version 1.33, 2016/07/16 07:27:53 |
version 1.34, 2016/07/17 16:33:17 |
|
|
or |
or |
.Cm no- Ns Ar XXX |
.Cm no- Ns Ar XXX |
itself. |
itself. |
.\" |
|
.\" ASN1PARSE |
|
.\" |
|
.Sh ASN1PARSE |
.Sh ASN1PARSE |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl asn1parse" |
.Nm "openssl asn1parse" |
.Bk -words |
|
.Op Fl i |
.Op Fl i |
.Op Fl dlimit Ar number |
.Op Fl dlimit Ar number |
.Op Fl dump |
.Op Fl dump |
.Op Fl genconf Ar file |
.Op Fl genconf Ar file |
.Op Fl genstr Ar str |
.Op Fl genstr Ar str |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM | TXT |
.Op Fl inform Cm der | pem | txt |
.Op Fl length Ar number |
.Op Fl length Ar number |
.Op Fl noout |
.Op Fl noout |
.Op Fl offset Ar number |
.Op Fl offset Ar number |
.Op Fl oid Ar file |
.Op Fl oid Ar file |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl strparse Ar offset |
.Op Fl strparse Ar offset |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
|
|
.Ar str , |
.Ar str , |
file |
file |
.Ar file , |
.Ar file , |
or both using |
or both, using the format described in |
.Xr ASN1_generate_nconf 3 |
.Xr ASN1_generate_nconf 3 . |
format. |
|
If only |
If only |
.Ar file |
.Ar file |
is present then the string is obtained from the default section |
is present then the string is obtained from the default section |
|
|
.Fl out |
.Fl out |
option. |
option. |
.It Fl i |
.It Fl i |
Indents the output according to the |
Indent the output according to the |
.Qq depth |
.Qq depth |
of the structures. |
of the structures. |
.It Fl in Ar file |
.It Fl in Ar file |
The input file; default is standard input. |
The input file; the default is standard input. |
.It Fl inform Ar DER | PEM | TXT |
.It Fl inform Cm der | pem | txt |
The input format. |
The input format. |
.Ar DER |
.Cm der |
.Pq Distinguished Encoding Rules |
.Pq Distinguished Encoding Rules |
is binary format and |
is binary format and |
.Ar PEM |
.Cm pem |
.Pq Privacy Enhanced Mail , |
.Pq Privacy Enhanced Mail , |
the default, is base64-encoded. |
the default, is base64-encoded. |
.Ar TXT |
.Cm txt |
is plain text. |
is plain text. |
.It Fl length Ar number |
.It Fl length Ar number |
Number of bytes to parse; default is until end of file. |
Number of bytes to parse; the default is until end of file. |
.It Fl noout |
.It Fl noout |
Don't output the parsed version of the input file. |
Don't output the parsed version of the input file. |
.It Fl offset Ar number |
.It Fl offset Ar number |
Starting offset to begin parsing; default is start of file. |
Starting offset to begin parsing; the default is start of file. |
.It Fl oid Ar file |
.It Fl oid Ar file |
A file containing additional object identifiers |
A file containing additional object identifiers |
.Pq OIDs . |
.Pq OIDs . |
The format of this file is described in the |
|
.Sx ASN1PARSE NOTES |
|
section below. |
|
.It Fl out Ar file |
|
Output file to place the DER-encoded data into. |
|
If this option is not present, no encoded data will be output. |
|
This is most useful when combined with the |
|
.Fl strparse |
|
option. |
|
.It Fl strparse Ar offset |
|
Parse the content octets of the ASN.1 object starting at |
|
.Ar offset . |
|
This option can be used multiple times to |
|
.Qq drill down |
|
into a nested structure. |
|
.El |
|
.Sh ASN1PARSE OUTPUT |
|
The output will typically contain lines like this: |
|
.Bd -literal -offset 2n |
|
0:d=0 hl=4 l= 681 cons: SEQUENCE |
|
|
|
\&..... |
|
|
|
