I'm studying RFC 5280 (https://www.rfc-editor.org/rfc/rfc5280) and have noticed strange marks ([0], [1], [2], [3]) in TBSCertificate structure definition
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
In ASN.1 it codes using special bytes 0xA0, 0xA1, 0xA2, 0xA3. Can't find any explanation on these bytes encoding. Can someone explain me?
It is a tagged type. See X.680 section 31.2. [0] means that the value is encoded with a context-specific class and number 0. In DER (X.690 sections 8.1.2 and 8.14), a constructed context-specific class with number 0 is encoded as 0xA0.