What is the difference between x509.Certificate.contents and x509.Certificate.dump()

Question

What is the difference between x509.Certificate.contents and x509.Certificate.dump()

RS-Credentive opened this issue 2 years ago · 2 comments

Spent a few confused minutes trying to figure out why the following is false:

x509.Certificate.load(cert_data, strict=True).contents == cert_data

Finally realized that this works:

x509.Certificate.load(cert_data, strict=True).dump() == cert_data

But now I am confused since the documentation describes both of them as a DER string. Are these supposed to return different results?

Answer 1 · 2023-03-18T17:21:34.000Z

Hello,
take a look at a simpler example:

from asn1crypto.core import Integer
i = Integer(0x123456)

print(i.contents.hex())
# 123456

print(i.dump().hex())
# 0203123456

contents is only the contents, dump() also includes the identifier/tag and the length.
Difference for a typical Certificate would be 30 82 LL LL at the beginning.

Answer 2 · 2023-03-21T18:37:11.000Z

That was helpful. Thanks!