351 lines
8.6 KiB
HTML
351 lines
8.6 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of ASN1PARSE</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>ASN1PARSE</H1>
|
|
Section: OpenSSL (1SSL)<BR>Updated: 2021-03-22<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
openssl-asn1parse, asn1parse - ASN.1 parsing tool
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
|
|
|
|
<B>openssl</B> <B>asn1parse</B>
|
|
[<B>-help</B>]
|
|
[<B>-inform PEM|DER</B>]
|
|
[<B>-in filename</B>]
|
|
[<B>-out filename</B>]
|
|
[<B>-noout</B>]
|
|
[<B>-offset number</B>]
|
|
[<B>-length number</B>]
|
|
[<B>-i</B>]
|
|
[<B>-oid filename</B>]
|
|
[<B>-dump</B>]
|
|
[<B>-dlimit num</B>]
|
|
[<B>-strparse offset</B>]
|
|
[<B>-genstr string</B>]
|
|
[<B>-genconf file</B>]
|
|
[<B>-strictpem</B>]
|
|
[<B>-item name</B>]
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
|
|
|
|
The <B>asn1parse</B> command is a diagnostic utility that can parse <FONT SIZE="-1">ASN.1</FONT>
|
|
structures. It can also be used to extract data from <FONT SIZE="-1">ASN.1</FONT> formatted data.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>OPTIONS</H2>
|
|
|
|
|
|
|
|
<DL COMPACT>
|
|
<DT id="1"><B>-help</B><DD>
|
|
|
|
|
|
Print out a usage message.
|
|
<DT id="2"><B>-inform</B> <B>DER|PEM</B><DD>
|
|
|
|
|
|
The input format. <B></B><FONT SIZE="-1"><B>DER</B></FONT><B></B> is binary format and <B></B><FONT SIZE="-1"><B>PEM</B></FONT><B></B> (the default) is base64
|
|
encoded.
|
|
<DT id="3"><B>-in filename</B><DD>
|
|
|
|
|
|
The input file, default is standard input.
|
|
<DT id="4"><B>-out filename</B><DD>
|
|
|
|
|
|
Output file to place the <FONT SIZE="-1">DER</FONT> encoded data into. If this
|
|
option is not present then no data will be output. This is most useful when
|
|
combined with the <B>-strparse</B> option.
|
|
<DT id="5"><B>-noout</B><DD>
|
|
|
|
|
|
Don't output the parsed version of the input file.
|
|
<DT id="6"><B>-offset number</B><DD>
|
|
|
|
|
|
Starting offset to begin parsing, default is start of file.
|
|
<DT id="7"><B>-length number</B><DD>
|
|
|
|
|
|
Number of bytes to parse, default is until end of file.
|
|
<DT id="8"><B>-i</B><DD>
|
|
|
|
|
|
Indents the output according to the ``depth'' of the structures.
|
|
<DT id="9"><B>-oid filename</B><DD>
|
|
|
|
|
|
A file containing additional <FONT SIZE="-1">OBJECT</FONT> IDENTIFIERs (OIDs). The format of this
|
|
file is described in the <FONT SIZE="-1">NOTES</FONT> section below.
|
|
<DT id="10"><B>-dump</B><DD>
|
|
|
|
|
|
Dump unknown data in hex format.
|
|
<DT id="11"><B>-dlimit num</B><DD>
|
|
|
|
|
|
Like <B>-dump</B>, but only the first <B>num</B> bytes are output.
|
|
<DT id="12"><B>-strparse offset</B><DD>
|
|
|
|
|
|
Parse the contents octets of the <FONT SIZE="-1">ASN.1</FONT> object starting at <B>offset</B>. This
|
|
option can be used multiple times to ``drill down'' into a nested structure.
|
|
<DT id="13"><B>-genstr string</B>, <B>-genconf file</B><DD>
|
|
|
|
|
|
Generate encoded data based on <B>string</B>, <B>file</B> or both using
|
|
<B><A HREF="/cgi-bin/man/man2html?3+ASN1_generate_nconf">ASN1_generate_nconf</A></B>(3) format. If <B>file</B> only is
|
|
present then the string is obtained from the default section using the name
|
|
<B>asn1</B>. The encoded data is passed through the <FONT SIZE="-1">ASN1</FONT> parser and printed out as
|
|
though it came from a file, the contents can thus be examined and written to a
|
|
file using the <B>out</B> option.
|
|
<DT id="14"><B>-strictpem</B><DD>
|
|
|
|
|
|
If this option is used then <B>-inform</B> will be ignored. Without this option any
|
|
data in a <FONT SIZE="-1">PEM</FONT> format input file will be treated as being base64 encoded and
|
|
processed whether it has the normal <FONT SIZE="-1">PEM BEGIN</FONT> and <FONT SIZE="-1">END</FONT> markers or not. This
|
|
option will ignore any data prior to the start of the <FONT SIZE="-1">BEGIN</FONT> marker, or after an
|
|
<FONT SIZE="-1">END</FONT> marker in a <FONT SIZE="-1">PEM</FONT> file.
|
|
<DT id="15"><B>-item name</B><DD>
|
|
|
|
|
|
Attempt to decode and print the data as <B></B><FONT SIZE="-1"><B>ASN1_ITEM</B></FONT><B> name</B>. This can be used to
|
|
print out the fields of any supported <FONT SIZE="-1">ASN.1</FONT> structure if the type is known.
|
|
</DL>
|
|
<A NAME="lbAF"> </A>
|
|
<H3>Output</H3>
|
|
|
|
|
|
|
|
The output will typically contain lines like this:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
0:d=0 hl=4 l= 681 cons: SEQUENCE
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
.....
