Difference between revisions of "DER"
(Created page with "DER is a binary format for data structures described by ASN.1. by example x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the…") |
m (Typo and grammatical fixes) |
||
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
DER is a binary format for data structures described by ASN.1. | DER is a binary format for data structures described by ASN.1. | ||
− | + | For example, x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the one chosen for security since there is only one possible encoding given a ASN.1. encoding (which is not the case for BER used in ldap, for example). | |
− | openssl | + | |
+ | == Command == | ||
+ | |||
+ | openssl ''asn1parse'' is the command to display the internal structure of a DER document. | ||
+ | |||
+ | [[Category:Shell level]] | ||
+ | |||
+ | == Sample == | ||
+ | |||
+ | When using i2d_X509_fp(FILE * outcert, X509 * x509_cert) file result is the raw DER-encoded value of the X509 Certificate. | ||
+ | |||
+ | C code to dump a X509 into DER format: | ||
+ | <pre> | ||
+ | void dump_x509_cert(X509* x509_cert) | ||
+ | { | ||
+ | const char * dumpcertfile = "dumpcertfile"; | ||
+ | if (x509_cert != NULL) | ||
+ | { | ||
+ | FILE * outcert = fopen(dumpcertfile,"w"); | ||
+ | if ( outcert ) | ||
+ | { | ||
+ | i2d_X509_fp(outcert, x509_cert); | ||
+ | fclose(outcert); | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | fprintf(stderr,"[ERROR] Can't create %s file\n", dumpcerfile); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | To view the content: | ||
+ | |||
+ | openssl asn1parse -in dumpcertfile -inform DER | ||
+ | |||
+ | <pre> | ||
+ | 0:d=0 hl=4 l= 981 cons: SEQUENCE | ||
+ | 4:d=1 hl=4 l= 701 cons: SEQUENCE | ||
+ | 8:d=2 hl=2 l= 3 cons: cont [ 0 ] | ||
+ | 10:d=3 hl=2 l= 1 prim: INTEGER :02 | ||
+ | 13:d=2 hl=2 l= 4 prim: INTEGER :5631333F | ||
+ | 19:d=2 hl=2 l= 13 cons: SEQUENCE | ||
+ | 21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption | ||
+ | 32:d=3 hl=2 l= 0 prim: NULL | ||
+ | 34:d=2 hl=2 l= 127 cons: SEQUENCE | ||
+ | 36:d=3 hl=2 l= 11 cons: SET | ||
+ | 38:d=4 hl=2 l= 9 cons: SEQUENCE | ||
+ | 40:d=5 hl=2 l= 3 prim: OBJECT :countryName | ||
+ | 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR | ||
+ | 49:d=3 hl=2 l= 28 cons: SET | ||
+ | 51:d=4 hl=2 l= 26 cons: SEQUENCE | ||
+ | 53:d=5 hl=2 l= 3 prim: OBJECT :commonName | ||
+ | 58:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
+ | 79:d=3 hl=2 l= 28 cons: SET | ||
+ | 81:d=4 hl=2 l= 26 cons: SEQUENCE | ||
+ | 83:d=5 hl=2 l= 3 prim: OBJECT :organizationName | ||
+ | 88:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
+ | 109:d=3 hl=2 l= 16 cons: SET | ||
+ | 111:d=4 hl=2 l= 14 cons: SEQUENCE | ||
+ | 113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName | ||
+ | 118:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
+ | 127:d=3 hl=2 l= 16 cons: SET | ||
+ | 129:d=4 hl=2 l= 14 cons: SEQUENCE | ||
+ | 131:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName | ||
+ | 136:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
+ | 145:d=3 hl=2 l= 16 cons: SET | ||
+ | 147:d=4 hl=2 l= 14 cons: SEQUENCE | ||
+ | 149:d=5 hl=2 l= 3 prim: OBJECT :localityName | ||
+ | 154:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
+ | 163:d=2 hl=2 l= 34 cons: SEQUENCE | ||
+ | 165:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20151028204239Z | ||
+ | 182:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20251025204239Z | ||
