projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| aba3e65f DSH |
1 | =pod |
| 2 | ||
| 3 | =head1 NAME | |
| 4 | ||
| 5 | asn1parse - ASN.1 parsing tool | |
| 6 | ||
| 7 | =head1 SYNOPSIS | |
| 8 | ||
| af29811e | 9 | B<openssl> B<asn1parse> |
| aba3e65f DSH |
10 | [B<-inform PEM|DER>] |
| 11 | [B<-in filename>] | |
| 12 | [B<-out filename>] | |
| 13 | [B<-noout>] | |
| 14 | [B<-offset number>] | |
| 15 | [B<-length number>] | |
| 16 | [B<-i>] | |
| 17 | [B<-oid filename>] | |
| fc1d88f0 RS |
18 | [B<-dump>] |
| 19 | [B<-dlimit num>] | |
| aba3e65f | 20 | [B<-strparse offset>] |
| 04f0a6ba DSH |
21 | [B<-genstr string>] |
| 22 | [B<-genconf file>] | |
| 6b5c1d94 | 23 | [B<-strictpem>] |
| aba3e65f DSH |
24 | |
| 25 | =head1 DESCRIPTION | |
| 26 | ||
| 27 | The B<asn1parse> command is a diagnostic utility that can parse ASN.1 | |
| 28 | structures. It can also be used to extract data from ASN.1 formatted data. | |
| 29 | ||
| 30 | =head1 OPTIONS | |
| 31 | ||
| 32 | =over 4 | |
| 33 | ||
| 34 | =item B<-inform> B<DER|PEM> | |
| 35 | ||
| 36 | the input format. B<DER> is binary format and B<PEM> (the default) is base64 | |
| 37 | encoded. | |
| 38 | ||
| 39 | =item B<-in filename> | |
| 40 | ||
| 41 | the input file, default is standard input | |
| 42 | ||
| 43 | =item B<-out filename> | |
| 44 | ||
| 45 | output file to place the DER encoded data into. If this | |
| 46 | option is not present then no data will be output. This is most useful when | |
| 47 | combined with the B<-strparse> option. | |
| 48 | ||
| 49 | =item B<-noout> | |
| 50 | ||
| 19d2bb57 | 51 | don't output the parsed version of the input file. |
| aba3e65f DSH |
52 | |
| 53 | =item B<-offset number> | |
| 54 | ||
| 55 | starting offset to begin parsing, default is start of file. | |
| 56 | ||
| 57 | =item B<-length number> | |
| 58 | ||
| 59 | number of bytes to parse, default is until end of file. | |
| 60 | ||
| 61 | =item B<-i> | |
| 62 | ||
| 63 | indents the output according to the "depth" of the structures. | |
| 64 | ||
| 65 | =item B<-oid filename> | |
| 66 | ||
| 67 | a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this | |
| 68 | file is described in the NOTES section below. | |
| 69 | ||
| fc1d88f0 RS |
70 | =item B<-dump> |
| 71 | ||
| 72 | dump unknown data in hex format. | |
| 73 | ||
| 74 | =item B<-dlimit num> | |
| 75 | ||
| 76 | like B<-dump>, but only the first B<num> bytes are output. | |
| 77 | ||
| aba3e65f DSH |
78 | =item B<-strparse offset> |
| 79 | ||
| 80 | parse the contents octets of the ASN.1 object starting at B<offset>. This | |
| 81 | option can be used multiple times to "drill down" into a nested structure. | |
| 82 | ||
| 04f0a6ba DSH |
83 | =item B<-genstr string>, B<-genconf file> |
| 84 | ||
| 85 | generate encoded data based on B<string>, B<file> or both using | |
| 9b86974e | 86 | L<ASN1_generate_nconf(3)> format. If B<file> only is |
| 51cc37b6 DSH |
87 | present then the string is obtained from the default section using the name |
| 88 | B<asn1>. The encoded data is passed through the ASN1 parser and printed out as | |
| 89 | though it came from a file, the contents can thus be examined and written to a | |
| 90 | file using the B<out> option. | |
| aba3e65f | 91 | |
| 6b5c1d94 MC |
92 | =item B<-strictpem> |
| 93 | ||
| 94 | If this option is used then B<-inform> will be ignored. Without this option any | |
| 3d9243f1 MC |
95 | data in a PEM format input file will be treated as being base64 encoded and |
| 96 | processed whether it has the normal PEM BEGIN and END markers or not. This | |
| 97 | option will ignore any data prior to the start of the BEGIN marker, or after an | |
| 98 | END marker in a PEM file. | |
| 6b5c1d94 | 99 | |
| aba3e65f DSH |
100 | =back |
