159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skrisasn1parse - ASN.1 parsing tool 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl> B<asn1parse> 1059191Skris[B<-inform PEM|DER>] 1159191Skris[B<-in filename>] 1259191Skris[B<-out filename>] 1359191Skris[B<-noout>] 1459191Skris[B<-offset number>] 1559191Skris[B<-length number>] 1659191Skris[B<-i>] 1759191Skris[B<-oid filename>] 18269686Sjkim[B<-dump>] 19269686Sjkim[B<-dlimit num>] 2059191Skris[B<-strparse offset>] 21160814Ssimon[B<-genstr string>] 22160814Ssimon[B<-genconf file>] 2359191Skris 2459191Skris=head1 DESCRIPTION 2559191Skris 2659191SkrisThe B<asn1parse> command is a diagnostic utility that can parse ASN.1 2759191Skrisstructures. It can also be used to extract data from ASN.1 formatted data. 2859191Skris 2959191Skris=head1 OPTIONS 3059191Skris 3159191Skris=over 4 3259191Skris 3359191Skris=item B<-inform> B<DER|PEM> 3459191Skris 3559191Skristhe input format. B<DER> is binary format and B<PEM> (the default) is base64 3659191Skrisencoded. 3759191Skris 3859191Skris=item B<-in filename> 3959191Skris 4059191Skristhe input file, default is standard input 4159191Skris 4259191Skris=item B<-out filename> 4359191Skris 4459191Skrisoutput file to place the DER encoded data into. If this 4559191Skrisoption is not present then no data will be output. This is most useful when 4659191Skriscombined with the B<-strparse> option. 4759191Skris 4859191Skris=item B<-noout> 4959191Skris 5059191Skrisdon't output the parsed version of the input file. 5159191Skris 5259191Skris=item B<-offset number> 5359191Skris 5459191Skrisstarting offset to begin parsing, default is start of file. 5559191Skris 5659191Skris=item B<-length number> 5759191Skris 5859191Skrisnumber of bytes to parse, default is until end of file. 5959191Skris 6059191Skris=item B<-i> 6159191Skris 6259191Skrisindents the output according to the "depth" of the structures. 6359191Skris 6459191Skris=item B<-oid filename> 6559191Skris 6659191Skrisa file containing additional OBJECT IDENTIFIERs (OIDs). The format of this 6759191Skrisfile is described in the NOTES section below. 6859191Skris 69269686Sjkim=item B<-dump> 70269686Sjkim 71269686Sjkimdump unknown data in hex format. 72269686Sjkim 73269686Sjkim=item B<-dlimit num> 74269686Sjkim 75269686Sjkimlike B<-dump>, but only the first B<num> bytes are output. 76269686Sjkim 7759191Skris=item B<-strparse offset> 7859191Skris 7959191Skrisparse the contents octets of the ASN.1 object starting at B<offset>. This 8059191Skrisoption can be used multiple times to "drill down" into a nested structure. 8159191Skris 82160814Ssimon=item B<-genstr string>, B<-genconf file> 8359191Skris 84160814Ssimongenerate encoded data based on B<string>, B<file> or both using 85238405SjkimL<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. If B<file> only is 86238405Sjkimpresent then the string is obtained from the default section using the name 87238405SjkimB<asn1>. The encoded data is passed through the ASN1 parser and printed out as 88238405Sjkimthough it came from a file, the contents can thus be examined and written to a 89238405Sjkimfile using the B<out> option. 90160814Ssimon 9159191Skris=back 9259191Skris 9359191Skris=head2 OUTPUT 9459191Skris 9559191SkrisThe output will typically contain lines like this: 9659191Skris 9759191Skris 0:d=0 hl=4 l= 681 cons: SEQUENCE 9859191Skris 9959191Skris..... 