1ebfedea0SLionel Sambuc=pod 2ebfedea0SLionel Sambuc 3ebfedea0SLionel Sambuc=head1 NAME 4ebfedea0SLionel Sambuc 5ebfedea0SLionel Sambucasn1parse - ASN.1 parsing tool 6ebfedea0SLionel Sambuc 7ebfedea0SLionel Sambuc=head1 SYNOPSIS 8ebfedea0SLionel Sambuc 9ebfedea0SLionel SambucB<openssl> B<asn1parse> 10ebfedea0SLionel Sambuc[B<-inform PEM|DER>] 11ebfedea0SLionel Sambuc[B<-in filename>] 12ebfedea0SLionel Sambuc[B<-out filename>] 13ebfedea0SLionel Sambuc[B<-noout>] 14ebfedea0SLionel Sambuc[B<-offset number>] 15ebfedea0SLionel Sambuc[B<-length number>] 16ebfedea0SLionel Sambuc[B<-i>] 17ebfedea0SLionel Sambuc[B<-oid filename>] 18*0a6a1f1dSLionel Sambuc[B<-dump>] 19*0a6a1f1dSLionel Sambuc[B<-dlimit num>] 20ebfedea0SLionel Sambuc[B<-strparse offset>] 21ebfedea0SLionel Sambuc[B<-genstr string>] 22ebfedea0SLionel Sambuc[B<-genconf file>] 23ebfedea0SLionel Sambuc 24ebfedea0SLionel Sambuc=head1 DESCRIPTION 25ebfedea0SLionel Sambuc 26ebfedea0SLionel SambucThe B<asn1parse> command is a diagnostic utility that can parse ASN.1 27ebfedea0SLionel Sambucstructures. It can also be used to extract data from ASN.1 formatted data. 28ebfedea0SLionel Sambuc 29ebfedea0SLionel Sambuc=head1 OPTIONS 30ebfedea0SLionel Sambuc 31ebfedea0SLionel Sambuc=over 4 32ebfedea0SLionel Sambuc 33ebfedea0SLionel Sambuc=item B<-inform> B<DER|PEM> 34ebfedea0SLionel Sambuc 35ebfedea0SLionel Sambucthe input format. B<DER> is binary format and B<PEM> (the default) is base64 36ebfedea0SLionel Sambucencoded. 37ebfedea0SLionel Sambuc 38ebfedea0SLionel Sambuc=item B<-in filename> 39ebfedea0SLionel Sambuc 40ebfedea0SLionel Sambucthe input file, default is standard input 41ebfedea0SLionel Sambuc 42ebfedea0SLionel Sambuc=item B<-out filename> 43ebfedea0SLionel Sambuc 44ebfedea0SLionel Sambucoutput file to place the DER encoded data into. If this 45ebfedea0SLionel Sambucoption is not present then no data will be output. This is most useful when 46ebfedea0SLionel Sambuccombined with the B<-strparse> option. 47ebfedea0SLionel Sambuc 48ebfedea0SLionel Sambuc=item B<-noout> 49ebfedea0SLionel Sambuc 50ebfedea0SLionel Sambucdon't output the parsed version of the input file. 51ebfedea0SLionel Sambuc 52ebfedea0SLionel Sambuc=item B<-offset number> 53ebfedea0SLionel Sambuc 54ebfedea0SLionel Sambucstarting offset to begin parsing, default is start of file. 55ebfedea0SLionel Sambuc 56ebfedea0SLionel Sambuc=item B<-length number> 57ebfedea0SLionel Sambuc 58ebfedea0SLionel Sambucnumber of bytes to parse, default is until end of file. 59ebfedea0SLionel Sambuc 60ebfedea0SLionel Sambuc=item B<-i> 61ebfedea0SLionel Sambuc 62ebfedea0SLionel Sambucindents the output according to the "depth" of the structures. 63ebfedea0SLionel Sambuc 64ebfedea0SLionel Sambuc=item B<-oid filename> 65ebfedea0SLionel Sambuc 66ebfedea0SLionel Sambuca file containing additional OBJECT IDENTIFIERs (OIDs). The format of this 67ebfedea0SLionel Sambucfile is described in the NOTES section below. 68ebfedea0SLionel Sambuc 69*0a6a1f1dSLionel Sambuc=item B<-dump> 70*0a6a1f1dSLionel Sambuc 71*0a6a1f1dSLionel Sambucdump unknown data in hex format. 