Questions About 0100 256 Bytes

Oddity when encoding large integers using asn.1

I have found numerous references to the encoding requirements of Integers in ASN.1 and that Integers are inherently signed objects

TLV 02 02 0123 for exmaple.

However, I have a 256 bit integer (within a certificate) encoded 30 82 01 09 02 82 01 00 d1 a5 xx xx xx??_ 02 03 010001

30 start 82 2 byte length 0109 265 bytes

02 Integer 82 2 byte length 0100 256 bytes d1 a5 xxxx

The d1 is the troubling part because the leading bit is 1, meaning this 256 bit number is signed when in fact it is an unsigned number, a public rsa key infact. Does the signed constraint apply to Integers > 64 bits?


IPsec tunnel to Android device not created even though there is an IKE SA

I'm trying to configure a VPN tunnel between an Android device running 4.1 and a Fedora 17 Linux box running strongSwan 5.0. The device reports that it is connected and strongSwan statusall returns that there is an IKE SA, but doesn't display a tunnel. I used the instructions for iOS in the wiki to generate certificates and configure strongSwan. Since Android uses a modified version of racoon this should work and since the connection is partly established I think I am on the right track. I don't see any errors about not being able to create the tunnel.

This is the configuration for the strongSwan connection

conn android2