INTEGER 3
77 9: SET {
79 7: SEQUENCE {
81 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: }
: }
88 510: SEQUENCE {
92 7: OBJECT IDENTIFIER '1 3 6 1 5 2 3 1'
101 497: [0] {
105 493: OCTET STRING, encapsulates {
109 489: SEQUENCE {
113 60: [0] {
115 58: SEQUENCE {
117 3: [0] {
119 1: INTEGER 1
: }
122 17: [1] {
124 15: GeneralizedTime 17/06/2008 12:03:58 GMT
: }
141 3: [2] {
143 1: INTEGER 99
: }
146 27: [3] {
148 25: SEQUENCE {
150 3: [0] {
152 1: INTEGER 7
: }
155 18: [1] {
157 16: OCTET STRING
: 1F A6 D6 33 6B 06 69 1E 2B FB 94 2B 6D 1F 3A BB
: }
: }
: }
: }
: }
175 423: [1] {
179 419: SEQUENCE {
183 279: SEQUENCE {
187 7: OBJECT IDENTIFIER
: dhPublicKey (1 2 840 10046 2 1)
196 266: SEQUENCE {
200 129: INTEGER
: 00 FF FF FF FF FF FF FF FF C9 0F DA A2 21 68 C2
: 34 C4 C6 62 8B 80 DC 1C D1 29 02 4E 08 8A 67 CC
: 74 02 0B BE A6 3B 13 9B 22 51 4A 08 79 8E 34 04
: DD EF 95 19 B3 CD 3A 43 1B 30 2B 0A 6D F2 5F 14
: 37 4F E1 35 6D 6D 51 C2 45 E4 85 B5 76 62 5E 7E
: C6 F4 4C 42 E9 A6 37 ED 6B 0B FF 5C B6 F4 06 B7
: ED EE 38 6B FB 5A 89 9F A5 AE 9F 24 11 7C 4B 1F
: E6 49 28 66 51 EC E6 53 81 FF FF FF FF FF FF FF
: [ Another 1 bytes skipped ]
332 1: INTEGER 2
335 128: INTEGER
: 7F FF FF FF FF FF FF FF E4 87 ED 51 10 B4 61 1A
: 62 63 31 45 C0 6E 0E 68 94 81 27 04 45 33 E6 3A
: 01 05 DF 53 1D 89 CD 91 28 A5 04 3C C7 1A 02 6E
: F7 CA 8C D9 E6 9D 21 8D 98 15 85 36 F9 2F 8A 1B
: A7 F0 9A B6 B6 A8 E1 22 F2 42 DA BB 31 2F 3F 63
: 7A 26 21 74 D3 1B F6 B5 85 FF AE 5B 7A 03 5B F6
: F7 1C 35 FD AD 44 CF D2 D7 4F 92 08 BE 25 8F F3
: 24 94 33 28 F6 73 29 C0 FF FF FF FF FF FF FF FF
: }
: }
466 133: BIT STRING, encapsulates {
470 129: INTEGER
: 00 F9 6A 4F E7 39 17 9B 51 B5 35 48 4D A4 19 52
: FF D1 C7 DC 6F 22 F9 E0 5A D7 22 E9 28 A3 14 0E
: 32 5A C1 78 95 94 9A 14 0C 52 4A DC 4E B7 EE A5
: DA 56 1C 58 A2 A2 55 0D F4 31 6E 59 07 C1 3F 7E
: 7F 14 2A CB 87 3D F0 18 EE CB 97 CD E5 D0 C8 B1
: 20 CD FB 36 AC EA FA CF A6 5A 64 DC 3B 73 3F B0
: 6C 1C 1F C9 E6 7F 1A D8 3E 3A 94 AD 11 87 05 94
: A2 F8 AB F7 FC 9F F8 D6 AA D1 3E A6 2E 9A E1 12
: [ Another 1 bytes skipped ]
: }
: }
: }
: }
: }
: }
: }
602 821: [0] {
606 817: SEQUENCE {
610 666: SEQUENCE {
614 3: [0] {
616 1: INTEGER 2
: }
619 1: INTEGER 32
622 13: SEQUENCE {
624 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
635 0: NULL
: }
637 131: SEQUENCE {
640 13: SET {
642 11: SEQUENCE {
644 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
649 4: PrintableString 'gesl'
: }
: }
655 20: SET {
657 18: SEQUENCE {
659 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
664 11: PrintableString 'packetcable'
: }
: }
677 26: SET {
679 24: SEQUENCE {
681 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
692 11: IA5String 'ca at gesl.com'
: }
: }
705 18: SET {
707 16: SEQUENCE {
709 3: OBJECT IDENTIFIER
: localityName (2 5 4 7)
714 9: PrintableString 'bangalore'
: }
: }
725 18: SET {
727 16: SEQUENCE {
729 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
734 9: PrintableString 'karnataka'
: }
: }
745 11: SET {
747 9: SEQUENCE {
749 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
754 2: PrintableString 'in'
: }
: }
758 11: SET {
760 9: SEQUENCE {
762 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
