asn1parse.pod revision 279265
1139825Simp=pod 225164Speter 325164Speter=head1 NAME 425164Speter 525164Speterasn1parse - ASN.1 parsing tool 625164Speter 725164Speter=head1 SYNOPSIS 825164Speter 950477SpeterB<openssl> B<asn1parse> 1025164Speter[B<-inform PEM|DER>] 1125164Speter[B<-in filename>] 1276078Sjhb[B<-out filename>] 1376078Sjhb[B<-noout>] 1425164Speter[B<-offset number>] 1555205Speter[B<-length number>] 1625164Speter[B<-i>] 1776078Sjhb[B<-oid filename>] 1825517Sfsmp[B<-dump>] 19222813Sattilio[B<-dlimit num>] 20297558Savg[B<-strparse offset>] 21222813Sattilio[B<-genstr string>] 22117005Sjeff[B<-genconf file>] 23297558Savg 24297558Savg=head1 DESCRIPTION 25297558Savg 26297558SavgThe B<asn1parse> command is a diagnostic utility that can parse ASN.1 27297558Savgstructures. It can also be used to extract data from ASN.1 formatted data. 28297558Savg 29297558Savg=head1 OPTIONS 30297558Savg 31297558Savg=over 4 32297558Savg 33297558Savg=item B<-inform> B<DER|PEM> 34297558Savg 35297558Savgthe input format. B<DER> is binary format and B<PEM> (the default) is base64 36297558Savgencoded. 37297558Savg 38297558Savg=item B<-in filename> 39297558Savg 40297558Savgthe input file, default is standard input 41297558Savg 42297558Savg=item B<-out filename> 43297558Savg 44297558Savgoutput file to place the DER encoded data into. If this 45297558Savgoption is not present then no data will be output. This is most useful when 46297558Savgcombined with the B<-strparse> option. 47297558Savg 48297558Savg=item B<-noout> 49297558Savg 50297558Savgdon't output the parsed version of the input file. 51297558Savg 52297558Savg=item B<-offset number> 53297558Savg 54297558Savgstarting offset to begin parsing, default is start of file. 55297558Savg 56297558Savg=item B<-length number> 57297558Savg 58297558Savgnumber of bytes to parse, default is until end of file. 59297558Savg 60297558Savg=item B<-i> 61297558Savg 62297558Savgindents the output according to the "depth" of the structures. 63297558Savg 64297558Savg=item B<-oid filename> 65297558Savg 66117005Sjeffa file containing additional OBJECT IDENTIFIERs (OIDs). The format of this 67117005Sjefffile is described in the NOTES section below. 68117005Sjeff 69117005Sjeff=item B<-dump> 70117005Sjeff 71117005Sjeffdump unknown data in hex format. 72117005Sjeff 73117005Sjeff=item B<-dlimit num> 74117005Sjeff 75117005Sjefflike B<-dump>, but only the first B<num> bytes are output. 76117005Sjeff 77117005Sjeff=item B<-strparse offset> 78176734Sjeff 79176734Sjeffparse the contents octets of the ASN.1 object starting at B<offset>. This 80222813Sattiliooption can be used multiple times to "drill down" into a nested structure. 81222200Sattilio 82222200Sattilio=item B<-genstr string>, B<-genconf file> 83176734Sjeff 84176734Sjeffgenerate encoded data based on B<string>, B<file> or both using 85117005SjeffASN1_generate_nconf() format. If B<file> only is present then the string 86117005Sjeffis obtained from the default section using the name B<asn1>. The encoded 87215159Snwhitehorndata is passed through the ASN1 parser and printed out as though it came 88215159Snwhitehornfrom a file, the contents can thus be examined and written to a file 89176734Sjeffusing the B<out> option. 