Difference between revisions of "DER"
From OpenSSLWiki
Jump to navigationJump to search (→sample) |
(→sample: fix bug in sample code) |
||
Line 19: | Line 19: | ||
{ | { | ||
const char * dumpcertfile = "dumpcertfile"; | const char * dumpcertfile = "dumpcertfile"; | ||
− | if ( | + | if (x509_cert != NULL) |
{ | { | ||
FILE * outcert = fopen(dumpcertfile,"w"); | FILE * outcert = fopen(dumpcertfile,"w"); |
Revision as of 12:34, 9 November 2017
DER is a binary format for data structures described by ASN.1.
by example x509 is described in ASN1 and encoded in DER. It exists other encoding formats for ASN.1 but DER is the one choose for security since ther is only one possible encoding given a ASN.1. encoding ( what is not the case for BER used in ldap by example ).
command
openssl asn1parse is the command to display internal structure of a DER document.
sample
When using i2d_X509_fp(FILE * outcert, X509 * x509_cert) file result is raw DER encoded value of X509 Certificate.
C code to dump a X509 into DER format :
void dump_x509_cert(X509* x509_cert) { const char * dumpcertfile = "dumpcertfile"; if (x509_cert != NULL) { FILE * outcert = fopen(dumpcertfile,"w"); if ( outcert ) { i2d_X509_fp(outcert, x509_cert); fclose(outcert); } else { fprintf(stderr,"[ERROR] Can't create %s file\n", dumpcerfile); } } }
to view content :
openssl asn1parse -in dumpcertfile -inform DER
0:d=0 hl=4 l= 981 cons: SEQUENCE 4:d=1 hl=4 l= 701 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 4 prim: INTEGER :5631333F 19:d=2 hl=2 l= 13 cons: SEQUENCE 21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 32:d=3 hl=2 l= 0 prim: NULL 34:d=2 hl=2 l= 127 cons: SEQUENCE 36:d=3 hl=2 l= 11 cons: SET 38:d=4 hl=2 l= 9 cons: SEQUENCE 40:d=5 hl=2 l= 3 prim: OBJECT :countryName 45:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR 49:d=3 hl=2 l= 28 cons: SET 51:d=4 hl=2 l= 26 cons: SEQUENCE 53:d=5 hl=2 l= 3 prim: OBJECT :commonName 58:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 79:d=3 hl=2 l= 28 cons: SET 81:d=4 hl=2 l= 26 cons: SEQUENCE 83:d=5 hl=2 l= 3 prim: OBJECT :organizationName 88:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 109:d=3 hl=2 l= 16 cons: SET 111:d=4 hl=2 l= 14 cons: SEQUENCE 113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 118:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 127:d=3 hl=2 l= 16 cons: SET 129:d=4 hl=2 l= 14 cons: SEQUENCE 131:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 136:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 145:d=3 hl=2 l= 16 cons: SET 147:d=4 hl=2 l= 14 cons: SEQUENCE 149:d=5 hl=2 l= 3 prim: OBJECT :localityName 154:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 163:d=2 hl=2 l= 34 cons: SEQUENCE 165:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20151028204239Z 182:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :20251025204239Z 199:d=2 hl=2 l= 127 cons: SEQUENCE 201:d=3 hl=2 l= 11 cons: SET 203:d=4 hl=2 l= 9 cons: SEQUENCE 205:d=5 hl=2 l= 3 prim: OBJECT :countryName 210:d=5 hl=2 l= 2 prim: PRINTABLESTRING :FR 214:d=3 hl=2 l= 28 cons: SET 216:d=4 hl=2 l= 26 cons: SEQUENCE 218:d=5 hl=2 l= 3 prim: OBJECT :commonName 223:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 244:d=3 hl=2 l= 28 cons: SET 246:d=4 hl=2 l= 26 cons: SEQUENCE 248:d=5 hl=2 l= 3 prim: OBJECT :organizationName 253:d=5 hl=2 l= 19 prim: PRINTABLESTRING :pavilionartlogiciel 274:d=3 hl=2 l= 16 cons: SET 276:d=4 hl=2 l= 14 cons: SEQUENCE 278:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 283:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 292:d=3 hl=2 l= 16 cons: SET 294:d=4 hl=2 l= 14 cons: SEQUENCE 296:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 301:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 310:d=3 hl=2 l= 16 cons: SET 312:d=4 hl=2 l= 14 cons: SEQUENCE 314:d=5 hl=2 l= 3 prim: OBJECT :localityName 319:d=5 hl=2 l= 7 prim: PRINTABLESTRING :Unknown 328:d=2 hl=4 l= 290 cons: SEQUENCE 332:d=3 hl=2 l= 13 cons: SEQUENCE 334:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 345:d=4 hl=2 l= 0 prim: NULL 347:d=3 hl=4 l= 271 prim: BIT STRING 622:d=2 hl=2 l= 85 cons: cont [ 3 ] 624:d=3 hl=2 l= 83 cons: SEQUENCE 626:d=4 hl=2 l= 12 cons: SEQUENCE 628:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints 633:d=5 hl=2 l= 1 prim: BOOLEAN :255 636:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000 640:d=4 hl=2 l= 19 cons: SEQUENCE 642:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage 647:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301 661:d=4 hl=2 l= 15 cons: SEQUENCE 663:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage 668:d=5 hl=2 l= 1 prim: BOOLEAN :255 671:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:0303072000 678:d=4 hl=2 l= 29 cons: SEQUENCE 680:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 685:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414304610060805E69AE14F84CC366012C0EB9E3D99 709:d=1 hl=2 l= 13 cons: SEQUENCE 711:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 722:d=2 hl=2 l= 0 prim: NULL 724:d=1 hl=4 l= 257 prim: BIT STRING
since it is a X509 certificate the best way to view content is
openssl x509 -in dumpcertfile -inform DER -text