| version 1.33, 2016/07/16 07:27:53 |
version 1.34, 2016/07/17 16:33:17 |
|
|
| or |
or |
| .Cm no- Ns Ar XXX |
.Cm no- Ns Ar XXX |
| itself. |
itself. |
| .\" |
|
| .\" ASN1PARSE |
|
| .\" |
|
| .Sh ASN1PARSE |
.Sh ASN1PARSE |
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl asn1parse" |
.Nm "openssl asn1parse" |
| .Bk -words |
|
| .Op Fl i |
.Op Fl i |
| .Op Fl dlimit Ar number |
.Op Fl dlimit Ar number |
| .Op Fl dump |
.Op Fl dump |
| .Op Fl genconf Ar file |
.Op Fl genconf Ar file |
| .Op Fl genstr Ar str |
.Op Fl genstr Ar str |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM | TXT |
.Op Fl inform Cm der | pem | txt |
| .Op Fl length Ar number |
.Op Fl length Ar number |
| .Op Fl noout |
.Op Fl noout |
| .Op Fl offset Ar number |
.Op Fl offset Ar number |
| .Op Fl oid Ar file |
.Op Fl oid Ar file |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl strparse Ar offset |
.Op Fl strparse Ar offset |
| .Ek |
|
| .nr nS 0 |
.nr nS 0 |
| .Pp |
.Pp |
| The |
The |
|
|
| .Ar str , |
.Ar str , |
| file |
file |
| .Ar file , |
.Ar file , |
| or both using |
or both, using the format described in |
| .Xr ASN1_generate_nconf 3 |
.Xr ASN1_generate_nconf 3 . |
| format. |
|
| If only |
If only |
| .Ar file |
.Ar file |
| is present then the string is obtained from the default section |
is present then the string is obtained from the default section |
|
|
| .Fl out |
.Fl out |
| option. |
option. |
| .It Fl i |
.It Fl i |
| Indents the output according to the |
Indent the output according to the |
| .Qq depth |
.Qq depth |
| of the structures. |
of the structures. |
| .It Fl in Ar file |
.It Fl in Ar file |
| The input file; default is standard input. |
The input file; the default is standard input. |
| .It Fl inform Ar DER | PEM | TXT |
.It Fl inform Cm der | pem | txt |
| The input format. |
The input format. |
| .Ar DER |
.Cm der |
| .Pq Distinguished Encoding Rules |
.Pq Distinguished Encoding Rules |
| is binary format and |
is binary format and |
| .Ar PEM |
.Cm pem |
| .Pq Privacy Enhanced Mail , |
.Pq Privacy Enhanced Mail , |
| the default, is base64-encoded. |
the default, is base64-encoded. |
| .Ar TXT |
.Cm txt |
| is plain text. |
is plain text. |
| .It Fl length Ar number |
.It Fl length Ar number |
| Number of bytes to parse; default is until end of file. |
Number of bytes to parse; the default is until end of file. |
| .It Fl noout |
.It Fl noout |
| Don't output the parsed version of the input file. |
Don't output the parsed version of the input file. |
| .It Fl offset Ar number |
.It Fl offset Ar number |
| Starting offset to begin parsing; default is start of file. |
Starting offset to begin parsing; the default is start of file. |
| .It Fl oid Ar file |
.It Fl oid Ar file |
| A file containing additional object identifiers |
A file containing additional object identifiers |
| .Pq OIDs . |
.Pq OIDs . |
| The format of this file is described in the |
|
| .Sx ASN1PARSE NOTES |
|
| section below. |
|
| .It Fl out Ar file |
|
| Output file to place the DER-encoded data into. |
|
| If this option is not present, no encoded data will be output. |
|
| This is most useful when combined with the |
|
| .Fl strparse |
|
| option. |
|
| .It Fl strparse Ar offset |
|
| Parse the content octets of the ASN.1 object starting at |
|
| .Ar offset . |
|
| This option can be used multiple times to |
|
| .Qq drill down |
|
| into a nested structure. |
|
| .El |
|
| .Sh ASN1PARSE OUTPUT |
|
| The output will typically contain lines like this: |
|
| .Bd -literal -offset 2n |
|
| 0:d=0 hl=4 l= 681 cons: SEQUENCE |
|
| |
|
| \&..... |
|
| |
|
| 229:d=3 hl=3 l= 141 prim: BIT STRING |
|