10059191Skris 10159191Skris 229:d=3 hl=3 l= 141 prim: BIT STRING 10259191Skris 373:d=2 hl=3 l= 162 cons: cont [ 3 ] 10359191Skris 376:d=3 hl=3 l= 159 cons: SEQUENCE 10459191Skris 379:d=4 hl=2 l= 29 cons: SEQUENCE 10559191Skris 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 10659191Skris 386:d=5 hl=2 l= 22 prim: OCTET STRING 10759191Skris 410:d=4 hl=2 l= 112 cons: SEQUENCE 10859191Skris 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 10959191Skris 417:d=5 hl=2 l= 105 prim: OCTET STRING 11059191Skris 524:d=4 hl=2 l= 12 cons: SEQUENCE 11159191Skris 11259191Skris..... 11359191Skris 11459191SkrisThis example is part of a self signed certificate. Each line starts with the 11559191Skrisoffset in decimal. B<d=XX> specifies the current depth. The depth is increased 11659191Skriswithin the scope of any SET or SEQUENCE. B<hl=XX> gives the header length 11759191Skris(tag and length octets) of the current type. B<l=XX> gives the length of 11859191Skristhe contents octets. 11959191Skris 12059191SkrisThe B<-i> option can be used to make the output more readable. 12159191Skris 12259191SkrisSome knowledge of the ASN.1 structure is needed to interpret the output. 12359191Skris 12459191SkrisIn this example the BIT STRING at offset 229 is the certificate public key. 12559191SkrisThe contents octets of this will contain the public key information. This can 12659191Skrisbe examined using the option B<-strparse 229> to yield: 12759191Skris 12859191Skris 0:d=0 hl=3 l= 137 cons: SEQUENCE 12959191Skris 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 13059191Skris 135:d=1 hl=2 l= 3 prim: INTEGER :010001 13159191Skris 13259191Skris=head1 NOTES 13359191Skris 13459191SkrisIf an OID is not part of OpenSSL's internal table it will be represented in 13559191Skrisnumerical form (for example 1.2.3.4). The file passed to the B<-oid> option 13659191Skrisallows additional OIDs to be included. Each line consists of three columns, 13759191Skristhe first column is the OID in numerical format and should be followed by white 13859191Skrisspace. The second column is the "short name" which is a single word followed 13959191Skrisby white space. The final column is the rest of the line and is the 14059191Skris"long name". B<asn1parse> displays the long name. Example: 14159191Skris 14259191SkrisC<1.2.3.4 shortName A long name> 14359191Skris 144160814Ssimon=head1 EXAMPLES 145160814Ssimon 146160814SsimonParse a file: 147160814Ssimon 148160814Ssimon openssl asn1parse -in file.pem 149160814Ssimon 150160814SsimonParse a DER file: 151160814Ssimon 152160814Ssimon openssl asn1parse -inform DER -in file.der 153160814Ssimon 154160814SsimonGenerate a simple UTF8String: 155160814Ssimon 156160814Ssimon openssl asn1parse -genstr 'UTF8:Hello World' 157160814Ssimon 158160814SsimonGenerate and write out a UTF8String, don't print parsed output: 159160814Ssimon 160160814Ssimon openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der 161160814Ssimon 162160814SsimonGenerate using a config file: 163160814Ssimon 164160814Ssimon openssl asn1parse -genconf asn1.cnf -noout -out asn1.der 165160814Ssimon 166160814SsimonExample config file: 167160814Ssimon 168160814Ssimon asn1=SEQUENCE:seq_sect 169160814Ssimon 170160814Ssimon [seq_sect] 171160814Ssimon 172160814Ssimon field1=BOOL:TRUE 173160814Ssimon field2=EXP:0, UTF8:some random string 174160814Ssimon 175160814Ssimon 17659191Skris=head1 BUGS 17759191Skris 178160814SsimonThere should be options to change the format of output lines. The output of some 17959191SkrisASN.1 types is not well handled (if at all). 18059191Skris 181238405Sjkim=head1 SEE ALSO 182238405Sjkim 183238405SjkimL<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> 184238405Sjkim 18559191Skris=cut 186