767 2: PrintableString 'ca'
: }
: }
: }
771 30: SEQUENCE {
773 13: UTCTime 13/06/2008 07:12:07 GMT
788 13: UTCTime 13/06/2009 07:12:07 GMT
: }
803 84: SEQUENCE {
805 11: SET {
807 9: SEQUENCE {
809 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
814 2: PrintableString 'in'
: }
: }
818 18: SET {
820 16: SEQUENCE {
822 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
827 9: PrintableString 'karnataka'
: }
: }
838 13: SET {
840 11: SEQUENCE {
842 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
847 4: PrintableString 'gesl'
: }
: }
853 20: SET {
855 18: SEQUENCE {
857 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
862 11: PrintableString 'packetcable'
: }
: }
875 12: SET {
877 10: SEQUENCE {
879 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
884 3: PrintableString 'xyz'
: }
: }
: }
889 159: SEQUENCE {
892 13: SEQUENCE {
894 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
905 0: NULL
: }
907 141: BIT STRING, encapsulates {
911 137: SEQUENCE {
914 129: INTEGER
: 00 CB E6 AC 3C 1A 8C 48 79 8E E7 34 D9 71 0A C0
: 09 E5 B6 6D 0E D4 D2 9D 7D 2A 0C F8 CA 8E 76 05
: 3E AA E1 49 60 83 4D D5 F5 7F 8B 70 2A 68 42 83
: EC 32 18 2E 94 20 6F 4B 82 6C B6 69 D3 87 C3 E2
: A2 57 F5 B3 86 56 FE 88 DF 52 05 8E 8E 01 10 DC
: 68 E4 8A 87 77 99 F2 E9 B8 A0 F3 A4 54 7B 5F D3
: C6 65 8F 59 45 A0 3A A1 F1 57 20 87 2B 4C E4 85
: 73 6C 6B 6E 60 01 28 7A 8A 8E 26 A3 70 C2 3F 40
: [ Another 1 bytes skipped ]
1046 3: INTEGER 65537
: }
: }
: }
1051 226: [3] {
1054 223: SEQUENCE {
1057 9: SEQUENCE {
1059 3: OBJECT IDENTIFIER
: basicConstraints (2 5 29 19)
1064 2: OCTET STRING, encapsulates {
1066 0: SEQUENCE {}
: }
: }
1068 11: SEQUENCE {
1070 3: OBJECT IDENTIFIER
: keyUsage (2 5 29 15)
1075 4: OCTET STRING, encapsulates {
1077 2: BIT STRING 3 unused bits
: '10101'B
: }
: }
1081 18: SEQUENCE {
1083 3: OBJECT IDENTIFIER
: extKeyUsage (2 5 29 37)
1088 11: OCTET STRING, encapsulates {
1090 9: SEQUENCE {
1092 7: OBJECT IDENTIFIER '1 3 6 1 5 2 3 4'
: }
: }
: }
1101 29: SEQUENCE {
1103 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
1108 22: OCTET STRING, encapsulates {
1110 20: OCTET STRING
: 60 F3 96 0C DA AD 9E 89 08 BA 6B CA A1 2B 06 FB
: 3B 6E 9F F6
: }
: }
1132 31: SEQUENCE {
1134 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
1139 24: OCTET STRING, encapsulates {
1141 22: SEQUENCE {
1143 20: [0]
: 16 DA CC F6 67 46 A7 2E 9A 1D DD 59 71 68 31 D9
: E1 DD 1C 06
: }
: }
: }
1165 102: SEQUENCE {
1167 3: OBJECT IDENTIFIER
: subjectAltName (2 5 29 17)
1172 95: OCTET STRING, encapsulates {
1174 93: SEQUENCE {
1176 91: [0] {
1178 6: OBJECT IDENTIFIER '1 3 6 1 5 2 2'
1186 81: [0] {
1188 79: SEQUENCE {
1190 35: [0] {
1192 33: GeneralString '_kerberos._udp.globaledgesoft.com'
: }
1227 40: [1] {
1229 38: SEQUENCE {
1231 3: [0] {
1233 1: INTEGER 1
: }
1236 31: [1] {
1238 29: SEQUENCE {
1240 27: GeneralString 'mta/rg71.globaledgesoft.com'
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
1269 9: SEQUENCE {
1271 3: OBJECT IDENTIFIER
: issuerAltName (2 5 29 18)
1276 2: OCTET STRING, encapsulates {
1278 0: SEQUENCE {}
: }
: }
: }
: }
: }
1280 13: SEQUENCE {
1282 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
1293 0: NULL
: }
1295 129: BIT STRING