72*0a6a1f1dSLionel Sambuc 73*0a6a1f1dSLionel Sambuc=item B<-dlimit num> 74*0a6a1f1dSLionel Sambuc 75*0a6a1f1dSLionel Sambuclike B<-dump>, but only the first B<num> bytes are output. 76*0a6a1f1dSLionel Sambuc 77ebfedea0SLionel Sambuc=item B<-strparse offset> 78ebfedea0SLionel Sambuc 79ebfedea0SLionel Sambucparse the contents octets of the ASN.1 object starting at B<offset>. This 80ebfedea0SLionel Sambucoption can be used multiple times to "drill down" into a nested structure. 81ebfedea0SLionel Sambuc 82ebfedea0SLionel Sambuc=item B<-genstr string>, B<-genconf file> 83ebfedea0SLionel Sambuc 84ebfedea0SLionel Sambucgenerate encoded data based on B<string>, B<file> or both using 85ebfedea0SLionel SambucL<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. If B<file> only is 86ebfedea0SLionel Sambucpresent then the string is obtained from the default section using the name 87ebfedea0SLionel SambucB<asn1>. The encoded data is passed through the ASN1 parser and printed out as 88ebfedea0SLionel Sambucthough it came from a file, the contents can thus be examined and written to a 89ebfedea0SLionel Sambucfile using the B<out> option. 90ebfedea0SLionel Sambuc 91ebfedea0SLionel Sambuc=back 92ebfedea0SLionel Sambuc 93ebfedea0SLionel Sambuc=head2 OUTPUT 94ebfedea0SLionel Sambuc 95ebfedea0SLionel SambucThe output will typically contain lines like this: 96ebfedea0SLionel Sambuc 97ebfedea0SLionel Sambuc 0:d=0 hl=4 l= 681 cons: SEQUENCE 98ebfedea0SLionel Sambuc 99ebfedea0SLionel Sambuc..... 100ebfedea0SLionel Sambuc 101ebfedea0SLionel Sambuc 229:d=3 hl=3 l= 141 prim: BIT STRING 102ebfedea0SLionel Sambuc 373:d=2 hl=3 l= 162 cons: cont [ 3 ] 103ebfedea0SLionel Sambuc 376:d=3 hl=3 l= 159 cons: SEQUENCE 104ebfedea0SLionel Sambuc 379:d=4 hl=2 l= 29 cons: SEQUENCE 105ebfedea0SLionel Sambuc 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 106ebfedea0SLionel Sambuc 386:d=5 hl=2 l= 22 prim: OCTET STRING 107ebfedea0SLionel Sambuc 410:d=4 hl=2 l= 112 cons: SEQUENCE 108ebfedea0SLionel Sambuc 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 109ebfedea0SLionel Sambuc 417:d=5 hl=2 l= 105 prim: OCTET STRING 110ebfedea0SLionel Sambuc 524:d=4 hl=2 l= 12 cons: SEQUENCE 111ebfedea0SLionel Sambuc 112ebfedea0SLionel Sambuc..... 113ebfedea0SLionel Sambuc 114ebfedea0SLionel SambucThis example is part of a self signed certificate. Each line starts with the 115ebfedea0SLionel Sambucoffset in decimal. B<d=XX> specifies the current depth. The depth is increased 116ebfedea0SLionel Sambucwithin the scope of any SET or SEQUENCE. B<hl=XX> gives the header length 117ebfedea0SLionel Sambuc(tag and length octets) of the current type. B<l=XX> gives the length of 118ebfedea0SLionel Sambucthe contents octets. 119ebfedea0SLionel Sambuc 120ebfedea0SLionel SambucThe B<-i> option can be used to make the output more readable. 121ebfedea0SLionel Sambuc 122ebfedea0SLionel SambucSome knowledge of the ASN.1 structure is needed to interpret the output. 