90176734Sjeff 91176734Sjeff=back 92176734Sjeff 93176734Sjeff=head2 OUTPUT 94176734Sjeff 95176734SjeffThe output will typically contain lines like this: 96176734Sjeff 97117005Sjeff 0:d=0 hl=4 l= 681 cons: SEQUENCE 98297558Savg 99297558Savg..... 100176734Sjeff 101176734Sjeff 229:d=3 hl=3 l= 141 prim: BIT STRING 102176734Sjeff 373:d=2 hl=3 l= 162 cons: cont [ 3 ] 103176734Sjeff 376:d=3 hl=3 l= 159 cons: SEQUENCE 104191643Sjeff 379:d=4 hl=2 l= 29 cons: SEQUENCE 105191643Sjeff 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 106176734Sjeff 386:d=5 hl=2 l= 22 prim: OCTET STRING 107176734Sjeff 410:d=4 hl=2 l= 112 cons: SEQUENCE 108297558Savg 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 109176734Sjeff 417:d=5 hl=2 l= 105 prim: OCTET STRING 110215159Snwhitehorn 524:d=4 hl=2 l= 12 cons: SEQUENCE 111297558Savg 112297558Savg..... 113297558Savg 114297558SavgThis example is part of a self signed certificate. Each line starts with the 115297558Savgoffset in decimal. B<d=XX> specifies the current depth. The depth is increased 116297558Savgwithin the scope of any SET or SEQUENCE. B<hl=XX> gives the header length 117297558Savg(tag and length octets) of the current type. B<l=XX> gives the length of 118297558Savgthe contents octets. 119297558Savg 120297558SavgThe B<-i> option can be used to make the output more readable. 121297558Savg 122297558SavgSome knowledge of the ASN.1 structure is needed to interpret the output. 123297558Savg 124297558SavgIn this example the BIT STRING at offset 229 is the certificate public key. 125297558SavgThe contents octets of this will contain the public key information. This can 126297558Savgbe examined using the option B<-strparse 229> to yield: 127297558Savg 128297558Savg 0:d=0 hl=3 l= 137 cons: SEQUENCE 129176734Sjeff 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 130297558Savg 135:d=1 hl=2 l= 3 prim: INTEGER :010001 131176734Sjeff 132176734Sjeff=head1 NOTES 133176734Sjeff 134176734SjeffIf an OID is not part of OpenSSL's internal table it will be represented in 135176734Sjeffnumerical form (for example 1.2.3.4). The file passed to the B<-oid> option 136176734Sjeffallows additional OIDs to be included. Each line consists of three columns, 13776078Sjhbthe first column is the OID in numerical format and should be followed by white 13876078Sjhbspace. The second column is the "short name" which is a single word followed 139331909Savgby white space. The final column is the rest of the line and is the 140331909Savg"long name". B<asn1parse> displays the long name. Example: 141331909Savg 142331909SavgC<1.2.3.4 shortName A long name> 143331909Savg 144331909Savg=head1 EXAMPLES 145331909Savg 146222813SattilioParse a file: 147123125Sjhb 148123125Sjhb openssl asn1parse -in file.pem 14991673Sjeff 150134689SjulianParse a DER file: 151123125Sjhb 152123125Sjhb openssl asn1parse -inform DER -in file.der 15327728Sfsmp 154222813SattilioGenerate a simple UTF8String: 155276829Sjhb 156134591Sjulian openssl asn1parse -genstr 'UTF8:Hello World' 15727002Sfsmp 15880779SbmilekicGenerate and write out a UTF8String, don't print parsed output: 15980779Sbmilekic 16080779Sbmilekic openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der 16180779Sbmilekic 162222813SattilioGenerate using a config file: 16380779Sbmilekic 164209050Sjhb openssl asn1parse -genconf asn1.cnf -noout -out asn1.der 165209050Sjhb 166209050SjhbExample config file: 167209050Sjhb 168209050Sjhb asn1=SEQUENCE:seq_sect 169209050Sjhb 170209050Sjhb [seq_sect] 171209050Sjhb 172209050Sjhb field1=BOOL:TRUE 173209050Sjhb field2=EXP:0, UTF8:some random string 174209050Sjhb 175209050Sjhb 176209050Sjhb=head1 BUGS 177209050Sjhb 178209050SjhbThere should be options to change the format of output lines. The output of some 179209050SjhbASN.1 types is not well handled (if at all). 180209050Sjhb 181209050Sjhb=cut 182209050Sjhb