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
229:d=3 hl=3 l= 141 prim: BIT STRING
|
|
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
|
|
376:d=3 hl=3 l= 159 cons: SEQUENCE
|
|
379:d=4 hl=2 l= 29 cons: SEQUENCE
|
|
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
|
|
386:d=5 hl=2 l= 22 prim: OCTET STRING
|
|
410:d=4 hl=2 l= 112 cons: SEQUENCE
|
|
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
|
|
417:d=5 hl=2 l= 105 prim: OCTET STRING
|
|
524:d=4 hl=2 l= 12 cons: SEQUENCE
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
.....
|
|
<P>
|
|
|
|
This example is part of a self-signed certificate. Each line starts with the
|
|
offset in decimal. <B>d=XX</B> specifies the current depth. The depth is increased
|
|
within the scope of any <FONT SIZE="-1">SET</FONT> or <FONT SIZE="-1">SEQUENCE.</FONT> <B>hl=XX</B> gives the header length
|
|
(tag and length octets) of the current type. <B>l=XX</B> gives the length of
|
|
the contents octets.
|
|
<P>
|
|
|
|
The <B>-i</B> option can be used to make the output more readable.
|
|
<P>
|
|
|
|
Some knowledge of the <FONT SIZE="-1">ASN.1</FONT> structure is needed to interpret the output.
|
|
<P>
|
|
|
|
In this example the <FONT SIZE="-1">BIT STRING</FONT> at offset 229 is the certificate public key.
|
|
The contents octets of this will contain the public key information. This can
|
|
be examined using the option <B>-strparse 229</B> to yield:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
0:d=0 hl=3 l= 137 cons: SEQUENCE
|
|
3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
|
|
135:d=1 hl=2 l= 3 prim: INTEGER :010001
|
|
|
|
</PRE>
|
|
|
|
|
|
<A NAME="lbAG"> </A>
|
|
<H2>NOTES</H2>
|
|
|
|
|
|
|
|
If an <FONT SIZE="-1">OID</FONT> is not part of OpenSSL's internal table it will be represented in
|
|
numerical form (for example 1.2.3.4). The file passed to the <B>-oid</B> option
|
|
allows additional OIDs to be included. Each line consists of three columns,
|
|
the first column is the <FONT SIZE="-1">OID</FONT> in numerical format and should be followed by white
|
|
space. The second column is the ``short name'' which is a single word followed
|
|
by white space. The final column is the rest of the line and is the
|
|
``long name''. <B>asn1parse</B> displays the long name. Example:
|
|
<P>
|
|
|
|
<TT>"1.2.3.4 shortName A long name"</TT>
|
|
<A NAME="lbAH"> </A>
|
|
<H2>EXAMPLES</H2>
|
|
|
|
|
|
|
|
Parse a file:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
openssl asn1parse -in file.pem
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
Parse a <FONT SIZE="-1">DER</FONT> file:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
openssl asn1parse -inform DER -in file.der
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
Generate a simple UTF8String:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
openssl asn1parse -genstr 'UTF8:Hello World'
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
Generate and write out a UTF8String, don't print parsed output:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
Generate using a config file:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
|
|
|
|
</PRE>
|
|
|
|
|
|
<P>
|
|
|
|
Example config file:
|
|
<P>
|
|
|
|
|
|
|
|
<PRE>
|
|
asn1=SEQUENCE:seq_sect
|
|
|
|
[seq_sect]
|
|
|
|
field1=BOOL:TRUE
|
|
field2=EXP:0, UTF8:some random string
|
|
|
|
</PRE>
|
|
|
|
|
|
<A NAME="lbAI"> </A>
|
|
<H2>BUGS</H2>
|
|
|
|
|
|
|
|
There should be options to change the format of output lines. The output of some
|
|
<FONT SIZE="-1">ASN.1</FONT> types is not well handled (if at all).
|
|
<A NAME="lbAJ"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+ASN1_generate_nconf">ASN1_generate_nconf</A></B>(3)
|
|
<A NAME="lbAK"> </A>
|
|
<H2>COPYRIGHT</H2>
|
|
|
|
|
|
|
|
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
|
|
<P>
|
|
|
|
Licensed under the OpenSSL license (the ``License''). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file <FONT SIZE="-1">LICENSE</FONT> in the source distribution or at
|
|
<<A HREF="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</A>>.
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="16"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="17"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="18"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="19"><A HREF="#lbAE">OPTIONS</A><DD>
|
|
<DL>
|
|
<DT id="20"><A HREF="#lbAF">Output</A><DD>
|
|
</DL>
|
|
<DT id="21"><A HREF="#lbAG">NOTES</A><DD>
|
|
<DT id="22"><A HREF="#lbAH">EXAMPLES</A><DD>
|
|
<DT id="23"><A HREF="#lbAI">BUGS</A><DD>
|
|
<DT id="24"><A HREF="#lbAJ">SEE ALSO</A><DD>
|
|
<DT id="25"><A HREF="#lbAK">COPYRIGHT</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:07 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|