xref: /onnv-gate/usr/src/common/openssl/doc/apps/asn1parse.pod (revision 2175:b0b2f052a486) 
1*2175Sjp161948=pod
2*2175Sjp161948
3*2175Sjp161948=head1 NAME
4*2175Sjp161948
5*2175Sjp161948asn1parse - ASN.1 parsing tool
6*2175Sjp161948
7*2175Sjp161948=head1 SYNOPSIS
8*2175Sjp161948
9*2175Sjp161948B<openssl> B<asn1parse>
10*2175Sjp161948[B<-inform PEM|DER>]
11*2175Sjp161948[B<-in filename>]
12*2175Sjp161948[B<-out filename>]
13*2175Sjp161948[B<-noout>]
14*2175Sjp161948[B<-offset number>]
15*2175Sjp161948[B<-length number>]
16*2175Sjp161948[B<-i>]
17*2175Sjp161948[B<-oid filename>]
18*2175Sjp161948[B<-strparse offset>]
19*2175Sjp161948[B<-genstr string>]
20*2175Sjp161948[B<-genconf file>]
21*2175Sjp161948
22*2175Sjp161948=head1 DESCRIPTION
23*2175Sjp161948
24*2175Sjp161948The B<asn1parse> command is a diagnostic utility that can parse ASN.1
25*2175Sjp161948structures. It can also be used to extract data from ASN.1 formatted data.
26*2175Sjp161948
27*2175Sjp161948=head1 OPTIONS
28*2175Sjp161948
29*2175Sjp161948=over 4
30*2175Sjp161948
31*2175Sjp161948=item B<-inform> B<DER|PEM>
32*2175Sjp161948
33*2175Sjp161948the input format. B<DER> is binary format and B<PEM> (the default) is base64
34*2175Sjp161948encoded.
35*2175Sjp161948
36*2175Sjp161948=item B<-in filename>
37*2175Sjp161948
38*2175Sjp161948the input file, default is standard input
39*2175Sjp161948
40*2175Sjp161948=item B<-out filename>
41*2175Sjp161948
42*2175Sjp161948output file to place the DER encoded data into. If this
43*2175Sjp161948option is not present then no data will be output. This is most useful when
44*2175Sjp161948combined with the B<-strparse> option.
45*2175Sjp161948
46*2175Sjp161948=item B<-noout>
47*2175Sjp161948
48*2175Sjp161948don't output the parsed version of the input file.
49*2175Sjp161948
50*2175Sjp161948=item B<-offset number>
51*2175Sjp161948
52*2175Sjp161948starting offset to begin parsing, default is start of file.
53*2175Sjp161948
54*2175Sjp161948=item B<-length number>
55*2175Sjp161948
56*2175Sjp161948number of bytes to parse, default is until end of file.
57*2175Sjp161948
58*2175Sjp161948=item B<-i>
59*2175Sjp161948
60*2175Sjp161948indents the output according to the "depth" of the structures.
61*2175Sjp161948
62*2175Sjp161948=item B<-oid filename>
63*2175Sjp161948
64*2175Sjp161948a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
65*2175Sjp161948file is described in the NOTES section below.
66*2175Sjp161948
67*2175Sjp161948=item B<-strparse offset>
68*2175Sjp161948
69*2175Sjp161948parse the contents octets of the ASN.1 object starting at B<offset>. This
70*2175Sjp161948option can be used multiple times to "drill down" into a nested structure.
71*2175Sjp161948
72*2175Sjp161948=item B<-genstr string>, B<-genconf file>
73*2175Sjp161948
74*2175Sjp161948generate encoded data based on B<string>, B<file> or both using
75*2175Sjp161948ASN1_generate_nconf() format. If B<file> only is present then the string
76*2175Sjp161948is obtained from the default section using the name B<asn1>. The encoded
77*2175Sjp161948data is passed through the ASN1 parser and printed out as though it came
78*2175Sjp161948from a file, the contents can thus be examined and written to a file
79*2175Sjp161948using the B<out> option.
80*2175Sjp161948
81*2175Sjp161948=back
82*2175Sjp161948
83*2175Sjp161948=head2 OUTPUT
84*2175Sjp161948
85*2175Sjp161948The output will typically contain lines like this:
86*2175Sjp161948
87*2175Sjp161948  0:d=0  hl=4 l= 681 cons: SEQUENCE
88*2175Sjp161948
89*2175Sjp161948.....
