https://wiki.openssl.org/api.php?action=feedcontributions&feedformat=atom&user=Skyluker4
OpenSSLWiki - User contributions [en]
2026-05-20T09:53:47Z
User contributions
MediaWiki 1.35.13
https://wiki.openssl.org/index.php?title=DER&diff=3198
DER
2022-01-14T23:23:34Z
<p>Skyluker4: Typo and grammatical fixes</p>
<hr />
<div>DER is a binary format for data structures described by ASN.1.<br />
<br />
For example, x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the one chosen for security since there is only one possible encoding given a ASN.1. encoding (which is not the case for BER used in ldap, for example).<br />
<br />
<br />
== Command ==<br />
<br />
openssl ''asn1parse'' is the command to display the internal structure of a DER document.<br />
<br />
[[Category:Shell level]]<br />
<br />
== Sample ==<br />
<br />
When using i2d_X509_fp(FILE * outcert, X509 * x509_cert) file result is the raw DER-encoded value of the X509 Certificate.<br />
<br />
C code to dump a X509 into DER format:<br />
<pre><br />
void dump_x509_cert(X509* x509_cert)<br />
{<br />
const char * dumpcertfile = "dumpcertfile";<br />
if (x509_cert != NULL)<br />
{<br />
FILE * outcert = fopen(dumpcertfile,"w");<br />
if ( outcert )<br />
{<br />
i2d_X509_fp(outcert, x509_cert);<br />
fclose(outcert);<br />
}<br />
else<br />
{<br />
fprintf(stderr,"[ERROR] Can't create %s file\n", dumpcerfile);<br />
}<br />
}<br />
}<br />
</pre><br />
<br />
To view the content:<br />
<br />
openssl asn1parse -in dumpcertfile -inform DER<br />
<br />
<pre><br />
0:d=0 hl=4 l= 981 cons: SEQUENCE <br />
4:d=1 hl=4 l= 701 cons: SEQUENCE <br />
8:d=2 hl=2 l= 3 cons: cont [ 0 ] <br />
10:d=3 hl=2 l= 1 prim: INTEGER :02<br />
13:d=2 hl=2 l= 4 prim: INTEGER :5631333F<br />
19:d=2 hl=2 l= 13 cons: SEQUENCE <br />
21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption<br />
32:d=3 hl=2 l= 0 prim: NULL <br />
34:d=2 hl=2 l= 127 cons: SEQUENCE <br />
36:d=3 hl=2 l= 11 cons: SET <br />
38:d=4 hl=2 l= 9 cons: SEQUENCE <br />
40:d=5 hl=2 l= 3 prim: OBJECT :countryName<br />
45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR<br />
49:d=3 hl=2 l= 28 cons: SET <br />
51:d=4 hl=2 l= 26 cons: SEQUENCE <br />
53:d=5 hl=2 l= 3 prim: OBJECT :commonName<br />
58:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel<br />
79:d=3 hl=2 l= 28 cons: SET <br />
81:d=4 hl=2 l= 26 cons: SEQUENCE <br />
83:d=5 hl=2 l= 3 prim: OBJECT :organizationName<br />
88:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel<br />
109:d=3 hl=2 l= 16 cons: SET <br />
111:d=4 hl=2 l= 14 cons: SEQUENCE <br />
113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName<br />
118:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown<br />
127:d=3 hl=2 l= 16 cons: SET <br />
129:d=4 hl=2 l= 14 cons: SEQUENCE <br />
131:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName<br />
136:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown<br />
145:d=3 hl=2 l= 16 cons: SET <br />
147:d=4 hl=2 l= 14 cons: SEQUENCE <br />
149:d=5 hl=2 l= 3 prim: OBJECT :localityName<br />
154:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown<br />
163:d=2 hl=2 l= 34 cons: SEQUENCE <br />
165:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20151028204239Z<br />
182:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20251025204239Z<br />
199:d=2 hl=2 l= 127 cons: SEQUENCE <br />
201:d=3 hl=2 l= 11 cons: SET <br />
203:d=4 hl=2 l= 9 cons: SEQUENCE <br />
205:d=5 hl=2 l= 3 prim: OBJECT :countryName<br />
210:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR<br />
214:d=3 hl=2 l= 28 cons: SET <br />
216:d=4 hl=2 l= 26 cons: SEQUENCE <br />
218:d=5 hl=2 l= 3 prim: OBJECT :commonName<br />
223:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel<br />
244:d=3 hl=2 l= 28 cons: SET <br />
246:d=4 hl=2 l= 26 cons: SEQUENCE <br />
248:d=5 hl=2 l= 3 prim: OBJECT :organizationName<br />
253:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel<br />
274:d=3 hl=2 l= 16 cons: SET <br />
276:d=4 hl=2 l= 14 cons: SEQUENCE <br />
278:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName<br />
283:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown<br />
292:d=3 hl=2 l= 16 cons: SET <br />
294:d=4 hl=2 l= 14 cons: SEQUENCE <br />
296:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName<br />
301:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown<br />
310:d=3 hl=2 l= 16 cons: SET <br />
312:d=4 hl=2 l= 14 cons: SEQUENCE <br />
314:d=5 hl=2 l= 3 prim: OBJECT :localityName<br />
319:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown<br />
328:d=2 hl=4 l= 290 cons: SEQUENCE <br />
332:d=3 hl=2 l= 13 cons: SEQUENCE <br />
334:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption<br />
345:d=4 hl=2 l= 0 prim: NULL <br />
347:d=3 hl=4 l= 271 prim: BIT STRING <br />
622:d=2 hl=2 l= 85 cons: cont [ 3 ] <br />
624:d=3 hl=2 l= 83 cons: SEQUENCE <br />
626:d=4 hl=2 l= 12 cons: SEQUENCE <br />
628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints<br />
633:d=5 hl=2 l= 1 prim: BOOLEAN :255<br />
636:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000<br />
640:d=4 hl=2 l= 19 cons: SEQUENCE <br />
642:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage<br />
647:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301<br />
661:d=4 hl=2 l= 15 cons: SEQUENCE <br />
663:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage<br />
668:d=5 hl=2 l= 1 prim: BOOLEAN :255<br />
671:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0303072000<br />
678:d=4 hl=2 l= 29 cons: SEQUENCE <br />
680:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier<br />
685:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414304610060805E69AE14F84CC366012C0EB9E3D99<br />
709:d=1 hl=2 l= 13 cons: SEQUENCE <br />
711:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption<br />
722:d=2 hl=2 l= 0 prim: NULL <br />
724:d=1 hl=4 l= 257 prim: BIT STRING <br />
</pre><br />
<br />
Since it is an X509 certificate the best way to view content is:<br />
<br />
openssl x509 -in dumpcertfile -inform DER -text<br />
<br />
<br />
[[Category:Encoding]]</div>
Skyluker4