]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | asn1parse - ASN.1 parsing tool | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
af29811e | 9 | B<openssl> B<asn1parse> |
aba3e65f DSH |
10 | [B<-inform PEM|DER>] |
11 | [B<-in filename>] | |
12 | [B<-out filename>] | |
13 | [B<-noout>] | |
14 | [B<-offset number>] | |
15 | [B<-length number>] | |
16 | [B<-i>] | |
17 | [B<-oid filename>] | |
fc1d88f0 RS |
18 | [B<-dump>] |
19 | [B<-dlimit num>] | |
aba3e65f | 20 | [B<-strparse offset>] |
04f0a6ba DSH |
21 | [B<-genstr string>] |
22 | [B<-genconf file>] | |
6b5c1d94 | 23 | [B<-strictpem>] |
aba3e65f DSH |
24 | |
25 | =head1 DESCRIPTION | |
26 | ||
27 | The B<asn1parse> command is a diagnostic utility that can parse ASN.1 | |
28 | structures. It can also be used to extract data from ASN.1 formatted data. | |
29 | ||
30 | =head1 OPTIONS | |
31 | ||
32 | =over 4 | |
33 | ||
34 | =item B<-inform> B<DER|PEM> | |
35 | ||
36 | the input format. B<DER> is binary format and B<PEM> (the default) is base64 | |
37 | encoded. | |
38 | ||
39 | =item B<-in filename> | |
40 | ||
41 | the input file, default is standard input | |
42 | ||
43 | =item B<-out filename> | |
44 | ||
45 | output file to place the DER encoded data into. If this | |
46 | option is not present then no data will be output. This is most useful when | |
47 | combined with the B<-strparse> option. | |
48 | ||
49 | =item B<-noout> | |
50 | ||
19d2bb57 | 51 | don't output the parsed version of the input file. |
aba3e65f DSH |
52 | |
53 | =item B<-offset number> | |
54 | ||
55 | starting offset to begin parsing, default is start of file. | |
56 | ||
57 | =item B<-length number> | |
58 | ||
59 | number of bytes to parse, default is until end of file. | |
60 | ||
61 | =item B<-i> | |
62 | ||
63 | indents the output according to the "depth" of the structures. | |
64 | ||
65 | =item B<-oid filename> | |
66 | ||
67 | a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this | |
68 | file is described in the NOTES section below. | |
69 | ||
fc1d88f0 RS |
70 | =item B<-dump> |
71 | ||
72 | dump unknown data in hex format. | |
73 | ||
74 | =item B<-dlimit num> | |
75 | ||
76 | like B<-dump>, but only the first B<num> bytes are output. | |
77 | ||
aba3e65f DSH |
78 | =item B<-strparse offset> |
79 | ||
80 | parse the contents octets of the ASN.1 object starting at B<offset>. This | |
81 | option can be used multiple times to "drill down" into a nested structure. | |
82 | ||
04f0a6ba DSH |
83 | =item B<-genstr string>, B<-genconf file> |
84 | ||
85 | generate encoded data based on B<string>, B<file> or both using | |
9b86974e | 86 | L<ASN1_generate_nconf(3)> format. If B<file> only is |
51cc37b6 DSH |
87 | present then the string is obtained from the default section using the name |
88 | B<asn1>. The encoded data is passed through the ASN1 parser and printed out as | |
89 | though it came from a file, the contents can thus be examined and written to a | |
90 | file using the B<out> option. | |
aba3e65f | 91 | |
6b5c1d94 MC |
92 | =item B<-strictpem> |
93 | ||
94 | If this option is used then B<-inform> will be ignored. Without this option any | |
3d9243f1 MC |
95 | data in a PEM format input file will be treated as being base64 encoded and |
96 | processed whether it has the normal PEM BEGIN and END markers or not. This | |
97 | option will ignore any data prior to the start of the BEGIN marker, or after an | |
98 | END marker in a PEM file. | |
6b5c1d94 | 99 | |
aba3e65f DSH |
100 | =back |
101 | ||
102 | =head2 OUTPUT | |
