=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/openssl.1,v retrieving revision 1.33 retrieving revision 1.34 diff -c -r1.33 -r1.34 *** src/usr.bin/openssl/openssl.1 2016/07/16 07:27:53 1.33 --- src/usr.bin/openssl/openssl.1 2016/07/17 16:33:17 1.34 *************** *** 1,4 **** ! .\" $OpenBSD: openssl.1,v 1.33 2016/07/16 07:27:53 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" --- 1,4 ---- ! .\" $OpenBSD: openssl.1,v 1.34 2016/07/17 16:33:17 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" *************** *** 112,118 **** .\" .\" OPENSSL .\" ! .Dd $Mdocdate: July 16 2016 $ .Dt OPENSSL 1 .Os .Sh NAME --- 112,118 ---- .\" .\" OPENSSL .\" ! .Dd $Mdocdate: July 17 2016 $ .Dt OPENSSL 1 .Os .Sh NAME *************** *** 207,233 **** or .Cm no- Ns Ar XXX itself. - .\" - .\" ASN1PARSE - .\" .Sh ASN1PARSE .nr nS 1 .Nm "openssl asn1parse" - .Bk -words .Op Fl i .Op Fl dlimit Ar number .Op Fl dump .Op Fl genconf Ar file .Op Fl genstr Ar str .Op Fl in Ar file ! .Op Fl inform Ar DER | PEM | TXT .Op Fl length Ar number .Op Fl noout .Op Fl offset Ar number .Op Fl oid Ar file .Op Fl out Ar file .Op Fl strparse Ar offset - .Ek .nr nS 0 .Pp The --- 207,228 ---- or .Cm no- Ns Ar XXX itself. .Sh ASN1PARSE .nr nS 1 .Nm "openssl asn1parse" .Op Fl i .Op Fl dlimit Ar number .Op Fl dump .Op Fl genconf Ar file .Op Fl genstr Ar str .Op Fl in Ar file ! .Op Fl inform Cm der | pem | txt .Op Fl length Ar number .Op Fl noout .Op Fl offset Ar number .Op Fl oid Ar file .Op Fl out Ar file .Op Fl strparse Ar offset .nr nS 0 .Pp The *************** *** 248,256 **** .Ar str , file .Ar file , ! or both using ! .Xr ASN1_generate_nconf 3 ! format. If only .Ar file is present then the string is obtained from the default section --- 243,250 ---- .Ar str , file .Ar file , ! or both, using the format described in ! .Xr ASN1_generate_nconf 3 . If only .Ar file is present then the string is obtained from the default section *************** *** 262,395 **** .Fl out option. .It Fl i ! Indents the output according to the .Qq depth of the structures. .It Fl in Ar file ! The input file; default is standard input. ! .It Fl inform Ar DER | PEM | TXT The input format. ! .Ar DER .Pq Distinguished Encoding Rules is binary format and ! .Ar PEM .Pq Privacy Enhanced Mail , the default, is base64-encoded. ! .Ar TXT is plain text. .It Fl length Ar number ! Number of bytes to parse; default is until end of file. .It Fl noout Don't output the parsed version of the input file. .It Fl offset Ar number ! Starting offset to begin parsing; default is start of file. .It Fl oid Ar file A file containing additional object identifiers .Pq OIDs . - The format of this file is described in the - .Sx ASN1PARSE NOTES - section below. - .It Fl out Ar file - Output file to place the DER-encoded data into. - If this option is not present, no encoded data will be output. - This is most useful when combined with the - .Fl strparse - option. - .It Fl strparse Ar offset - Parse the content octets of the ASN.1 object starting at - .Ar offset . - This option can be used multiple times to - .Qq drill down - into a nested structure. - .El - .Sh ASN1PARSE OUTPUT - The output will typically contain lines like this: - .Bd -literal -offset 2n - 0:d=0 hl=4 l= 681 cons: SEQUENCE - - \&..... - - 229:d=3 hl=3 l= 141 prim: BIT STRING - 373:d=2 hl=3 l= 162 cons: cont [ 3 ] - 376:d=3 hl=3 l= 159 cons: SEQUENCE - 379:d=4 hl=2 l= 29 cons: SEQUENCE - 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier - 386:d=5 hl=2 l= 22 prim: OCTET STRING - 410:d=4 hl=2 l= 112 cons: SEQUENCE - 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier - 417:d=5 hl=2 l= 