From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/doc/apps/asn1parse.pod | 209 ++++++++++++++++++++++++++++++++++ 1 file changed, 209 insertions(+) create mode 100644 openssl-1.1.0h/doc/apps/asn1parse.pod (limited to 'openssl-1.1.0h/doc/apps/asn1parse.pod') diff --git a/openssl-1.1.0h/doc/apps/asn1parse.pod b/openssl-1.1.0h/doc/apps/asn1parse.pod new file mode 100644 index 0000000..3c607e8 --- /dev/null +++ b/openssl-1.1.0h/doc/apps/asn1parse.pod @@ -0,0 +1,209 @@ +=pod + +=head1 NAME + +openssl-asn1parse, +asn1parse - ASN.1 parsing tool + +=head1 SYNOPSIS + +B B +[B<-help>] +[B<-inform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-offset number>] +[B<-length number>] +[B<-i>] +[B<-oid filename>] +[B<-dump>] +[B<-dlimit num>] +[B<-strparse offset>] +[B<-genstr string>] +[B<-genconf file>] +[B<-strictpem>] + +=head1 DESCRIPTION + +The B command is a diagnostic utility that can parse ASN.1 +structures. It can also be used to extract data from ASN.1 formatted data. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print out a usage message. + +=item B<-inform> B + +the input format. B is binary format and B (the default) is base64 +encoded. + +=item B<-in filename> + +the input file, default is standard input + +=item B<-out filename> + +output file to place the DER encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the B<-strparse> option. + +=item B<-noout> + +don't output the parsed version of the input file. + +=item B<-offset number> + +starting offset to begin parsing, default is start of file. + +=item B<-length number> + +number of bytes to parse, default is until end of file. + +=item B<-i> + +indents the output according to the "depth" of the structures. + +=item B<-oid filename> + +a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +file is described in the NOTES section below. + +=item B<-dump> + +dump unknown data in hex format. + +=item B<-dlimit num> + +like B<-dump>, but only the first B bytes are output. + +=item B<-strparse offset> + +parse the contents octets of the ASN.1 object starting at B. This +option can be used multiple times to "drill down" into a nested structure. + +=item B<-genstr string>, B<-genconf file> + +generate encoded data based on B, B or both using +L format. If B only is +present then the string is obtained from the default section using the name +B. The encoded data is passed through the ASN1 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the B option. + +=item B<-strictpem> + +If this option is used then B<-inform> will be ignored. Without this option any +data in a PEM format input file will be treated as being base64 encoded and +processed whether it has the normal PEM BEGIN and END markers or not. This +option will ignore any data prior to the start of the BEGIN marker, or after an +END marker in a PEM file. + +=back + +=head2 Output + +The output will typically contain lines like this: + + 0:d=0 hl=4 l= 681 cons: SEQUENCE + +..... + + 229:d=3 hl=3 l= 141 prim: BIT STRING + 373:d=2 hl=3 l= 162 cons: cont [ 3 ] + 376:d=3 hl=3 l= 159 cons: SEQUENCE + 379:d=4 hl=2 l= 29 cons: SEQUENCE + 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier + 386:d=5 hl=2 l= 22 prim: OCTET STRING + 410:d=4 hl=2 l= 112 cons: SEQUENCE + 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier + 417:d=5 hl=2 l= 105 prim: OCTET STRING + 524:d=4 hl=2 l= 12 cons: SEQUENCE + +..... + +This example is part of a self-signed certificate. Each line starts with the +offset in decimal. B specifies the current depth. The depth is increased +within the scope of any SET or SEQUENCE. B gives the header length +(tag and length octets) of the current type. B gives the length of +the contents octets. + +The B<-i> option can be used to make the output more readable. + +Some knowledge of the ASN.1 structure is needed to interpret the output. + +In this example the BIT STRING at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option B<-strparse 229> to yield: + + 0:d=0 hl=3 l= 137 cons: SEQUENCE + 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 + 135:d=1 hl=2 l= 3 prim: INTEGER :010001 + +=head1 NOTES + +If an OID is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the B<-oid> option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the OID in numerical format and should be followed by white +space. The second column is the "short name" which is a single word followed +by white space. The final column is the rest of the line and is the +"long name". B displays the long name. Example: + +C<1.2.3.4 shortName A long name> + +=head1 EXAMPLES + +Parse a file: + + openssl asn1parse -in file.pem + +Parse a DER file: + + openssl asn1parse -inform DER -in file.der + +Generate a simple UTF8String: + + openssl asn1parse -genstr 'UTF8:Hello World' + +Generate and write out a UTF8String, don't print parsed output: + + openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der + +Generate using a config file: + + openssl asn1parse -genconf asn1.cnf -noout -out asn1.der + +Example config file: + + asn1=SEQUENCE:seq_sect + + [seq_sect] + + field1=BOOL:TRUE + field2=EXP:0, UTF8:some random string + + +=head1 BUGS + +There should be options to change the format of output lines. The output of some +ASN.1 types is not well handled (if at all). + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- cgit v1.2.3