xref: /freebsd-src/crypto/openssl/doc/man1/openssl-asn1parse.pod.in (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1*b077aed3SPierre Pronchery=pod
2*b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -}
3*b077aed3SPierre Pronchery
4*b077aed3SPierre Pronchery=head1 NAME
5*b077aed3SPierre Pronchery
6*b077aed3SPierre Proncheryopenssl-asn1parse - ASN.1 parsing command
7*b077aed3SPierre Pronchery
8*b077aed3SPierre Pronchery=head1 SYNOPSIS
9*b077aed3SPierre Pronchery
10*b077aed3SPierre ProncheryB<openssl> B<asn1parse>
11*b077aed3SPierre Pronchery[B<-help>]
12*b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>]
13*b077aed3SPierre Pronchery[B<-in> I<filename>]
14*b077aed3SPierre Pronchery[B<-out> I<filename>]
15*b077aed3SPierre Pronchery[B<-noout>]
16*b077aed3SPierre Pronchery[B<-offset> I<number>]
17*b077aed3SPierre Pronchery[B<-length> I<number>]
18*b077aed3SPierre Pronchery[B<-i>]
19*b077aed3SPierre Pronchery[B<-oid> I<filename>]
20*b077aed3SPierre Pronchery[B<-dump>]
21*b077aed3SPierre Pronchery[B<-dlimit> I<num>]
22*b077aed3SPierre Pronchery[B<-strparse> I<offset>]
23*b077aed3SPierre Pronchery[B<-genstr> I<string>]
24*b077aed3SPierre Pronchery[B<-genconf> I<file>]
25*b077aed3SPierre Pronchery[B<-strictpem>]
26*b077aed3SPierre Pronchery[B<-item> I<name>]
27*b077aed3SPierre Pronchery
28*b077aed3SPierre Pronchery=head1 DESCRIPTION
29*b077aed3SPierre Pronchery
30*b077aed3SPierre ProncheryThis command is a diagnostic utility that can parse ASN.1 structures.
31*b077aed3SPierre ProncheryIt can also be used to extract data from ASN.1 formatted data.
32*b077aed3SPierre Pronchery
33*b077aed3SPierre Pronchery=head1 OPTIONS
34*b077aed3SPierre Pronchery
35*b077aed3SPierre Pronchery=over 4
36*b077aed3SPierre Pronchery
37*b077aed3SPierre Pronchery=item B<-help>
38*b077aed3SPierre Pronchery
39*b077aed3SPierre ProncheryPrint out a usage message.
40*b077aed3SPierre Pronchery
41*b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM>
42*b077aed3SPierre Pronchery
43*b077aed3SPierre ProncheryThe input format; the default is B<PEM>.
44*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details.
45*b077aed3SPierre Pronchery
46*b077aed3SPierre Pronchery=item B<-in> I<filename>
47*b077aed3SPierre Pronchery
48*b077aed3SPierre ProncheryThe input file, default is standard input.
49*b077aed3SPierre Pronchery
50*b077aed3SPierre Pronchery=item B<-out> I<filename>
51*b077aed3SPierre Pronchery
52*b077aed3SPierre ProncheryOutput file to place the DER encoded data into. If this
53*b077aed3SPierre Proncheryoption is not present then no data will be output. This is most useful when
54*b077aed3SPierre Proncherycombined with the B<-strparse> option.
55*b077aed3SPierre Pronchery
56*b077aed3SPierre Pronchery=item B<-noout>
57*b077aed3SPierre Pronchery
58*b077aed3SPierre ProncheryDon't output the parsed version of the input file.
59*b077aed3SPierre Pronchery
60*b077aed3SPierre Pronchery=item B<-offset> I<number>
61*b077aed3SPierre Pronchery
62*b077aed3SPierre ProncheryStarting offset to begin parsing, default is start of file.
63*b077aed3SPierre Pronchery
64*b077aed3SPierre Pronchery=item B<-length> I<number>
65*b077aed3SPierre Pronchery
66*b077aed3SPierre ProncheryNumber of bytes to parse, default is until end of file.
67*b077aed3SPierre Pronchery
68*b077aed3SPierre Pronchery=item B<-i>
69*b077aed3SPierre Pronchery
70*b077aed3SPierre ProncheryIndents the output according to the "depth" of the structures.
71*b077aed3SPierre Pronchery
72*b077aed3SPierre Pronchery=item B<-oid> I<filename>
73*b077aed3SPierre Pronchery
74*b077aed3SPierre ProncheryA file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
75*b077aed3SPierre Proncheryfile is described in the NOTES section below.
76*b077aed3SPierre Pronchery
77*b077aed3SPierre Pronchery=item B<-dump>
78*b077aed3SPierre Pronchery
79*b077aed3SPierre ProncheryDump unknown data in hex format.
