ASN.1 File Structure Supported by OpenSSL


What is the ASN.1 (or ASN1) file structure supported by OpenSSL?



ASN.1 (Abstract Syntax Notation One) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking.

ASN.1 defines how data of multiple fields should organized into a sequential structure and encoded into a binary string, so that it can safely transferred or saved.

For example, a "Question" data type that contains a tracking number and a string of question text can be expressed in an ASN.1 structure as:

Question ::= SEQUENCE {
   trackingNumber INTEGER,
   questionText   IA5String

Here is an example instance of this "Question" data type:

Question ::= {
    trackingNumber 5,
    questionText   "Anybody there?"

The most common way to encode an ASN.1 structure into a binary string is called DER (Distinguished Encoding Rules), which used nested type-length-value triplets to encode ASN.1 structures.

The above "Question" instance can be encoded in DER format as:

Type: SEQUENCE              > 0x30
Length: 19 bytes            > 0x13
Value: {
    Type: INTEGER           > 0x02
    Length: 1 byte          > 0x01
    Value: 5                > 0x05
    Type: IA5STRING         > 0x16
    Length: 14 types        > 0x0e
    Value: "Anybody there?" > 0x416e79626f64792074686572653f

Final binary string: 

Note that:

  • DER encoding uses a list of predefined types, like INTEGER (0x02).
  • DER encoding does not encoding data field names, like "trackingNumber".

By the way, OpenSSL assumes that all certificates, keys, and CSRs are stored in PEM format (which is Base64 encoded of DER format of ASN.1 structure).


ASN.1 Field Types Supported by OpenSSL

OpenSSL "ans1parse" Command Options

OpenSSL "ans1parse" Command

⇑⇑ OpenSSL Tutorials

2016-10-17, 5360👍, 0💬