123ebfedea0SLionel Sambuc 124ebfedea0SLionel SambucIn this example the BIT STRING at offset 229 is the certificate public key. 125ebfedea0SLionel SambucThe contents octets of this will contain the public key information. This can 126ebfedea0SLionel Sambucbe examined using the option B<-strparse 229> to yield: 127ebfedea0SLionel Sambuc 128ebfedea0SLionel Sambuc 0:d=0 hl=3 l= 137 cons: SEQUENCE 129ebfedea0SLionel Sambuc 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 130ebfedea0SLionel Sambuc 135:d=1 hl=2 l= 3 prim: INTEGER :010001 131ebfedea0SLionel Sambuc 132ebfedea0SLionel Sambuc=head1 NOTES 133ebfedea0SLionel Sambuc 134ebfedea0SLionel SambucIf an OID is not part of OpenSSL's internal table it will be represented in 135ebfedea0SLionel Sambucnumerical form (for example 1.2.3.4). The file passed to the B<-oid> option 136ebfedea0SLionel Sambucallows additional OIDs to be included. Each line consists of three columns, 137ebfedea0SLionel Sambucthe first column is the OID in numerical format and should be followed by white 138ebfedea0SLionel Sambucspace. The second column is the "short name" which is a single word followed 139ebfedea0SLionel Sambucby white space. The final column is the rest of the line and is the 140ebfedea0SLionel Sambuc"long name". B<asn1parse> displays the long name. Example: 141ebfedea0SLionel Sambuc 142ebfedea0SLionel SambucC<1.2.3.4 shortName A long name> 143ebfedea0SLionel Sambuc 144ebfedea0SLionel Sambuc=head1 EXAMPLES 145ebfedea0SLionel Sambuc 146ebfedea0SLionel SambucParse a file: 147ebfedea0SLionel Sambuc 148ebfedea0SLionel Sambuc openssl asn1parse -in file.pem 149ebfedea0SLionel Sambuc 150ebfedea0SLionel SambucParse a DER file: 151ebfedea0SLionel Sambuc 152ebfedea0SLionel Sambuc openssl asn1parse -inform DER -in file.der 153ebfedea0SLionel Sambuc 154ebfedea0SLionel SambucGenerate a simple UTF8String: 155ebfedea0SLionel Sambuc 156ebfedea0SLionel Sambuc openssl asn1parse -genstr 'UTF8:Hello World' 157ebfedea0SLionel Sambuc 158ebfedea0SLionel SambucGenerate and write out a UTF8String, don't print parsed output: 159ebfedea0SLionel Sambuc 160ebfedea0SLionel Sambuc openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der 161ebfedea0SLionel Sambuc 162ebfedea0SLionel SambucGenerate using a config file: 163ebfedea0SLionel Sambuc 164ebfedea0SLionel Sambuc openssl asn1parse -genconf asn1.cnf -noout -out asn1.der 165ebfedea0SLionel Sambuc 166ebfedea0SLionel SambucExample config file: 167ebfedea0SLionel Sambuc 168ebfedea0SLionel Sambuc asn1=SEQUENCE:seq_sect 169ebfedea0SLionel Sambuc 170ebfedea0SLionel Sambuc [seq_sect] 171ebfedea0SLionel Sambuc 172ebfedea0SLionel Sambuc field1=BOOL:TRUE 173ebfedea0SLionel Sambuc field2=EXP:0, UTF8:some random string 174ebfedea0SLionel Sambuc 175ebfedea0SLionel Sambuc 176ebfedea0SLionel Sambuc=head1 BUGS 177ebfedea0SLionel Sambuc 178ebfedea0SLionel SambucThere should be options to change the format of output lines. The output of some 179ebfedea0SLionel SambucASN.1 types is not well handled (if at all). 180ebfedea0SLionel Sambuc 181ebfedea0SLionel Sambuc=head1 SEE ALSO 182ebfedea0SLionel Sambuc 183ebfedea0SLionel SambucL<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> 184ebfedea0SLionel Sambuc 185ebfedea0SLionel Sambuc=cut 186