: 36 5D EA E8 07 38 08 EA 49 3D C1 A7 CF EB AF 51
: A9 41 2D EB F3 00 48 5B 94 E9 06 2F 81 FD B7 58
: D9 B5 BF 78 D8 D8 3C B7 AB DF 7A 3B 8D 90 08 C9
: 92 B1 31 79 43 3F FD F8 21 A1 95 A1 87 B5 6D 2F
: 42 F8 BD 27 D4 73 AC 73 99 AC 76 D7 7D 38 64 81
: F2 EB 2B 75 E7 FA 45 76 C9 2C 42 2C 0C 73 3A E3
: 43 BE 32 3E B8 51 B4 ED D4 42 22 06 27 94 6B 33
: E1 8C 41 F0 84 71 BD 51 D0 CE C6 B9 23 D6 BB 4F
: }
: }
1427 300: SET {
1431 296: SEQUENCE {
1435 1: INTEGER 3
1438 137: SEQUENCE {
1441 131: SEQUENCE {
1444 13: SET {
1446 11: SEQUENCE {
1448 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
1453 4: PrintableString 'gesl'
: }
: }
1459 20: SET {
1461 18: SEQUENCE {
1463 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
1468 11: PrintableString 'packetcable'
: }
: }
1481 26: SET {
1483 24: SEQUENCE {
1485 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
1496 11: IA5String 'ca at gesl.com'
: }
: }
1509 18: SET {
1511 16: SEQUENCE {
1513 3: OBJECT IDENTIFIER
: localityName (2 5 4 7)
1518 9: PrintableString 'bangalore'
: }
: }
1529 18: SET {
1531 16: SEQUENCE {
1533 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
1538 9: PrintableString 'karnataka'
: }
: }
1549 11: SET {
1551 9: SEQUENCE {
1553 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
1558 2: PrintableString 'in'
: }
: }
1562 11: SET {
1564 9: SEQUENCE {
1566 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
1571 2: PrintableString 'ca'
: }
: }
: }
1575 1: INTEGER 32
: }
1578 7: SEQUENCE {
1580 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: }
1587 11: SEQUENCE {
1589 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
: }
1600 128: OCTET STRING
: 39 CC 21 C2 7A 26 B0 8A AA 45 A1 1B 10 67 C1 40
: 1B 07 02 C4 60 F7 2F 3B 1B 11 D6 37 AE EB CF 75
: 0E 3B 99 C7 6B 03 DD A9 AF 28 40 47 45 14 2B 05
: AB 07 B1 A2 F7 F8 DD 96 C3 77 F7 2C 71 29 FD FA
: 26 D8 B8 8C 0B FF C8 AE 04 0C 40 AE 30 32 B0 9F
: 32 E1 E1 C3 3D 0E 38 72 62 50 4B D8 30 42 1A 03
: 84 8C 9B 79 BA D7 D0 14 D6 56 97 C4 FA F2 09 9F
: E6 D8 92 C0 13 F1 94 48 FD 02 85 74 C7 30 C8 DF
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
: }
1731 201: [4] {
1734 198: SEQUENCE {
1737 7: [0] {
1739 5: BIT STRING
: '00000000000000000000000000000000'B
: Error: Spurious zero bits in bitstring.
: }
1746 41: [1] {
1748 39: SEQUENCE {
1750 3: [0] {
1752 1: INTEGER 3
: }
1755 32: [1] {
1757 30: SEQUENCE {
1759 3: GeneralString 'mta'
1764 23: GeneralString 'rg71.globaledgesoft.com'
: }
: }
: }
: }
1789 35: [2] {
1791 33: GeneralString '_kerberos._udp.globaledgesoft.com'
: }
1826 54: [3] {
1828 52: SEQUENCE {
1830 3: [0] {
1832 1: INTEGER 2
: }
1835 45: [1] {
1837 43: SEQUENCE {
1839 6: GeneralString 'krbtgt'
1847 33: GeneralString '_kerberos._udp.globaledgesoft.com'
: }
: }
: }
: }
1882 17: [4] {
1884 15: GeneralizedTime 17/06/2008 12:03:58 GMT
: }
1901 17: [5] {
1903 15: GeneralizedTime 17/06/2008 13:12:13 GMT
: }
1920 6: [7] {
1922 4: INTEGER 1213704238
: }
1928 5: [8] {
1930 3: SEQUENCE {
1932 1: INTEGER 16
: }
: }
: }
: }
: }
: }
When I browsed to get the information on this error I found out that its with the type of encoding(DER/BER). But here I have used oly DER encoding.
I don't know why its giving an error.
Thank you
with regards
naveen