80*b077aed3SPierre Pronchery
81*b077aed3SPierre Pronchery=item B<-dlimit> I<num>
82*b077aed3SPierre Pronchery
83*b077aed3SPierre ProncheryLike B<-dump>, but only the first B<num> bytes are output.
84*b077aed3SPierre Pronchery
85*b077aed3SPierre Pronchery=item B<-strparse> I<offset>
86*b077aed3SPierre Pronchery
87*b077aed3SPierre ProncheryParse the contents octets of the ASN.1 object starting at B<offset>. This
88*b077aed3SPierre Proncheryoption can be used multiple times to "drill down" into a nested structure.
89*b077aed3SPierre Pronchery
90*b077aed3SPierre Pronchery=item B<-genstr> I<string>, B<-genconf> I<file>
91*b077aed3SPierre Pronchery
92*b077aed3SPierre ProncheryGenerate encoded data based on I<string>, I<file> or both using
93*b077aed3SPierre ProncheryL<ASN1_generate_nconf(3)> format. If I<file> only is
94*b077aed3SPierre Proncherypresent then the string is obtained from the default section using the name
95*b077aed3SPierre ProncheryB<asn1>. The encoded data is passed through the ASN1 parser and printed out as
96*b077aed3SPierre Proncherythough it came from a file, the contents can thus be examined and written to a
97*b077aed3SPierre Proncheryfile using the B<-out> option.
98*b077aed3SPierre Pronchery
99*b077aed3SPierre Pronchery=item B<-strictpem>
100*b077aed3SPierre Pronchery
101*b077aed3SPierre ProncheryIf this option is used then B<-inform> will be ignored. Without this option any
102*b077aed3SPierre Proncherydata in a PEM format input file will be treated as being base64 encoded and
103*b077aed3SPierre Proncheryprocessed whether it has the normal PEM BEGIN and END markers or not. This
104*b077aed3SPierre Proncheryoption will ignore any data prior to the start of the BEGIN marker, or after an
105*b077aed3SPierre ProncheryEND marker in a PEM file.
106*b077aed3SPierre Pronchery
107*b077aed3SPierre Pronchery=item B<-item> I<name>
108*b077aed3SPierre Pronchery
109*b077aed3SPierre ProncheryAttempt to decode and print the data as an B<ASN1_ITEM> I<name>. This can be
110*b077aed3SPierre Proncheryused to print out the fields of any supported ASN.1 structure if the type is
111*b077aed3SPierre Proncheryknown.
112*b077aed3SPierre Pronchery
113*b077aed3SPierre Pronchery=back
114*b077aed3SPierre Pronchery
115*b077aed3SPierre Pronchery=head2 Output
116*b077aed3SPierre Pronchery
117*b077aed3SPierre ProncheryThe output will typically contain lines like this:
118*b077aed3SPierre Pronchery
119*b077aed3SPierre Pronchery  0:d=0  hl=4 l= 681 cons: SEQUENCE
120*b077aed3SPierre Pronchery
121*b077aed3SPierre Pronchery.....
122*b077aed3SPierre Pronchery
123*b077aed3SPierre Pronchery  229:d=3  hl=3 l= 141 prim: BIT STRING
124*b077aed3SPierre Pronchery  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
125*b077aed3SPierre Pronchery  376:d=3  hl=3 l= 159 cons: SEQUENCE
126*b077aed3SPierre Pronchery  379:d=4  hl=2 l=  29 cons: SEQUENCE
127*b077aed3SPierre Pronchery  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
128*b077aed3SPierre Pronchery  386:d=5  hl=2 l=  22 prim: OCTET STRING
129*b077aed3SPierre Pronchery  410:d=4  hl=2 l= 112 cons: SEQUENCE
130*b077aed3SPierre Pronchery  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
131*b077aed3SPierre Pronchery  417:d=5  hl=2 l= 105 prim: OCTET STRING
132*b077aed3SPierre Pronchery  524:d=4  hl=2 l=  12 cons: SEQUENCE
133*b077aed3SPierre Pronchery
134*b077aed3SPierre Pronchery.....
135*b077aed3SPierre Pronchery
136*b077aed3SPierre ProncheryThis example is part of a self-signed certificate. Each line starts with the
137*b077aed3SPierre Proncheryoffset in decimal. C<d=XX> specifies the current depth. The depth is increased
138*b077aed3SPierre Proncherywithin the scope of any SET or SEQUENCE. C<hl=XX> gives the header length
139*b077aed3SPierre Pronchery(tag and length octets) of the current type. C<l=XX> gives the length of
140*b077aed3SPierre Proncherythe contents octets.
141*b077aed3SPierre Pronchery
142*b077aed3SPierre ProncheryThe B<-i> option can be used to make the output more readable.