| 373:d=2 hl=3 l= 162 cons: cont [ 3 ] |
|
| 376:d=3 hl=3 l= 159 cons: SEQUENCE |
|
| 379:d=4 hl=2 l= 29 cons: SEQUENCE |
|
| 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier |
|
| 386:d=5 hl=2 l= 22 prim: OCTET STRING |
|
| 410:d=4 hl=2 l= 112 cons: SEQUENCE |
|
| 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier |
|
| 417:d=5 hl=2 l= 105 prim: OCTET STRING |
|
| 524:d=4 hl=2 l= 12 cons: SEQUENCE |
|
| |
|
| \&..... |
|
| .Ed |
|
| .Pp |
|
| This example is part of a self-signed certificate. |
|
| Each line starts with the offset in decimal. |
|
| .Cm d=XX |
|
| specifies the current depth. |
|
| The depth is increased within the scope of any SET or SEQUENCE. |
|
| .Cm hl=XX |
|
| gives the header length |
|
| .Pq tag and length octets |
|
| of the current type. |
|
| .Cm l=XX |
|
| gives the length of the content octets. |
|
| .Pp |
|
| The |
|
| .Fl i |
|
| option can be used to make the output more readable. |
|
| .Pp |
|
| Some knowledge of the ASN.1 structure is needed to interpret the output. |
|
| .Pp |
|
| In this example, the BIT STRING at offset 229 is the certificate public key. |
|
| The content octets of this will contain the public key information. |
|
| This can be examined using the option |
|
| .Fl strparse Cm 229 |
|
| to yield: |
|
| .Bd -literal |
|
| 0:d=0 hl=3 l= 137 cons: SEQUENCE |
|
| 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA |
|
| F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A |
|
| 9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58 |
|
| BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9 |
|
| 135:d=1 hl=2 l= 3 prim: INTEGER :010001 |
|
| .Ed |
|
| .Sh ASN1PARSE NOTES |
|
| If an OID |
If an OID |
| .Pq object identifier |
.Pq object identifier |
| is not part of |
is not part of |
| .Nm OpenSSL Ns Li 's |
.Nm openssl Ns 's |
| internal table it will be represented in |
internal table it will be represented in |
| numerical form |
numerical form |
| .Pq for example 1.2.3.4 . |
.Pq for example 1.2.3.4 . |
| The file passed to the |
.Pp |
| .Fl oid |
|
| option allows additional OIDs to be included. |
|
| Each line consists of three columns: |
Each line consists of three columns: |
| the first column is the OID in numerical format and should be followed by |
the first column is the OID in numerical format and should be followed by |
| whitespace. |
whitespace. |
| The second column is the |
The second column is the |
| .Qq short name |
.Qq short name , |
| which is a single word followed by whitespace. |
which is a single word followed by whitespace. |
| The final column is the rest of the line and is the |
The final column is the rest of the line and is the |
| .Qq long name . |
.Qq long name . |
| .Nm asn1parse |
.Nm asn1parse |
| displays the long name. |
displays the long name. |
| Example: |
.It Fl out Ar file |
| .Pp |
The DER-encoded output file; the default is no encoded output |
| .Dl \&"1.2.3.4 shortname A long name\&" |
(useful when combined with |
| .Sh ASN1 EXAMPLES |
.Fl strparse ) . |
| Parse a file: |
.It Fl strparse Ar offset |
| .Pp |
Parse the content octets of the ASN.1 object starting at |
| .Dl $ openssl asn1parse -in file.pem |
.Ar offset . |
| .Pp |
This option can be used multiple times to |
| Parse a DER file: |
.Qq drill down |
| .Pp |
into a nested structure. |
| .Dl $ openssl asn1parse -inform DER -in file.der |
.El |
| .Sh ASN1PARSE BUGS |
|
| There should be options to change the format of output lines. |
|
| The output of some ASN.1 types is not well handled |
|
| .Pq if at all . |
|
| .\" |
.\" |
| .\" CA |
.\" CA |
| .\" |
.\" |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl