TicketFlags encoding
Nico Williams
nico at cryptonector.com
Thu Aug 1 02:30:20 EDT 2013
On Wed, Jul 31, 2013 at 9:08 PM, Frank Cusack <frank at linetwo.net> wrote:
> What would be the correct DER encoding of the Forwardable flag, by itself?
Forwardable is 0x40000000 in typical C implementations, but it's bit 1
in RFC1510, bit #1 being the second bit of a bit string where we count
bits from the left (zero-based count). We pretend it's not a named
bit, and we pretend the string is 32 bits long (instead of having to
be 2 bits long otherwise).
So the encoding is:
0x03 (tag) 0x05 (length) 0x00 (bits of padding) 0x40 0x00 0x00 0x00
The length counts the padding bit count byte.
> Without the 32 bit minimum, I'm confused as to which of these would be
> correct:
>
> 03 02 06 40
> 03 03 03 40 00
The first: 0x03 0x02 0x06 0x40. This means that the bit string is
"start with 0x40 and remove the trailing six bits, leaving you with a
2 bit long bit string 01 (binary)". The encoding is 2 bytes (one for
padding count, one for the 2 bits + padding); the whole thing is
UNIVERSAL tag #3 (BIT STRING).
> With the 32 bit minimum, I'm confused as to which of these is correct:
>
> 03 05 1E 40 00 00 00
> 03 05 13 40 00 00 00
> 03 05 00 40 00 00 00
The padding bit count must be between 0 and 7; the first two choices
are right out :) It counts the number of bits of padding needed on
the right end of the bit string to get it to a multiple of 8 bits.
The bit string is 32 bits, 32 mod 8 == 0 so the count of padding bits
is zero. So the third choice.
> Or, something different? Do I have the bit ordering correct? (bit 0 =
> leading/most significant)
You do.
Nico
--
More information about the Kerberos
mailing list