The OpenSSL wiki has moved to https://github.com/openssl/openssl/wiki. Information on this page is no longer edited and may be out-of-date.
Difference between revisions of "DER"
From OpenSSLWiki
Jump to navigationJump to searchm (Typo and grammatical fixes) |
|||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
DER is a binary format for data structures described by ASN.1. | DER is a binary format for data structures described by ASN.1. | ||
| − | + | For example, x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the one chosen for security since there is only one possible encoding given a ASN.1. encoding (which is not the case for BER used in ldap, for example). | |
| − | == | + | == Command == |
| − | openssl ''asn1parse'' is the command to display internal structure of a DER document. | + | openssl ''asn1parse'' is the command to display the internal structure of a DER document. |
| − | + | [[Category:Shell level]] | |
| − | + | == Sample == | |
| + | |||
| + | When using i2d_X509_fp(FILE * outcert, X509 * x509_cert) file result is the raw DER-encoded value of the X509 Certificate. | ||
| + | |||
| + | C code to dump a X509 into DER format: | ||
| + | <pre> | ||
| + | void dump_x509_cert(X509* x509_cert) | ||
| + | { | ||
| + | const char * dumpcertfile = "dumpcertfile"; | ||
| + | if (x509_cert != NULL) | ||
| + | { | ||
| + | FILE * outcert = fopen(dumpcertfile,"w"); | ||
| + | if ( outcert ) | ||
| + | { | ||
| + | i2d_X509_fp(outcert, x509_cert); | ||
| + | fclose(outcert); | ||
| + | } | ||
| + | else | ||
| + | { | ||
| + | fprintf(stderr,"[ERROR] Can't create %s file\n", dumpcerfile); | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | To view the content: | ||
| + | |||
| + | openssl asn1parse -in dumpcertfile -inform DER | ||
| + | |||
| + | <pre> | ||
| + | 0:d=0 hl=4 l= 981 cons: SEQUENCE | ||
| + | 4:d=1 hl=4 l= 701 cons: SEQUENCE | ||
| + | 8:d=2 hl=2 l= 3 cons: cont [ 0 ] | ||
| + | 10:d=3 hl=2 l= 1 prim: INTEGER :02 | ||
| + | 13:d=2 hl=2 l= 4 prim: INTEGER :5631333F | ||
| + | 19:d=2 hl=2 l= 13 cons: SEQUENCE | ||
| + | 21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption | ||
| + | 32:d=3 hl=2 l= 0 prim: NULL | ||
| + | 34:d=2 hl=2 l= 127 cons: SEQUENCE | ||
| + | 36:d=3 hl=2 l= 11 cons: SET | ||
| + | 38:d=4 hl=2 l= 9 cons: SEQUENCE | ||
| + | 40:d=5 hl=2 l= 3 prim: OBJECT :countryName | ||
| + | 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR | ||
| + | 49:d=3 hl=2 l= 28 cons: SET | ||
| + | 51:d=4 hl=2 l= 26 cons: SEQUENCE | ||
| + | 53:d=5 hl=2 l= 3 prim: OBJECT :commonName | ||
| + | 58:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
| + | 79:d=3 hl=2 l= 28 cons: SET | ||
| + | 81:d=4 hl=2 l= 26 cons: SEQUENCE | ||
| + | 83:d=5 hl=2 l= 3 prim: OBJECT :organizationName | ||
| + | 88:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
| + | 109:d=3 hl=2 l= 16 cons: SET | ||
| + | 111:d=4 hl=2 l= 14 cons: SEQUENCE | ||
| + | 113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName | ||
| + | 118:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
| + | 127:d=3 hl=2 l= 16 cons: SET | ||
| + | 129:d=4 hl=2 l= 14 cons: SEQUENCE | ||
| + | 131:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName | ||
| + | 136:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
| + | 145:d=3 hl=2 l= 16 cons: SET | ||
| + | 147:d=4 hl=2 l= 14 cons: SEQUENCE | ||
| + | 149:d=5 hl=2 l= 3 prim: OBJECT :localityName | ||
| + | 154:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
| + | 163:d=2 hl=2 l= 34 cons: SEQUENCE | ||
| + | 165:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20151028204239Z | ||