103 | ||
104 | The output will typically contain lines like this: | |
105 | ||
106 | 0:d=0 hl=4 l= 681 cons: SEQUENCE | |
107 | ||
108 | ..... | |
109 | ||
6b5c1d94 | 110 | 229:d=3 hl=3 l= 141 prim: BIT STRING |
aba3e65f DSH |
111 | 373:d=2 hl=3 l= 162 cons: cont [ 3 ] |
112 | 376:d=3 hl=3 l= 159 cons: SEQUENCE | |
113 | 379:d=4 hl=2 l= 29 cons: SEQUENCE | |
114 | 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier | |
115 | 386:d=5 hl=2 l= 22 prim: OCTET STRING | |
116 | 410:d=4 hl=2 l= 112 cons: SEQUENCE | |
117 | 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier | |
118 | 417:d=5 hl=2 l= 105 prim: OCTET STRING | |
119 | 524:d=4 hl=2 l= 12 cons: SEQUENCE | |
120 | ||
121 | ..... | |
122 | ||
123 | This example is part of a self signed certificate. Each line starts with the | |
124 | offset in decimal. B<d=XX> specifies the current depth. The depth is increased | |
125 | within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length | |
126 | (tag and length octets) of the current type. B<l=XX> gives the length of | |
127 | the contents octets. | |
128 | ||
129 | The B<-i> option can be used to make the output more readable. | |
130 | ||
131 | Some knowledge of the ASN.1 structure is needed to interpret the output. | |
132 | ||
133 | In this example the BIT STRING at offset 229 is the certificate public key. | |
134 | The contents octets of this will contain the public key information. This can | |
135 | be examined using the option B<-strparse 229> to yield: | |
136 | ||
137 | 0:d=0 hl=3 l= 137 cons: SEQUENCE | |
138 | 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 | |
139 | 135:d=1 hl=2 l= 3 prim: INTEGER :010001 | |
140 | ||
141 | =head1 NOTES | |
142 | ||
143 | If an OID is not part of OpenSSL's internal table it will be represented in | |
144 | numerical form (for example 1.2.3.4). The file passed to the B<-oid> option | |
145 | allows additional OIDs to be included. Each line consists of three columns, | |
146 | the first column is the OID in numerical format and should be followed by white | |
147 | space. The second column is the "short name" which is a single word followed | |
148 | by white space. The final column is the rest of the line and is the | |
149 | "long name". B<asn1parse> displays the long name. Example: | |
150 | ||
151 | C<1.2.3.4 shortName A long name> | |
152 | ||
04f0a6ba DSH |
153 | =head1 EXAMPLES |
154 | ||
155 | Parse a file: | |
156 | ||
157 | openssl asn1parse -in file.pem | |
158 | ||
159 | Parse a DER file: | |
160 | ||
161 | openssl asn1parse -inform DER -in file.der | |
162 | ||
163 | Generate a simple UTF8String: | |
164 | ||
165 | openssl asn1parse -genstr 'UTF8:Hello World' | |
166 | ||
167 | Generate and write out a UTF8String, don't print parsed output: | |
168 | ||
169 | openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der | |
170 | ||
171 | Generate using a config file: | |
172 | ||
173 | openssl asn1parse -genconf asn1.cnf -noout -out asn1.der | |
174 | ||
175 | Example config file: | |
176 | ||
177 | asn1=SEQUENCE:seq_sect | |
178 | ||
179 | [seq_sect] | |
180 | ||
181 | field1=BOOL:TRUE | |
182 | field2=EXP:0, UTF8:some random string | |
183 | ||
184 | ||
aba3e65f DSH |
185 | =head1 BUGS |
186 | ||
59c70298 | 187 | There should be options to change the format of output lines. The output of some |
aba3e65f DSH |
188 | ASN.1 types is not well handled (if at all). |
189 | ||
51cc37b6 DSH |
190 | =head1 SEE ALSO |
191 | ||
9b86974e | 192 | L<ASN1_generate_nconf(3)> |
51cc37b6 | 193 | |
aba3e65f | 194 | =cut |