229:d=3 hl=3 l= 141 prim: BIT STRING |
|
373:d=2 hl=3 l= 162 cons: cont [ 3 ] |
|
376:d=3 hl=3 l= 159 cons: SEQUENCE |
|
379:d=4 hl=2 l= 29 cons: SEQUENCE |
|
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier |
|
386:d=5 hl=2 l= 22 prim: OCTET STRING |
|
410:d=4 hl=2 l= 112 cons: SEQUENCE |
|
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier |
|
417:d=5 hl=2 l= 105 prim: OCTET STRING |
|
524:d=4 hl=2 l= 12 cons: SEQUENCE |
|
|
|
\&..... |
|
.Ed |
|
.Pp |
|
This example is part of a self-signed certificate. |
|
Each line starts with the offset in decimal. |
|
.Cm d=XX |
|
specifies the current depth. |
|
The depth is increased within the scope of any SET or SEQUENCE. |
|
.Cm hl=XX |
|
gives the header length |
|
.Pq tag and length octets |
|
of the current type. |
|
.Cm l=XX |
|
gives the length of the content octets. |
|
.Pp |
|
The |
|
.Fl i |
|
option can be used to make the output more readable. |
|
.Pp |
|
Some knowledge of the ASN.1 structure is needed to interpret the output. |
|
.Pp |
|
In this example, the BIT STRING at offset 229 is the certificate public key. |
|
The content octets of this will contain the public key information. |
|
This can be examined using the option |
|
.Fl strparse Cm 229 |
|
to yield: |
|
.Bd -literal |
|
0:d=0 hl=3 l= 137 cons: SEQUENCE |
|
3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA |
|
F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A |
|
9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58 |
|
BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9 |
|
135:d=1 hl=2 l= 3 prim: INTEGER :010001 |
|
.Ed |
|
.Sh ASN1PARSE NOTES |
|
If an OID |
If an OID |
.Pq object identifier |
.Pq object identifier |
is not part of |
is not part of |
.Nm OpenSSL Ns Li 's |
.Nm openssl Ns 's |
internal table it will be represented in |
internal table it will be represented in |
numerical form |
numerical form |
.Pq for example 1.2.3.4 . |
.Pq for example 1.2.3.4 . |
The file passed to the |
.Pp |
.Fl oid |
|
option allows additional OIDs to be included. |
|
Each line consists of three columns: |
Each line consists of three columns: |
the first column is the OID in numerical format and should be followed by |
the first column is the OID in numerical format and should be followed by |
whitespace. |
whitespace. |
The second column is the |
The second column is the |
.Qq short name |
.Qq short name , |
which is a single word followed by whitespace. |
which is a single word followed by whitespace. |
The final column is the rest of the line and is the |
The final column is the rest of the line and is the |
.Qq long name . |
.Qq long name . |
.Nm asn1parse |
.Nm asn1parse |
displays the long name. |
displays the long name. |
Example: |
.It Fl out Ar file |
.Pp |
The DER-encoded output file; the default is no encoded output |
.Dl \&"1.2.3.4 shortname A long name\&" |
(useful when combined with |
.Sh ASN1 EXAMPLES |
.Fl strparse ) . |
Parse a file: |
.It Fl strparse Ar offset |
.Pp |
Parse the content octets of the ASN.1 object starting at |
.Dl $ openssl asn1parse -in file.pem |
.Ar offset . |
.Pp |
This option can be used multiple times to |
Parse a DER file: |
.Qq drill down |
.Pp |
into a nested structure. |
.Dl $ openssl asn1parse -inform DER -in file.der |
.El |
.Sh ASN1PARSE BUGS |
|
There should be options to change the format of output lines. |
|
The output of some ASN.1 types is not well handled |
|
.Pq if at all . |
|
.\" |
.\" |
.\" CA |
.\" CA |
.\" |
.\" |