| + | 182:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20251025204239Z | ||
| + | 199:d=2 hl=2 l= 127 cons: SEQUENCE | ||
| + | 201:d=3 hl=2 l= 11 cons: SET | ||
| + | 203:d=4 hl=2 l= 9 cons: SEQUENCE | ||
| + | 205:d=5 hl=2 l= 3 prim: OBJECT :countryName | ||
| + | 210:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR | ||
| + | 214:d=3 hl=2 l= 28 cons: SET | ||
| + | 216:d=4 hl=2 l= 26 cons: SEQUENCE | ||
| + | 218:d=5 hl=2 l= 3 prim: OBJECT :commonName | ||
| + | 223:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
| + | 244:d=3 hl=2 l= 28 cons: SET | ||
| + | 246:d=4 hl=2 l= 26 cons: SEQUENCE | ||
| + | 248:d=5 hl=2 l= 3 prim: OBJECT :organizationName | ||
| + | 253:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel | ||
| + | 274:d=3 hl=2 l= 16 cons: SET | ||
| + | 276:d=4 hl=2 l= 14 cons: SEQUENCE | ||
| + | 278:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName | ||
| + | 283:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
| + | 292:d=3 hl=2 l= 16 cons: SET | ||
| + | 294:d=4 hl=2 l= 14 cons: SEQUENCE | ||
| + | 296:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName | ||
| + | 301:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
| + | 310:d=3 hl=2 l= 16 cons: SET | ||
| + | 312:d=4 hl=2 l= 14 cons: SEQUENCE | ||
| + | 314:d=5 hl=2 l= 3 prim: OBJECT :localityName | ||
| + | 319:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown | ||
| + | 328:d=2 hl=4 l= 290 cons: SEQUENCE | ||
| + | 332:d=3 hl=2 l= 13 cons: SEQUENCE | ||
| + | 334:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption | ||
| + | 345:d=4 hl=2 l= 0 prim: NULL | ||
| + | 347:d=3 hl=4 l= 271 prim: BIT STRING | ||
| + | 622:d=2 hl=2 l= 85 cons: cont [ 3 ] | ||
| + | 624:d=3 hl=2 l= 83 cons: SEQUENCE | ||
| + | 626:d=4 hl=2 l= 12 cons: SEQUENCE | ||
| + | 628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints | ||
| + | 633:d=5 hl=2 l= 1 prim: BOOLEAN :255 | ||
| + | 636:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 | ||
| + | 640:d=4 hl=2 l= 19 cons: SEQUENCE | ||
| + | 642:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage | ||
| + | 647:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301 | ||
| + | 661:d=4 hl=2 l= 15 cons: SEQUENCE | ||
| + | 663:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage | ||
| + | 668:d=5 hl=2 l= 1 prim: BOOLEAN :255 | ||
| + | 671:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0303072000 | ||
| + | 678:d=4 hl=2 l= 29 cons: SEQUENCE | ||
| + | 680:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier | ||
| + | 685:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414304610060805E69AE14F84CC366012C0EB9E3D99 | ||
| + | 709:d=1 hl=2 l= 13 cons: SEQUENCE | ||
| + | 711:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption | ||
| + | 722:d=2 hl=2 l= 0 prim: NULL | ||
| + | 724:d=1 hl=4 l= 257 prim: BIT STRING | ||
| + | </pre> | ||
| + | |||
| + | Since it is an X509 certificate the best way to view content is: | ||
| + | |||
| + | openssl x509 -in dumpcertfile -inform DER -text | ||
| + | |||
| + | |||
| + | [[Category:Encoding]] | ||
Latest revision as of 23:23, 14 January 2022
DER is a binary format for data structures described by ASN.1.
For example, x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the one chosen for security since there is only one possible encoding given a ASN.1. encoding (which is not the case for BER used in ldap, for example).
Command[edit]
openssl asn1parse is the command to display the internal structure of a DER document.
Sample[edit]
When using i2d_X509_fp(FILE * outcert, X509 * x509_cert) file result is the raw DER-encoded value of the X509 Certificate.