90*2175Sjp161948
91*2175Sjp161948  229:d=3  hl=3 l= 141 prim: BIT STRING
92*2175Sjp161948  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
93*2175Sjp161948  376:d=3  hl=3 l= 159 cons: SEQUENCE
94*2175Sjp161948  379:d=4  hl=2 l=  29 cons: SEQUENCE
95*2175Sjp161948  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
96*2175Sjp161948  386:d=5  hl=2 l=  22 prim: OCTET STRING
97*2175Sjp161948  410:d=4  hl=2 l= 112 cons: SEQUENCE
98*2175Sjp161948  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
99*2175Sjp161948  417:d=5  hl=2 l= 105 prim: OCTET STRING
100*2175Sjp161948  524:d=4  hl=2 l=  12 cons: SEQUENCE
101*2175Sjp161948
102*2175Sjp161948.....
103*2175Sjp161948
104*2175Sjp161948This example is part of a self signed certificate. Each line starts with the
105*2175Sjp161948offset in decimal. B<d=XX> specifies the current depth. The depth is increased
106*2175Sjp161948within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
107*2175Sjp161948(tag and length octets) of the current type. B<l=XX> gives the length of
108*2175Sjp161948the contents octets.
109*2175Sjp161948
110*2175Sjp161948The B<-i> option can be used to make the output more readable.
111*2175Sjp161948
112*2175Sjp161948Some knowledge of the ASN.1 structure is needed to interpret the output.
113*2175Sjp161948
114*2175Sjp161948In this example the BIT STRING at offset 229 is the certificate public key.
115*2175Sjp161948The contents octets of this will contain the public key information. This can
116*2175Sjp161948be examined using the option B<-strparse 229> to yield:
117*2175Sjp161948
118*2175Sjp161948    0:d=0  hl=3 l= 137 cons: SEQUENCE
119*2175Sjp161948    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
120*2175Sjp161948  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
121*2175Sjp161948
122*2175Sjp161948=head1 NOTES
123*2175Sjp161948
124*2175Sjp161948If an OID is not part of OpenSSL's internal table it will be represented in
125*2175Sjp161948numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
126*2175Sjp161948allows additional OIDs to be included. Each line consists of three columns,
127*2175Sjp161948the first column is the OID in numerical format and should be followed by white
128*2175Sjp161948space. The second column is the "short name" which is a single word followed
129*2175Sjp161948by white space. The final column is the rest of the line and is the
130*2175Sjp161948"long name". B<asn1parse> displays the long name. Example:
131*2175Sjp161948
132*2175Sjp161948C<1.2.3.4	shortName	A long name>
133*2175Sjp161948
134*2175Sjp161948=head1 EXAMPLES
135*2175Sjp161948
136*2175Sjp161948Parse a file:
137*2175Sjp161948
138*2175Sjp161948 openssl asn1parse -in file.pem
139*2175Sjp161948
140*2175Sjp161948Parse a DER file:
141*2175Sjp161948
142*2175Sjp161948 openssl asn1parse -inform DER -in file.der
143*2175Sjp161948
144*2175Sjp161948Generate a simple UTF8String:
145*2175Sjp161948
146*2175Sjp161948 openssl asn1parse -genstr 'UTF8:Hello World'
147*2175Sjp161948
148*2175Sjp161948Generate and write out a UTF8String, don't print parsed output:
149*2175Sjp161948
150*2175Sjp161948 openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
151*2175Sjp161948
152*2175Sjp161948Generate using a config file:
153*2175Sjp161948
154*2175Sjp161948 openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
155*2175Sjp161948
156*2175Sjp161948Example config file:
157*2175Sjp161948
158*2175Sjp161948 asn1=SEQUENCE:seq_sect
159*2175Sjp161948
160*2175Sjp161948 [seq_sect]
161*2175Sjp161948
162*2175Sjp161948 field1=BOOL:TRUE
163*2175Sjp161948 field2=EXP:0, UTF8:some random string
164*2175Sjp161948
165*2175Sjp161948
166*2175Sjp161948=head1 BUGS
167*2175Sjp161948
168*2175Sjp161948There should be options to change the format of output lines. The output of some
169*2175Sjp161948ASN.1 types is not well handled (if at all).
170*2175Sjp161948
171*2175Sjp161948=cut
172