| 101 | ||
| 102 | =head2 OUTPUT | |
| 103 | ||
| 104 | The output will typically contain lines like this: | |
| 105 | ||
| 106 | 0:d=0 hl=4 l= 681 cons: SEQUENCE | |
| 107 | ||
| 108 | ..... | |
| 109 | ||
| 6b5c1d94 | 110 | 229:d=3 hl=3 l= 141 prim: BIT STRING |
| aba3e65f DSH |
111 | 373:d=2 hl=3 l= 162 cons: cont [ 3 ] |
| 112 | 376:d=3 hl=3 l= 159 cons: SEQUENCE | |
| 113 | 379:d=4 hl=2 l= 29 cons: SEQUENCE | |
| 114 | 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier | |
| 115 | 386:d=5 hl=2 l= 22 prim: OCTET STRING | |
| 116 | 410:d=4 hl=2 l= 112 cons: SEQUENCE | |
| 117 | 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier | |
| 118 | 417:d=5 hl=2 l= 105 prim: OCTET STRING | |
| 119 | 524:d=4 hl=2 l= 12 cons: SEQUENCE | |
| 120 | ||
| 121 | ..... | |
| 122 | ||
| 123 | This example is part of a self signed certificate. Each line starts with the | |
| 124 | offset in decimal. B<d=XX> specifies the current depth. The depth is increased | |
| 125 | within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length | |
| 126 | (tag and length octets) of the current type. B<l=XX> gives the length of | |
| 127 | the contents octets. | |
| 128 | ||
| 129 | The B<-i> option can be used to make the output more readable. | |
| 130 | ||
| 131 | Some knowledge of the ASN.1 structure is needed to interpret the output. | |
| 132 | ||
| 133 | In this example the BIT STRING at offset 229 is the certificate public key. | |
| 134 | The contents octets of this will contain the public key information. This can | |
| 135 | be examined using the option B<-strparse 229> to yield: | |
| 136 | ||
| 137 | 0:d=0 hl=3 l= 137 cons: SEQUENCE | |
| 138 | 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 | |
| 139 | 135:d=1 hl=2 l= 3 prim: INTEGER :010001 | |
| 140 | ||
| 141 | =head1 NOTES | |
| 142 | ||
| 143 | If an OID is not part of OpenSSL's internal table it will be represented in | |
| 144 | numerical form (for example 1.2.3.4). The file passed to the B<-oid> option | |
| 145 | allows additional OIDs to be included. Each line consists of three columns, | |
| 146 | the first column is the OID in numerical format and should be followed by white | |
| 147 | space. The second column is the "short name" which is a single word followed | |
| 148 | by white space. The final column is the rest of the line and is the | |
| 149 | "long name". B<asn1parse> displays the long name. Example: | |
| 150 | ||
| 151 | C<1.2.3.4 shortName A long name> | |
| 152 | ||
| 04f0a6ba DSH |
153 | =head1 EXAMPLES |
| 154 | ||
| 155 | Parse a file: | |
| 156 | ||
| 157 | openssl asn1parse -in file.pem | |
| 158 | ||
| 159 | Parse a DER file: | |
| 160 | ||
| 161 | openssl asn1parse -inform DER -in file.der | |
| 162 | ||
| 163 | Generate a simple UTF8String: | |
| 164 | ||
| 165 | openssl asn1parse -genstr 'UTF8:Hello World' | |
| 166 | ||
| 167 | Generate and write out a UTF8String, don't print parsed output: | |
| 168 | ||
| 169 | openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der | |
| 170 | ||
| 171 | Generate using a config file: | |
| 172 | ||
| 173 | openssl asn1parse -genconf asn1.cnf -noout -out asn1.der | |
| 174 | ||
| 175 | Example config file: | |
| 176 | ||
| 177 | asn1=SEQUENCE:seq_sect | |
| 178 | ||
| 179 | [seq_sect] | |
| 180 | ||
| 181 | field1=BOOL:TRUE | |
| 182 | field2=EXP:0, UTF8:some random string | |
| 183 | ||
| 184 | ||
| aba3e65f DSH |
185 | =head1 BUGS |
| 186 | ||
| 59c70298 | 187 | There should be options to change the format of output lines. The output of some |
| aba3e65f DSH |
188 | ASN.1 types is not well handled (if at all). |
| 189 | ||
| 51cc37b6 DSH |
190 | =head1 SEE ALSO |
| 191 | ||
| 9b86974e | 192 | L<ASN1_generate_nconf(3)> |
| 51cc37b6 | 193 | |
| aba3e65f | 194 | =cut |