C code to dump a X509 into DER format:
void dump_x509_cert(X509* x509_cert)
{
const char * dumpcertfile = "dumpcertfile";
if (x509_cert != NULL)
{
FILE * outcert = fopen(dumpcertfile,"w");
if ( outcert )
{
i2d_X509_fp(outcert, x509_cert);
fclose(outcert);
}
else
{
fprintf(stderr,"[ERROR] Can't create %s file\n", dumpcerfile);
}
}
}
To view the content:
openssl asn1parse -in dumpcertfile -inform DER
0:d=0 hl=4 l= 981 cons: SEQUENCE
4:d=1 hl=4 l= 701 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 4 prim: INTEGER :5631333F
19:d=2 hl=2 l= 13 cons: SEQUENCE
21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
32:d=3 hl=2 l= 0 prim: NULL
34:d=2 hl=2 l= 127 cons: SEQUENCE
36:d=3 hl=2 l= 11 cons: SET
38:d=4 hl=2 l= 9 cons: SEQUENCE
40:d=5 hl=2 l= 3 prim: OBJECT :countryName
45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR
49:d=3 hl=2 l= 28 cons: SET
51:d=4 hl=2 l= 26 cons: SEQUENCE
53:d=5 hl=2 l= 3 prim: OBJECT :commonName
58:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel
79:d=3 hl=2 l= 28 cons: SET
81:d=4 hl=2 l= 26 cons: SEQUENCE
83:d=5 hl=2 l= 3 prim: OBJECT :organizationName
88:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel
109:d=3 hl=2 l= 16 cons: SET
111:d=4 hl=2 l= 14 cons: SEQUENCE
113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
118:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown
127:d=3 hl=2 l= 16 cons: SET
129:d=4 hl=2 l= 14 cons: SEQUENCE
131:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
136:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown
145:d=3 hl=2 l= 16 cons: SET
147:d=4 hl=2 l= 14 cons: SEQUENCE
149:d=5 hl=2 l= 3 prim: OBJECT :localityName
154:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown
163:d=2 hl=2 l= 34 cons: SEQUENCE
165:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20151028204239Z
182:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20251025204239Z
199:d=2 hl=2 l= 127 cons: SEQUENCE
201:d=3 hl=2 l= 11 cons: SET
203:d=4 hl=2 l= 9 cons: SEQUENCE
205:d=5 hl=2 l= 3 prim: OBJECT :countryName
210:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR
214:d=3 hl=2 l= 28 cons: SET
216:d=4 hl=2 l= 26 cons: SEQUENCE
218:d=5 hl=2 l= 3 prim: OBJECT :commonName
223:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel
244:d=3 hl=2 l= 28 cons: SET
246:d=4 hl=2 l= 26 cons: SEQUENCE
248:d=5 hl=2 l= 3 prim: OBJECT :organizationName
253:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel
274:d=3 hl=2 l= 16 cons: SET
276:d=4 hl=2 l= 14 cons: SEQUENCE
278:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
283:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown
292:d=3 hl=2 l= 16 cons: SET
294:d=4 hl=2 l= 14 cons: SEQUENCE
296:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
301:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown
310:d=3 hl=2 l= 16 cons: SET
312:d=4 hl=2 l= 14 cons: SEQUENCE
314:d=5 hl=2 l= 3 prim: OBJECT :localityName
319:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown
328:d=2 hl=4 l= 290 cons: SEQUENCE
332:d=3 hl=2 l= 13 cons: SEQUENCE
334:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
345:d=4 hl=2 l= 0 prim: NULL
347:d=3 hl=4 l= 271 prim: BIT STRING
622:d=2 hl=2 l= 85 cons: cont [ 3 ]
624:d=3 hl=2 l= 83 cons: SEQUENCE
626:d=4 hl=2 l= 12 cons: SEQUENCE
628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
633:d=5 hl=2 l= 1 prim: BOOLEAN :255
636:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
640:d=4 hl=2 l= 19 cons: SEQUENCE
642:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
647:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301
661:d=4 hl=2 l= 15 cons: SEQUENCE
663:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
668:d=5 hl=2 l= 1 prim: BOOLEAN :255
671:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0303072000
678:d=4 hl=2 l= 29 cons: SEQUENCE
680:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
685:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414304610060805E69AE14F84CC366012C0EB9E3D99
709:d=1 hl=2 l= 13 cons: SEQUENCE
711:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
722:d=2 hl=2 l= 0 prim: NULL
724:d=1 hl=4 l= 257 prim: BIT STRING
Since it is an X509 certificate the best way to view content is:
openssl x509 -in dumpcertfile -inform DER -text
