internal static byte[] GetAsn1IntegerBytes(SafeSharedAsn1IntegerHandle asn1Integer)
        {
            CheckValidOpenSslHandle(asn1Integer);

            // OpenSSL stores negative numbers in their two's complement (positive) form, but
            // sets an internal negative bit.
            //
            // If the number was positive, but could sign-test as negative, DER puts in a leading
            // 0x00 byte, which reading OpenSSL's data directly won't have.
            //
            // So to ensure we're getting a set of bytes compatible with BigInteger (though with the
            // wrong endianness here), DER encode it, then use the DER reader to skip past the tag
            // and length.
            byte[] derEncoded = OpenSslEncode(
                handle => GetAsn1IntegerDerSize(handle),
                (handle, buf) => EncodeAsn1Integer(handle, buf),
                asn1Integer);

            DerSequenceReader reader = DerSequenceReader.CreateForPayload(derEncoded);
            return reader.ReadIntegerBytes();
        }
 private static extern int EncodeAsn1Integer(SafeSharedAsn1IntegerHandle i, byte[] buf);
 private static extern int GetAsn1IntegerDerSize(SafeSharedAsn1IntegerHandle i);