Two "Inizio contenuto" in PKCS#7 BER example

[wangweij]

In the output of the PKCS #7 BER example, there are 2 "Inizio contenuto" for the OCTET STRING at offset 52. My understanding is that the 1st one should be omitted because that line is for the whole string, and without the ending "Fine contenuto" (which is omitted) the starting "Inizio contenuto" looks confusing.

[lapo-luchini]

We might have an issue of usability here, but let me explain the logic:

The signed data inside the PKCS#7 structure has been created in chunks (so that it can be written in a stream with no need to keep the full data in RAM, which in this case would be easy because it's only 10KB but could be huge) and this is done in ASN.1 by using a constructed OCTET STRING containing many small OCTET STRINGs (which could recursively be constructed themselves, and asn1js would support that, but wouldn't make much sense to create a signature like that).

The type of the tag is written in black, and on the immediate right (in a slightly lighter gray) there is the "logical content of that tag"… it is true that we could omit the logical content of the "container", because it can already be seen (in chunks) in each single smaller OCTET STRING, but I think that the ease of having it all together is useful… more to use as a parser than on the web, maybe, but even on the web I think it's nice to know that the full content is 10034 bytes, with no need to sum all the individual sizes, and this is why the start of the string can be seen twice: once in the "overall object" and once in the first "smaller object".

[lapo-luchini]

Another small note: "Inizio contentuo" means "Start of content" in Italian (and "Fine contenuto" means "Ends of content") but they're not generated by the decoder (which is all in English), they're really part of the content. The signed content is really "Inizio contenuto. " + ("A" * 10000) + " Fine contenuto." (for the sole reason that I had little imagination in generating that example content).

[wangweij]

That's what I meant. If you display the whole "Inizio contenuto. " + ("A" * 10000) + " Fine contenuto.", then it's not confusing anymore. But now without the suffix the prefix looks strange.

[lapo-luchini]

Mhh, I'm still unsure about this bug. The full content is shown in full, well except it get ellipsis because it is too long to fit on a line on screen, so of course the end of the screen will never be visible. (but it's still there, and accessible in code, just not shown in interface) I think the interface is showing a useful representation of the logical content of the string.

[wangweij]

Thanks for getting back. Looking back to this, I was just confused on only the START appears but there's no END. It's OK for me now.