OpenSSL "ans1parse -genconf" - Configuration File

Q

How to generate a DER file with a configuration file using the OpenSSL "ans1parse" command?

✍: FYIcenter.com

A

You can use the OpenSSL configuration file to define an ASN.1 structure and call OpenSSL "ans1parse -genconf config_file" command to generate a DER file by respecting the following rules:

1. Use "ans1parse -genconf config_file" option in the command line to specify which configuration file to use.

2. Use "ans1" option in the global section in the configuration file to define the ASN.1 structure. For example, the following configuration file will generate a single primitive field DER file:

default_md = md5
asn1 = INTEGER:255
...

[...]

3. Use a dedicate section in the configuration file to define the content of a SEQUENCE field and assign the section to the "asn1" option. The child field of the SEQUENCE is defined using the "name = type:value" format. For example, the following configuration file will generate a DER file of a SEQUENCE ASN.1 structure:

default_md = md5
asn1 = SEQUENCE:questionSection
...

[questionSection]
trackingNumber = INTEGER:5
questionText   = IA5STRING:"Anybody there?"

[...]

4. Use multiple sections to define nested SEQUENCE ASN.1 structures For example, the following configuration file will generate a DER file of a nested SEQUENCE ASN.1 structure:

default_md = md5
asn1 = SEQUENCE:questionSection
...

[questionSection]
trackingNumber = INTEGER:5
questionText   = IA5STRING:"In asymmetric encryption, which key can be given out?"
answerOption   = SEQUENCE:optionSection
   
[optionSection]
optionA = IA5STRING:"A) Private key"
optionB = IA5STRING:"B) Public key"
optionC = IA5STRING:"C) Both keys"

[...]

 

OpenSSL "ans1parse -genconf" - Nested SEQUENCE ASN.1 Structure

OpenSSL "ans1parse -in" - Parse DER File

OpenSSL "ans1parse" Command

⇑⇑ OpenSSL Tutorials

2016-10-15, 5390👍, 0💬