]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-asn1parse - ASN.1 parsing tool |
aba3e65f DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
af29811e | 9 | B<openssl> B<asn1parse> |
0ae9e292 | 10 | [B<-help>] |
e8769719 RS |
11 | [B<-inform> B<DER>|B<PEM>] |
12 | [B<-in> I<filename>] | |
13 | [B<-out> I<filename>] | |
aba3e65f | 14 | [B<-noout>] |
e8769719 RS |
15 | [B<-offset> I<number>] |
16 | [B<-length> I<number>] | |
aba3e65f | 17 | [B<-i>] |
e8769719 | 18 | [B<-oid> I<filename>] |
fc1d88f0 | 19 | [B<-dump>] |
e8769719 RS |
20 | [B<-dlimit> I<num>] |
21 | [B<-strparse> I<offset>] | |
22 | [B<-genstr> I<string>] | |
23 | [B<-genconf> I<file>] | |
6b5c1d94 | 24 | [B<-strictpem>] |
e8769719 | 25 | [B<-item> I<name>] |
aba3e65f DSH |
26 | |
27 | =head1 DESCRIPTION | |
28 | ||
35a810bb RL |
29 | This command is a diagnostic utility that can parse ASN.1 structures. |
30 | It can also be used to extract data from ASN.1 formatted data. | |
aba3e65f DSH |
31 | |
32 | =head1 OPTIONS | |
33 | ||
34 | =over 4 | |
35 | ||
0ae9e292 RS |
36 | =item B<-help> |
37 | ||
38 | Print out a usage message. | |
39 | ||
e8769719 | 40 | =item B<-inform> B<DER>|B<PEM> |
aba3e65f | 41 | |
2f0ea936 | 42 | The input format. B<DER> is binary format and B<PEM> (the default) is base64 |
aba3e65f DSH |
43 | encoded. |
44 | ||
e8769719 | 45 | =item B<-in> I<filename> |
aba3e65f | 46 | |
c4de074e | 47 | The input file, default is standard input. |
aba3e65f | 48 | |
e8769719 | 49 | =item B<-out> I<filename> |
aba3e65f | 50 | |
c4de074e | 51 | Output file to place the DER encoded data into. If this |
aba3e65f DSH |
52 | option is not present then no data will be output. This is most useful when |
53 | combined with the B<-strparse> option. | |
54 | ||
55 | =item B<-noout> | |
56 | ||
c4de074e | 57 | Don't output the parsed version of the input file. |
aba3e65f | 58 | |
e8769719 | 59 | =item B<-offset> I<number> |
aba3e65f | 60 | |
c4de074e | 61 | Starting offset to begin parsing, default is start of file. |
aba3e65f | 62 | |
e8769719 | 63 | =item B<-length> I<number> |
aba3e65f | 64 | |
c4de074e | 65 | Number of bytes to parse, default is until end of file. |
aba3e65f DSH |
66 | |
67 | =item B<-i> | |
68 | ||
c4de074e | 69 | Indents the output according to the "depth" of the structures. |
aba3e65f | 70 | |
e8769719 | 71 | =item B<-oid> I<filename> |
aba3e65f | 72 | |
c4de074e | 73 | A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this |
aba3e65f DSH |
74 | file is described in the NOTES section below. |
75 | ||
fc1d88f0 RS |
76 | =item B<-dump> |
77 | ||
c4de074e | 78 | Dump unknown data in hex format. |
fc1d88f0 | 79 | |
e8769719 | 80 | =item B<-dlimit> I<num> |
fc1d88f0 | 81 | |
c4de074e | 82 | Like B<-dump>, but only the first B<num> bytes are output. |
fc1d88f0 | 83 | |
e8769719 | 84 | =item B<-strparse> I<offset> |
aba3e65f | 85 | |
c4de074e | 86 | Parse the contents octets of the ASN.1 object starting at B<offset>. This |
aba3e65f DSH |
87 | option can be used multiple times to "drill down" into a nested structure. |
88 | ||
e8769719 | 89 | =item B<-genstr> I<string>, B<-genconf> I<file> |
04f0a6ba | 90 | |
2f0ea936 RL |
91 | Generate encoded data based on I<string>, I<file> or both using |
92 | L<ASN1_generate_nconf(3)> format. If I<file> only is | |
51cc37b6 DSH |
93 | present then the string is obtained from the default section using the name |
94 | B<asn1>. The encoded data is passed through the ASN1 parser and printed out as | |
95 | though it came from a file, the contents can thus be examined and written to a | |
2f0ea936 | 96 | file using the B<-out> option. |
aba3e65f | 97 | |
6b5c1d94 MC |
98 | =item B<-strictpem> |
99 | ||
100 | If this option is used then B<-inform> will be ignored. Without this option any | |
3d9243f1 MC |
101 | data in a PEM format input file will be treated as being base64 encoded and |
102 | processed whether it has the normal PEM BEGIN and END markers or not. This | |
103 | option will ignore any data prior to the start of the BEGIN marker, or after an | |
104 | END marker in a PEM file. | |
6b5c1d94 | 105 | |
e8769719 | 106 | =item B<-item> I<name> |
5fb10059 | 107 | |
2f0ea936 RL |
108 | Attempt to decode and print the data as B<ASN1_ITEM> I<name>. This can be used |
109 | to print out the fields of any supported ASN.1 structure if the type is known. | |