+ | 199:d=2 hl=2 l= 127 cons: SEQUENCE | ||
+ | 201:d=3 hl=2 l= 11 cons: SET | ||
+ | 203:d=4 hl=2 l= 9 cons: SEQUENCE | ||
+ | 205:d=5 hl=2 l= 3 prim: OBJECT :countryName | ||
+ | 210:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR | ||
+ | 214:d=3 hl=2 l= 28 cons: SET | ||
+ | 216:d=4 hl=2 l= 26 cons: SEQUENCE | ||
+ | 218:d=5 hl=2 l= 3 prim: OBJECT :commonName | ||
+ | 223:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
+ | 244:d=3 hl=2 l= 28 cons: SET | ||
+ | 246:d=4 hl=2 l= 26 cons: SEQUENCE | ||
+ | 248:d=5 hl=2 l= 3 prim: OBJECT :organizationName | ||
+ | 253:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
+ | 274:d=3 hl=2 l= 16 cons: SET | ||
+ | 276:d=4 hl=2 l= 14 cons: SEQUENCE | ||
+ | 278:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName | ||
+ | 283:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
+ | 292:d=3 hl=2 l= 16 cons: SET | ||
+ | 294:d=4 hl=2 l= 14 cons: SEQUENCE | ||
+ | 296:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName | ||
+ | 301:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
+ | 310:d=3 hl=2 l= 16 cons: SET | ||
+ | 312:d=4 hl=2 l= 14 cons: SEQUENCE | ||
+ | 314:d=5 hl=2 l= 3 prim: OBJECT :localityName | ||
+ | 319:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
+ | 328:d=2 hl=4 l= 290 cons: SEQUENCE | ||
+ | 332:d=3 hl=2 l= 13 cons: SEQUENCE | ||
+ | 334:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption | ||
+ | 345:d=4 hl=2 l= 0 prim: NULL | ||
+ | 347:d=3 hl=4 l= 271 prim: BIT STRING | ||
+ | 622:d=2 hl=2 l= 85 cons: cont [ 3 ] | ||
+ | 624:d=3 hl=2 l= 83 cons: SEQUENCE | ||
+ | 626:d=4 hl=2 l= 12 cons: SEQUENCE | ||
+ | 628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints | ||
+ | 633:d=5 hl=2 l= 1 prim: BOOLEAN :255 | ||
+ | 636:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 | ||
+ | 640:d=4 hl=2 l= 19 cons: SEQUENCE | ||
+ | 642:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage | ||
+ | 647:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301 | ||
+ | 661:d=4 hl=2 l= 15 cons: SEQUENCE | ||
+ | 663:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage | ||
+ | 668:d=5 hl=2 l= 1 prim: BOOLEAN :255 | ||
+ | 671:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0303072000 | ||
+ | 678:d=4 hl=2 l= 29 cons: SEQUENCE | ||
+ | 680:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier | ||
+ | 685:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414304610060805E69AE14F84CC366012C0EB9E3D99 | ||
+ | 709:d=1 hl=2 l= 13 cons: SEQUENCE | ||
+ | 711:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption | ||
+ | 722:d=2 hl=2 l= 0 prim: NULL | ||
+ | 724:d=1 hl=4 l= 257 prim: BIT STRING | ||
+ | </pre> | ||
+ | |||
+ | Since it is an X509 certificate the best way to view content is: | ||
+ | |||
+ | openssl x509 -in dumpcertfile -inform DER -text | ||
+ | |||
+ | |||
+ | [[Category:Encoding]] |
Latest revision as of 23:23, 14 January 2022
DER is a binary format for data structures described by ASN.1.
For example, x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the one chosen for security since there is only one possible encoding given a ASN.1. encoding (which is not the case for BER used in ldap, for example).
Command[edit]
openssl asn1parse is the command to display the internal structure of a DER document.
Sample[edit]
When using i2d_X509_fp(FILE * outcert, X509 * x509_cert) file result is the raw DER-encoded value of the X509 Certificate.
