asn1parse.pod revision 59191
1=pod 2 3=head1 NAME 4 5asn1parse - ASN.1 parsing tool 6 7=head1 SYNOPSIS 8 9B<openssl> B<asn1parse> 10[B<-inform PEM|DER>] 11[B<-in filename>] 12[B<-out filename>] 13[B<-noout>] 14[B<-offset number>] 15[B<-length number>] 16[B<-i>] 17[B<-oid filename>] 18[B<-strparse offset>] 19 20=head1 DESCRIPTION 21 22The B<asn1parse> command is a diagnostic utility that can parse ASN.1 23structures. It can also be used to extract data from ASN.1 formatted data. 24 25=head1 OPTIONS 26 27=over 4 28 29=item B<-inform> B<DER|PEM> 30 31the input format. B<DER> is binary format and B<PEM> (the default) is base64 32encoded. 33 34=item B<-in filename> 35 36the input file, default is standard input 37 38=item B<-out filename> 39 40output file to place the DER encoded data into. If this 41option is not present then no data will be output. This is most useful when 42combined with the B<-strparse> option. 43 44=item B<-noout> 45 46don't output the parsed version of the input file. 47 48=item B<-offset number> 49 50starting offset to begin parsing, default is start of file. 51 52=item B<-length number> 53 54number of bytes to parse, default is until end of file. 55 56=item B<-i> 57 58indents the output according to the "depth" of the structures. 59 60=item B<-oid filename> 61 62a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this 63file is described in the NOTES section below. 64 65=item B<-strparse offset> 66 67parse the contents octets of the ASN.1 object starting at B<offset>. This 68option can be used multiple times to "drill down" into a nested structure. 69 70 71=back 72 73=head2 OUTPUT 74 75The output will typically contain lines like this: 76 77 0:d=0 hl=4 l= 681 cons: SEQUENCE 78 79..... 80 81 229:d=3 hl=3 l= 141 prim: BIT STRING 82 373:d=2 hl=3 l= 162 cons: cont [ 3 ] 83 376:d=3 hl=3 l= 159 cons: SEQUENCE 84 379:d=4 hl=2 l= 29 cons: SEQUENCE 85 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 86 386:d=5 hl=2 l= 22 prim: OCTET STRING 87 410:d=4 hl=2 l= 112 cons: SEQUENCE 88 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 89 417:d=5 hl=2 l= 105 prim: OCTET STRING 90 524:d=4 hl=2 l= 12 cons: SEQUENCE 91 92..... 93 94This example is part of a self signed certificate. Each line starts with the 95offset in decimal. B<d=XX> specifies the current depth. The depth is increased 96within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length 97(tag and length octets) of the current type. B<l=XX> gives the length of 98the contents octets. 99 100The B<-i> option can be used to make the output more readable. 101 102Some knowledge of the ASN.1 structure is needed to interpret the output. 103 104In this example the BIT STRING at offset 229 is the certificate public key. 105The contents octets of this will contain the public key information. This can 106be examined using the option B<-strparse 229> to yield: 107 108 0:d=0 hl=3 l= 137 cons: SEQUENCE 109 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 110 135:d=1 hl=2 l= 3 prim: INTEGER :010001 111 112=head1 NOTES 113 114If an OID is not part of OpenSSL's internal table it will be represented in 115numerical form (for example 1.2.3.4). The file passed to the B<-oid> option 116allows additional OIDs to be included. Each line consists of three columns, 117the first column is the OID in numerical format and should be followed by white 118space. The second column is the "short name" which is a single word followed 119by white space. The final column is the rest of the line and is the 120"long name". B<asn1parse> displays the long name. Example: 121 122C<1.2.3.4 shortName A long name> 123 124=head1 BUGS 125 126There should be options to change the format of input lines. The output of some 127ASN.1 types is not well handled (if at all). 128 129=cut 130