What is the difference between x509.Certificate.contents and x509.Certificate.dump()

wbond / asn1crypto

Python ASN.1 library with a focus on performance and a pythonic API

MIT License

335 stars 140 forks source link

What is the difference between x509.Certificate.contents and x509.Certificate.dump() #255

Closed RS-Credentive closed 1 year ago

RS-Credentive commented 1 year ago

Spent a few confused minutes trying to figure out why the following is false:

x509.Certificate.load(cert_data, strict=True).contents == cert_data

Finally realized that this works:

x509.Certificate.load(cert_data, strict=True).dump() == cert_data

But now I am confused since the documentation describes both of them as a DER string. Are these supposed to return different results?

joernheissler commented 1 year ago

Hello, take a look at a simpler example:

from asn1crypto.core import Integer
i = Integer(0x123456)

print(i.contents.hex())
# 123456

print(i.dump().hex())
# 0203123456

contents is only the contents, dump() also includes the identifier/tag and the length. Difference for a typical Certificate would be 30 82 LL LL at the beginning.

RS-Credentive commented 1 year ago

That was helpful. Thanks!