C code to dump a X509 into DER format:
void dump_x509_cert(X509* x509_cert) { const char * dumpcertfile = "dumpcertfile"; if (x509_cert != NULL) { FILE * outcert = fopen(dumpcertfile,"w"); if ( outcert ) { i2d_X509_fp(outcert, x509_cert); fclose(outcert); } else { fprintf(stderr,"[ERROR] Can't create %s file\n", dumpcerfile); } } }
To view the content:
openssl asn1parse -in dumpcertfile -inform DER
0:d=0 hl=4 l= 981 cons: SEQUENCE 4:d=1 hl=4 l= 701 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 4 prim: INTEGER :5631333F 19:d=2 hl=2 l= 13 cons: SEQUENCE 21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 32:d=3 hl=2 l= 0 prim: NULL 34:d=2 hl=2 l= 127 cons: SEQUENCE 36:d=3 hl=2 l= 11 cons: SET 38:d=4 hl=2 l= 9 cons: SEQUENCE 40:d=5 hl=2 l= 3 prim: OBJECT :countryName 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR 49:d=3 hl=2 l= 28 cons: SET 51:d=4 hl=2 l= 26 cons: SEQUENCE 53:d=5 hl=2 l= 3 prim: OBJECT :commonName 58:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 79:d=3 hl=2 l= 28 cons: SET 81:d=4 hl=2 l= 26 cons: SEQUENCE 83:d=5 hl=2 l= 3 prim: OBJECT :organizationName 88:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 109:d=3 hl=2 l= 16 cons: SET 111:d=4 hl=2 l= 14 cons: SEQUENCE 113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 118:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 127:d=3 hl=2 l= 16 cons: SET 129:d=4 hl=2 l= 14 cons: SEQUENCE 131:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 136:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 145:d=3 hl=2 l= 16 cons: SET 147:d=4 hl=2 l= 14 cons: SEQUENCE 149:d=5 hl=2 l= 3 prim: OBJECT :localityName 154:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 163:d=2 hl=2 l= 34 cons: SEQUENCE 165:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20151028204239Z 182:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20251025204239Z 199:d=2 hl=2 l= 127 cons: SEQUENCE 201:d=3 hl=2 l= 11 cons: SET 203:d=4 hl=2 l= 9 cons: SEQUENCE 205:d=5 hl=2 l= 3 prim: OBJECT :countryName 210:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR 214:d=3 hl=2 l= 28 cons: SET 216:d=4 hl=2 l= 26 cons: SEQUENCE 218:d=5 hl=2 l= 3 prim: OBJECT :commonName 223:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 244:d=3 hl=2 l= 28 cons: SET 246:d=4 hl=2 l= 26 cons: SEQUENCE 248:d=5 hl=2 l= 3 prim: OBJECT :organizationName 253:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 274:d=3 hl=2 l= 16 cons: SET 276:d=4 hl=2 l= 14 cons: SEQUENCE 278:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 283:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 292:d=3 hl=2 l= 16 cons: SET 294:d=4 hl=2 l= 14 cons: SEQUENCE 296:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 301:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 310:d=3 hl=2 l= 16 cons: SET 312:d=4 hl=2 l= 14 cons: SEQUENCE 314:d=5 hl=2 l= 3 prim: OBJECT :localityName 319:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 328:d=2 hl=4 l= 290 cons: SEQUENCE 332:d=3 hl=2 l= 13 cons: SEQUENCE 334:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 345:d=4 hl=2 l= 0 prim: NULL 347:d=3 hl=4 l= 271 prim: BIT STRING 622:d=2 hl=2 l= 85 cons: cont [ 3 ] 624:d=3 hl=2 l= 83 cons: SEQUENCE 626:d=4 hl=2 l= 12 cons: SEQUENCE 628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 633:d=5 hl=2 l= 1 prim: BOOLEAN :255 636:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 640:d=4 hl=2 l= 19 cons: SEQUENCE 642:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 647:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301 661:d=4 hl=2 l= 15 cons: SEQUENCE 663:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 668:d=5 hl=2 l= 1 prim: BOOLEAN :255 671:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0303072000 678:d=4 hl=2 l= 29 cons: SEQUENCE 680:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 685:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414304610060805E69AE14F84CC366012C0EB9E3D99 709:d=1 hl=2 l= 13 cons: SEQUENCE 711:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 722:d=2 hl=2 l= 0 prim: NULL 724:d=1 hl=4 l= 257 prim: BIT STRING
Since it is an X509 certificate the best way to view content is:
openssl x509 -in dumpcertfile -inform DER -text