ASN1PARSE 1 2008-05-09 0.9.9-dev OpenSSL
NAME
asn1parse - ASN.1 parsing tool
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
ooppeennssssll aassnn11ppaarrssee
[--iinnffoorrmm PPEEMM||DDEERR]
[--iinn ffiilleennaammee]
[--oouutt ffiilleennaammee]
[--nnoooouutt]
[--ooffffsseett nnuummbbeerr]
[--lleennggtthh nnuummbbeerr]
[--ii]
[--ooiidd ffiilleennaammee]
[--ssttrrppaarrssee ooffffsseett]
[--ggeennssttrr ssttrriinngg]
[--ggeennccoonnff ffiillee]
DESCRIPTION
The aassnn11ppaarrssee command is a diagnostic utility that can parse ASN.1
structures. It can also be used to extract data from ASN.1 formatted data.
OPTIONS
-
--iinnffoorrmm DDEERR||PPEEMM
the input format. DDEERR is binary format and PPEEMM (the default) is base64
-
encoded.
-
--iinn ffiilleennaammee
the input file, default is standard input
-
-
--oouutt ffiilleennaammee
output file to place the DER encoded data into. If this
-
option is not present then no data will be output. This is most useful when
combined with the --ssttrrppaarrssee option.
-
--nnoooouutt
don't output the parsed version of the input file.
-
-
--ooffffsseett nnuummbbeerr
starting offset to begin parsing, default is start of file.
-
-
--lleennggtthh nnuummbbeerr
number of bytes to parse, default is until end of file.
-
-
--ii
indents the output according to the "depth" of the structures.
-
-
--ooiidd ffiilleennaammee
a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
-
file is described in the NOTES section below.
-
--ssttrrppaarrssee ooffffsseett
parse the contents octets of the ASN.1 object starting at ooffffsseett. This
-
option can be used multiple times to "drill down" into a nested structure.
-
--ggeennssttrr ssttrriinngg, --ggeennccoonnff ffiillee
generate encoded data based on ssttrriinngg, ffiillee or both using
-
_A_S_N_1___g_e_n_e_r_a_t_e___n_c_o_n_f(3) format. If ffiillee only is
present then the string is obtained from the default section using the name
aassnn11. The encoded data is passed through the ASN1 parser and printed out as
though it came from a file, the contents can thus be examined and written to a
file using the oouutt option.
OOUUTTPPUUTT
The output will typically contain lines like this:
0:d=0 hl=4 l= 681 cons: SEQUENCE
.....
229:d=3 hl=3 l= 141 prim: BIT STRING
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
376:d=3 hl=3 l= 159 cons: SEQUENCE
379:d=4 hl=2 l= 29 cons: SEQUENCE
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
386:d=5 hl=2 l= 22 prim: OCTET STRING
410:d=4 hl=2 l= 112 cons: SEQUENCE
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
417:d=5 hl=2 l= 105 prim: OCTET STRING
524:d=4 hl=2 l= 12 cons: SEQUENCE
.....
This example is part of a self signed certificate. Each line starts with the
offset in decimal. dd==XXXX specifies the current depth. The depth is increased
within the scope of any SET or SEQUENCE. hhll==XXXX gives the header length
(tag and length octets) of the current type. ll==XXXX gives the length of
the contents octets.
The --ii option can be used to make the output more readable.
Some knowledge of the ASN.1 structure is needed to interpret the output.
In this example the BIT STRING at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option --ssttrrppaarrssee 222299 to yield:
0:d=0 hl=3 l= 137 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
135:d=1 hl=2 l= 3 prim: INTEGER :010001
NOTES
If an OID is not part of OpenSSL's internal table it will be represented in
numerical form (for example 1.2.3.4). The file passed to the --ooiidd option
allows additional OIDs to be included. Each line consists of three columns,
the first column is the OID in numerical format and should be followed by white
space. The second column is the "short name" which is a single word followed
by white space. The final column is the rest of the line and is the
"long name". aassnn11ppaarrssee displays the long name. Example:
"1.2.3.4 shortName A long name"
EXAMPLES
Parse a file:
openssl asn1parse -in file.pem
Parse a DER file:
openssl asn1parse -inform DER -in file.der
Generate a simple UTF8String:
openssl asn1parse -genstr 'UTF8:Hello World'
Generate and write out a UTF8String, don't print parsed output:
openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
Generate using a config file:
openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
Example config file:
asn1=SEQUENCE:seq_sect
[seq_sect]
field1=BOOL:TRUE
field2=EXP:0, UTF8:some random string
BUGS
There should be options to change the format of output lines. The output of some
ASN.1 types is not well handled (if at all).
SEE ALSO
_A_S_N_1___g_e_n_e_r_a_t_e___n_c_o_n_f(3)