143*b077aed3SPierre Pronchery
144*b077aed3SPierre ProncherySome knowledge of the ASN.1 structure is needed to interpret the output.
145*b077aed3SPierre Pronchery
146*b077aed3SPierre ProncheryIn this example the BIT STRING at offset 229 is the certificate public key.
147*b077aed3SPierre ProncheryThe contents octets of this will contain the public key information. This can
148*b077aed3SPierre Proncherybe examined using the option C<-strparse 229> to yield:
149*b077aed3SPierre Pronchery
150*b077aed3SPierre Pronchery    0:d=0  hl=3 l= 137 cons: SEQUENCE
151*b077aed3SPierre Pronchery    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
152*b077aed3SPierre Pronchery  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
153*b077aed3SPierre Pronchery
154*b077aed3SPierre Pronchery=head1 NOTES
155*b077aed3SPierre Pronchery
156*b077aed3SPierre ProncheryIf an OID is not part of OpenSSL's internal table it will be represented in
157*b077aed3SPierre Proncherynumerical form (for example 1.2.3.4). The file passed to the B<-oid> option
158*b077aed3SPierre Proncheryallows additional OIDs to be included. Each line consists of three columns,
159*b077aed3SPierre Proncherythe first column is the OID in numerical format and should be followed by white
160*b077aed3SPierre Proncheryspace. The second column is the "short name" which is a single word followed
161*b077aed3SPierre Proncheryby whitespace. The final column is the rest of the line and is the
162*b077aed3SPierre Pronchery"long name". Example:
163*b077aed3SPierre Pronchery
164*b077aed3SPierre ProncheryC<1.2.3.4       shortName       A long name>
165*b077aed3SPierre Pronchery
166*b077aed3SPierre ProncheryFor any OID with an associated short and long name, this command will display
167*b077aed3SPierre Proncherythe long name.
168*b077aed3SPierre Pronchery
169*b077aed3SPierre Pronchery=head1 EXAMPLES
170*b077aed3SPierre Pronchery
171*b077aed3SPierre ProncheryParse a file:
172*b077aed3SPierre Pronchery
173*b077aed3SPierre Pronchery openssl asn1parse -in file.pem
174*b077aed3SPierre Pronchery
175*b077aed3SPierre ProncheryParse a DER file:
176*b077aed3SPierre Pronchery
177*b077aed3SPierre Pronchery openssl asn1parse -inform DER -in file.der
178*b077aed3SPierre Pronchery
179*b077aed3SPierre ProncheryGenerate a simple UTF8String:
180*b077aed3SPierre Pronchery
181*b077aed3SPierre Pronchery openssl asn1parse -genstr 'UTF8:Hello World'
182*b077aed3SPierre Pronchery
183*b077aed3SPierre ProncheryGenerate and write out a UTF8String, don't print parsed output:
184*b077aed3SPierre Pronchery
185*b077aed3SPierre Pronchery openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
186*b077aed3SPierre Pronchery
187*b077aed3SPierre ProncheryGenerate using a config file:
188*b077aed3SPierre Pronchery
189*b077aed3SPierre Pronchery openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
190*b077aed3SPierre Pronchery
191*b077aed3SPierre ProncheryExample config file:
192*b077aed3SPierre Pronchery
193*b077aed3SPierre Pronchery asn1=SEQUENCE:seq_sect
194*b077aed3SPierre Pronchery
195*b077aed3SPierre Pronchery [seq_sect]
196*b077aed3SPierre Pronchery
197*b077aed3SPierre Pronchery field1=BOOL:TRUE
198*b077aed3SPierre Pronchery field2=EXP:0, UTF8:some random string
199*b077aed3SPierre Pronchery
200*b077aed3SPierre Pronchery
201*b077aed3SPierre Pronchery=head1 BUGS
202*b077aed3SPierre Pronchery
203*b077aed3SPierre ProncheryThere should be options to change the format of output lines. The output of some
204*b077aed3SPierre ProncheryASN.1 types is not well handled (if at all).
205*b077aed3SPierre Pronchery
206*b077aed3SPierre Pronchery=head1 SEE ALSO
207*b077aed3SPierre Pronchery
208*b077aed3SPierre ProncheryL<openssl(1)>,
209*b077aed3SPierre ProncheryL<ASN1_generate_nconf(3)>
210*b077aed3SPierre Pronchery
211*b077aed3SPierre Pronchery=head1 COPYRIGHT
212*b077aed3SPierre Pronchery
213*b077aed3SPierre ProncheryCopyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
214*b077aed3SPierre Pronchery
215*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
216*b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
217*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
218*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
219*b077aed3SPierre Pronchery
220*b077aed3SPierre Pronchery=cut
221