105 prim: OCTET STRING - 524:d=4 hl=2 l= 12 cons: SEQUENCE - - \&..... - .Ed - .Pp - This example is part of a self-signed certificate. - Each line starts with the offset in decimal. - .Cm d=XX - specifies the current depth. - The depth is increased within the scope of any SET or SEQUENCE. - .Cm hl=XX - gives the header length - .Pq tag and length octets - of the current type. - .Cm l=XX - gives the length of the content octets. - .Pp - The - .Fl i - option can be used to make the output more readable. - .Pp - Some knowledge of the ASN.1 structure is needed to interpret the output. - .Pp - In this example, the BIT STRING at offset 229 is the certificate public key. - The content octets of this will contain the public key information. - This can be examined using the option - .Fl strparse Cm 229 - to yield: - .Bd -literal - 0:d=0 hl=3 l= 137 cons: SEQUENCE - 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA - F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A - 9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58 - BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9 - 135:d=1 hl=2 l= 3 prim: INTEGER :010001 - .Ed - .Sh ASN1PARSE NOTES If an OID .Pq object identifier is not part of ! .Nm OpenSSL Ns Li 's internal table it will be represented in numerical form .Pq for example 1.2.3.4 . ! The file passed to the ! .Fl oid ! option allows additional OIDs to be included. Each line consists of three columns: the first column is the OID in numerical format and should be followed by whitespace. The second column is the ! .Qq short name which is a single word followed by whitespace. The final column is the rest of the line and is the .Qq long name . .Nm asn1parse displays the long name. ! Example: ! .Pp ! .Dl \&"1.2.3.4 shortname A long name\&" ! .Sh ASN1 EXAMPLES ! Parse a file: ! .Pp ! .Dl $ openssl asn1parse -in file.pem ! .Pp ! Parse a DER file: ! .Pp ! .Dl $ openssl asn1parse -inform DER -in file.der ! .Sh ASN1PARSE BUGS ! There should be options to change the format of output lines. ! The output of some ASN.1 types is not well handled ! .Pq if at all . .\" .\" CA .\" --- 256,314 ---- .Fl out option. .It Fl i ! Indent the output according to the .Qq depth of the structures. .It Fl in Ar file ! The input file; the default is standard input. ! .It Fl inform Cm der | pem | txt The input format. ! .Cm der .Pq Distinguished Encoding Rules is binary format and ! .Cm pem .Pq Privacy Enhanced Mail , the default, is base64-encoded. ! .Cm txt is plain text. .It Fl length Ar number ! Number of bytes to parse; the default is until end of file. .It Fl noout Don't output the parsed version of the input file. .It Fl offset Ar number ! Starting offset to begin parsing; the default is start of file. .It Fl oid Ar file A file containing additional object identifiers .Pq OIDs . If an OID .Pq object identifier is not part of ! .Nm openssl Ns 's internal table it will be represented in numerical form .Pq for example 1.2.3.4 . ! .Pp Each line consists of three columns: the first column is the OID in numerical format and should be followed by whitespace. The second column is the ! .Qq short name , which is a single word followed by whitespace. The final column is the rest of the line and is the .Qq long name . .Nm asn1parse displays the long name. ! .It Fl out Ar file ! The DER-encoded output file; the default is no encoded output ! (useful when combined with ! .Fl strparse ) . ! .It Fl strparse Ar offset ! Parse the content octets of the ASN.1 object starting at ! .Ar offset . ! This option can be used multiple times to ! .Qq drill down ! into a nested structure. ! .El .\" .\" CA .\"