ssttrr contains the string to encode nnccoonnff or ccnnff contains
the optional configuration information where additional strings
will be read from. nnccoonnff will typically come from a config
file wherease ccnnff is obtained from an XX550099VV33__CCTTXX structure
which will typically be used by X509 v3 certificate extension
functions. ccnnff or nnccoonnff can be set to NNUULLLL if no additional
configuration will be used.
That is zero or more comma separated modifiers followed by a type
followed by an optional colon and a value. The formats of ttyyppee,
vvaalluuee and mmooddiiffiieerr are explained below.
SSUUPPPPOORRTTEEDD TTYYPPEESS
The supported types are listed below. Unless otherwise specified
only the AASSCCIIII format is permissible.
-
BBOOOOLLEEAANN, BBOOOOLL
This encodes a boolean type. The vvaalluuee string is mandatory and
-
should be TTRRUUEE or FFAALLSSEE. Additionally TTRRUUEE, ttrruuee, YY,
yy, YYEESS, yyeess, FFAALLSSEE, ffaallssee, NN, nn, NNOO and nnoo
are acceptable.
-
NNUULLLL
Encode the NNUULLLL type, the vvaalluuee string must not be present.
-
-
IINNTTEEGGEERR, IINNTT
Encodes an ASN1 IINNTTEEGGEERR type. The vvaalluuee string represents
-
the value of the integer, it can be preceeded by a minus sign and
is normally interpreted as a decimal value unless the prefix 00xx
is included.
-
EENNUUMMEERRAATTEEDD, EENNUUMM
Encodes the ASN1 EENNUUMMEERRAATTEEDD type, it is otherwise identical to
-
IINNTTEEGGEERR.
-
OOBBJJEECCTT, OOIIDD
Encodes an ASN1 OOBBJJEECCTT IIDDEENNTTIIFFIIEERR, the vvaalluuee string can be
-
a short name, a long name or numerical format.
-
UUTTCCTTIIMMEE, UUTTCC
Encodes an ASN1 UUTTCCTTiimmee structure, the value should be in
-
the format YYYYMMMMDDDDHHHHMMMMSSSSZZ.
-
GGEENNEERRAALLIIZZEEDDTTIIMMEE, GGEENNTTIIMMEE
Encodes an ASN1 GGeenneerraalliizzeeddTTiimmee structure, the value should be in
-
the format YYYYYYYYMMMMDDDDHHHHMMMMSSSSZZ.
-
OOCCTTEETTSSTTRRIINNGG, OOCCTT
Encodes an ASN1 OOCCTTEETT SSTTRRIINNGG. vvaalluuee represents the contents
-
of this structure, the format strings AASSCCIIII and HHEEXX can be
used to specify the format of vvaalluuee.
-
BBIITTSSTTRRIINNGG, BBIITTSSTTRR
Encodes an ASN1 BBIITT SSTTRRIINNGG. vvaalluuee represents the contents
-
of this structure, the format strings AASSCCIIII, HHEEXX and BBIITTLLIISSTT
can be used to specify the format of vvaalluuee.
If the format is anything other than BBIITTLLIISSTT the number of unused
bits is set to zero.
-
UUNNIIVVEERRSSAALLSSTTRRIINNGG, UUNNIIVV, IIAA55, IIAA55SSTTRRIINNGG, UUTTFF88, UUTTFF88SSttrriinngg, BBMMPP, BBMMPPSSTTRRIINNGG, VVIISSIIBBLLEESSTTRRIINNGG, VVIISSIIBBLLEE, PPRRIINNTTAABBLLEESSTTRRIINNGG, PPRRIINNTTAABBLLEE, TT6611, TT6611SSTTRRIINNGG, TTEELLEETTEEXXSSTTRRIINNGG, GGeenneerraallSSttrriinngg, NNUUMMEERRIICCSSTTRRIINNGG, NNUUMMEERRIICC
These encode the corresponding string types. vvaalluuee represents the
-
contents of this structure. The format can be AASSCCIIII or UUTTFF88.
-
SSEEQQUUEENNCCEE, SSEEQQ, SSEETT
Formats the result as an ASN1 SSEEQQUUEENNCCEE or SSEETT type. vvaalluuee
-
should be a section name which will contain the contents. The
field names in the section are ignored and the values are in the
generated string format. If vvaalluuee is absent then an empty SEQUENCE
will be encoded.
MMOODDIIFFIIEERRSS
Modifiers affect the following structure, they can be used to
add EXPLICIT or IMPLICIT tagging, add wrappers or to change
the string format of the final type and value. The supported
formats are documented below.
-
EEXXPPLLIICCIITT, EEXXPP
Add an explicit tag to the following structure. This string
-
should be followed by a colon and the tag value to use as a
decimal value.
By following the number with UU, AA, PP or CC UNIVERSAL,
APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used,
the default is CONTEXT SPECIFIC.
-
IIMMPPLLIICCIITT, IIMMPP
This is the same as EEXXPPLLIICCIITT except IMPLICIT tagging is used
-
instead.
-
OOCCTTWWRRAAPP, SSEEQQWWRRAAPP, SSEETTWWRRAAPP, BBIITTWWRRAAPP
The following structure is surrounded by an OCTET STRING, a SEQUENCE,
-
a SET or a BIT STRING respectively. For a BIT STRING the number of unused
bits is set to zero.
-
FFOORRMMAATT
This specifies the format of the ultimate value. It should be followed
-
by a colon and one of the strings AASSCCIIII, UUTTFF88, HHEEXX or BBIITTLLIISSTT.
If no format specifier is included then AASSCCIIII is used. If UUTTFF88 is
specified then the value string must be a valid UUTTFF88 string. For HHEEXX the
output must be a set of hex digits. BBIITTLLIISSTT (which is only valid for a BIT
STRING) is a comma separated list of the indices of the set bits, all other
bits are zero.
EXAMPLES
A simple IA5String:
IA5STRING:Hello World
An IA5String explicitly tagged:
EXPLICIT:0,IA5STRING:Hello World
An IA5String explicitly tagged using APPLICATION tagging:
EXPLICIT:0A,IA5STRING:Hello World
A BITSTRING with bits 1 and 5 set and all others zero:
FORMAT=BITLIST,BITSTRING:1,5
A more complex example using a config file to produce a
SEQUENCE consiting of a BOOL an OID and a UTF8String:
asn1 = SEQUENCE:seq_section
[seq_section]
field1 = BOOLEAN:TRUE
field2 = OID:commonName
field3 = UTF8:Third field
This example produces an RSAPrivateKey structure, this is the
key contained in the file client.pem in all OpenSSL distributions
(note: the field names such as 'coeff' are ignored and are present just
for clarity):
asn1=SEQUENCE:private_key
[private_key]
version=INTEGER:0
n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
e=INTEGER:0x010001
d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
D4BD57
q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
46EC4F
exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
9C0A39B9
exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
E7B2458F
coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
628657053A
This example is the corresponding public key in a SubjectPublicKeyInfo
structure:
# Start with a SEQUENCE
asn1=SEQUENCE:pubkeyinfo
# pubkeyinfo contains an algorithm identifier and the public key wrapped
# in a BIT STRING
[pubkeyinfo]
algorithm=SEQUENCE:rsa_alg
pubkey=BITWRAP,SEQUENCE:rsapubkey
# algorithm ID for RSA is just an OID and a NULL
[rsa_alg]
algorithm=OID:rsaEncryption
parameter=NULL
# Actual public key: modulus and exponent
[rsapubkey]
n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
e=INTEGER:0x010001
RETURN VALUES
_A_S_N_1___g_e_n_e_r_a_t_e___n_c_o_n_f_(_) and _A_S_N_1___g_e_n_e_r_a_t_e___v_3_(_) return the encoded
data as an AASSNN11__TTYYPPEE structure or NNUULLLL if an error occurred.
The error codes that can be obtained by _E_R_R___g_e_t___e_r_r_o_r(3).
SEE ALSO
_E_R_R___g_e_t___e_r_r_o_r(3)
HISTORY
_A_S_N_1___g_e_n_e_r_a_t_e___n_c_o_n_f_(_) and _A_S_N_1___g_e_n_e_r_a_t_e___v_3_(_) were added to OpenSSL 0.9.8