[openssl-users] Leading Zeros in ASN1_INTEGER?

Jeffrey Walton noloader at gmail.com
Mon Jan 30 10:24:03 UTC 2017


On Mon, Jan 30, 2017 at 5:03 AM, Matthias Ballreich
<Matthias.Ballreich at outlook.de> wrote:
> thanks for explanation.
>
> But why did Windows Cert Manager and Firefox Cert Manager show 00BEED73EE as
> serial number instead of BEED73EE (which openssl shows)?

Its just a presentation detail. It appears Microsoft and Mozilla take
the content octets of the ASN.1 integer and they hex encoded it.
OpenSSL appears to convert the it into a binary number/big endian
array and hex encodes it before presenting it to you.

Another tool could have turned it into a binary number and Base64
encoded it before presenting it to you.

The important detail is the underlying data. You can use tools like
OpenSSL's asn1parse or Gutmann's dumpasn1 to see the raw data, if
needed.

Jeff


More information about the openssl-users mailing list