5fb10059 | 110 | |
aba3e65f DSH |
111 | =back |
112 | ||
05ea606a | 113 | =head2 Output |
aba3e65f DSH |
114 | |
115 | The output will typically contain lines like this: | |
116 | ||
1bc74519 | 117 | 0:d=0 hl=4 l= 681 cons: SEQUENCE |
aba3e65f DSH |
118 | |
119 | ..... | |
120 | ||
6b5c1d94 | 121 | 229:d=3 hl=3 l= 141 prim: BIT STRING |
1bc74519 RS |
122 | 373:d=2 hl=3 l= 162 cons: cont [ 3 ] |
123 | 376:d=3 hl=3 l= 159 cons: SEQUENCE | |
124 | 379:d=4 hl=2 l= 29 cons: SEQUENCE | |
aba3e65f | 125 | 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier |
1bc74519 RS |
126 | 386:d=5 hl=2 l= 22 prim: OCTET STRING |
127 | 410:d=4 hl=2 l= 112 cons: SEQUENCE | |
aba3e65f | 128 | 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier |
1bc74519 RS |
129 | 417:d=5 hl=2 l= 105 prim: OCTET STRING |
130 | 524:d=4 hl=2 l= 12 cons: SEQUENCE | |
aba3e65f DSH |
131 | |
132 | ..... | |
133 | ||
77a795e4 | 134 | This example is part of a self-signed certificate. Each line starts with the |
a43384fd RL |
135 | offset in decimal. C<d=XX> specifies the current depth. The depth is increased |
136 | within the scope of any SET or SEQUENCE. C<hl=XX> gives the header length | |
137 | (tag and length octets) of the current type. C<l=XX> gives the length of | |
aba3e65f DSH |
138 | the contents octets. |
139 | ||
140 | The B<-i> option can be used to make the output more readable. | |
141 | ||
1bc74519 | 142 | Some knowledge of the ASN.1 structure is needed to interpret the output. |
aba3e65f DSH |
143 | |
144 | In this example the BIT STRING at offset 229 is the certificate public key. | |
145 | The contents octets of this will contain the public key information. This can | |
e8769719 | 146 | be examined using the option C<-strparse 229> to yield: |
aba3e65f | 147 | |
1bc74519 | 148 | 0:d=0 hl=3 l= 137 cons: SEQUENCE |
aba3e65f DSH |
149 | 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 |
150 | 135:d=1 hl=2 l= 3 prim: INTEGER :010001 | |
151 | ||
152 | =head1 NOTES | |
153 | ||
154 | If an OID is not part of OpenSSL's internal table it will be represented in | |
1bc74519 | 155 | numerical form (for example 1.2.3.4). The file passed to the B<-oid> option |
aba3e65f DSH |
156 | allows additional OIDs to be included. Each line consists of three columns, |
157 | the first column is the OID in numerical format and should be followed by white | |
158 | space. The second column is the "short name" which is a single word followed | |
159 | by white space. The final column is the rest of the line and is the | |
35a810bb | 160 | "long name". Example: |
aba3e65f | 161 | |
1bc74519 | 162 | C<1.2.3.4 shortName A long name> |
aba3e65f | 163 | |
04f0a6ba DSH |
164 | =head1 EXAMPLES |
165 | ||
166 | Parse a file: | |
167 | ||
168 | openssl asn1parse -in file.pem | |
169 | ||
170 | Parse a DER file: | |
171 | ||
172 | openssl asn1parse -inform DER -in file.der | |
173 | ||
174 | Generate a simple UTF8String: | |
175 | ||
176 | openssl asn1parse -genstr 'UTF8:Hello World' | |
177 | ||
178 | Generate and write out a UTF8String, don't print parsed output: | |
179 | ||
180 | openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der | |
181 | ||
182 | Generate using a config file: | |
183 | ||
184 | openssl asn1parse -genconf asn1.cnf -noout -out asn1.der | |
185 | ||
186 | Example config file: | |
187 | ||
188 | asn1=SEQUENCE:seq_sect | |
189 | ||
190 | [seq_sect] | |
191 | ||
192 | field1=BOOL:TRUE | |
193 | field2=EXP:0, UTF8:some random string | |
194 | ||
195 | ||
aba3e65f DSH |
196 | =head1 BUGS |
197 | ||
59c70298 | 198 | There should be options to change the format of output lines. The output of some |
aba3e65f DSH |
199 | ASN.1 types is not well handled (if at all). |
200 | ||
51cc37b6 DSH |
201 | =head1 SEE ALSO |
202 | ||
b6b66573 | 203 | L<openssl(1)>, |
9b86974e | 204 | L<ASN1_generate_nconf(3)> |
51cc37b6 | 205 | |
e2f92610 RS |
206 | =head1 COPYRIGHT |
207 | ||
b6b66573 | 208 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 209 | |
449040b4 | 210 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
211 | this file except in compliance with the License. You can obtain a copy |
212 | in the file LICENSE in the source distribution or at | |
213 | L<https://www.openssl.org/source/license.html>. | |
214 | ||
215 | =cut |