1 1.1 christos =pod 2 1.1 christos {- OpenSSL::safe::output_do_not_edit_headers(); -} 3 1.1 christos 4 1.1 christos =head1 NAME 5 1.1 christos 6 1.1 christos openssl-asn1parse - ASN.1 parsing command 7 1.1 christos 8 1.1 christos =head1 SYNOPSIS 9 1.1 christos 10 1.1 christos B<openssl> B<asn1parse> 11 1.1 christos [B<-help>] 12 1.1 christos [B<-inform> B<DER>|B<PEM>] 13 1.1 christos [B<-in> I<filename>] 14 1.1 christos [B<-out> I<filename>] 15 1.1 christos [B<-noout>] 16 1.1 christos [B<-offset> I<number>] 17 1.1 christos [B<-length> I<number>] 18 1.1 christos [B<-i>] 19 1.1 christos [B<-oid> I<filename>] 20 1.1 christos [B<-dump>] 21 1.1 christos [B<-dlimit> I<num>] 22 1.1 christos [B<-strparse> I<offset>] 23 1.1 christos [B<-genstr> I<string>] 24 1.1 christos [B<-genconf> I<file>] 25 1.1 christos [B<-strictpem>] 26 1.1 christos [B<-item> I<name>] 27 1.1 christos 28 1.1 christos =head1 DESCRIPTION 29 1.1 christos 30 1.1 christos This command is a diagnostic utility that can parse ASN.1 structures. 31 1.1 christos It can also be used to extract data from ASN.1 formatted data. 32 1.1 christos 33 1.1 christos =head1 OPTIONS 34 1.1 christos 35 1.1 christos =over 4 36 1.1 christos 37 1.1 christos =item B<-help> 38 1.1 christos 39 1.1 christos Print out a usage message. 40 1.1 christos 41 1.1 christos =item B<-inform> B<DER>|B<PEM> 42 1.1 christos 43 1.1 christos The input format; the default is B<PEM>. 44 1.1 christos See L<openssl-format-options(1)> for details. 45 1.1 christos 46 1.1 christos =item B<-in> I<filename> 47 1.1 christos 48 1.1 christos The input file, default is standard input. 49 1.1 christos 50 1.1 christos =item B<-out> I<filename> 51 1.1 christos 52 1.1 christos Output file to place the DER encoded data into. If this 53 1.1 christos option is not present then no data will be output. This is most useful when 54 1.1 christos combined with the B<-strparse> option. 55 1.1 christos 56 1.1 christos =item B<-noout> 57 1.1 christos 58 1.1 christos Don't output the parsed version of the input file. 59 1.1 christos 60 1.1 christos =item B<-offset> I<number> 61 1.1 christos 62 1.1 christos Starting offset to begin parsing, default is start of file. 63 1.1 christos 64 1.1 christos =item B<-length> I<number> 65 1.1 christos 66 1.1 christos Number of bytes to parse, default is until end of file. 67 1.1 christos 68 1.1 christos =item B<-i> 69 1.1 christos 70 1.1 christos Indents the output according to the "depth" of the structures. 71 1.1 christos 72 1.1 christos =item B<-oid> I<filename> 73 1.1 christos 74 1.1 christos A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this 75 1.1 christos file is described in the NOTES section below. 76 1.1 christos 77 1.1 christos =item B<-dump> 78 1.1 christos 79 1.1 christos Dump unknown data in hex format. 80 1.1 christos 81 1.1 christos =item B<-dlimit> I<num> 82 1.1 christos 83 1.1 christos Like B<-dump>, but only the first B<num> bytes are output. 84 1.1 christos 85 1.1 christos =item B<-strparse> I<offset> 86 1.1 christos 87 1.1 christos Parse the contents octets of the ASN.1 object starting at B<offset>. This 88 1.1 christos option can be used multiple times to "drill down" into a nested structure. 89 1.1 christos 90 1.1 christos =item B<-genstr> I<string>, B<-genconf> I<file> 91 1.1 christos 92 1.1 christos Generate encoded data based on I<string>, I<file> or both using 93 1.1 christos L<ASN1_generate_nconf(3)> format. If I<file> only is 94 1.1 christos present then the string is obtained from the default section using the name 95 1.1 christos B<asn1>. The encoded data is passed through the ASN1 parser and printed out as 96 1.1 christos though it came from a file, the contents can thus be examined and written to a 97 1.1 christos file using the B<-out> option. 98 1.1 christos 99 1.1 christos =item B<-strictpem> 100 1.1 christos 101 1.1 christos If this option is used then B<-inform> will be ignored. Without this option any 102 1.1 christos data in a PEM format input file will be treated as being base64 encoded and 103 1.1 christos processed whether it has the normal PEM BEGIN and END markers or not. This 104 1.1 christos option will ignore any data prior to the start of the BEGIN marker, or after an 105 1.1 christos END marker in a PEM file. 106 1.1 christos 107 1.1 christos =item B<-item> I<name> 108 1.1 christos 109 1.1 christos Attempt to decode and print the data as an B<ASN1_ITEM> I<name>. This can be 110 1.1 christos used to print out the fields of any supported ASN.1 structure if the type is 111 1.1 christos known. 112 1.1 christos 113 1.1 christos =back 114 1.1 christos 115 1.1 christos =head2 Output 116 1.1 christos 117 1.1 christos The output will typically contain lines like this: 118 1.1 christos 119 1.1 christos 0:d=0 hl=4 l= 681 cons: SEQUENCE 120 1.1 christos 121 1.1 christos ..... 122 1.1 christos 123 1.1 christos 229:d=3 hl=3 l= 141 prim: BIT STRING 124 1.1 christos 373:d=2 hl=3 l= 162 cons: cont [ 3 ] 125 1.1 christos 376:d=3 hl=3 l= 159 cons: SEQUENCE 126 1.1 christos 379:d=4 hl=2 l= 29 cons: SEQUENCE 127 1.1 christos 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier 128 1.1 christos 386:d=5 hl=2 l= 22 prim: OCTET STRING 129 1.1 christos 410:d=4 hl=2 l= 112 cons: SEQUENCE 130 1.1 christos 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier 131 1.1 christos 417:d=5 hl=2 l= 105 prim: OCTET STRING 132 1.1 christos 524:d=4 hl=2 l= 12 cons: SEQUENCE 133 1.1 christos 134 1.1 christos ..... 135 1.1 christos 136 1.1 christos This example is part of a self-signed certificate. Each line starts with the 137 1.1 christos offset in decimal. C<d=XX> specifies the current depth. The depth is increased 138 1.1 christos within the scope of any SET or SEQUENCE. C<hl=XX> gives the header length 139 1.1 christos (tag and length octets) of the current type. C<l=XX> gives the length of 140 1.1 christos the contents octets. 141 1.1 christos 142 1.1 christos The B<-i> option can be used to make the output more readable. 143 1.1 christos 144 1.1 christos Some knowledge of the ASN.1 structure is needed to interpret the output. 145 1.1 christos 146 1.1 christos In this example the BIT STRING at offset 229 is the certificate public key. 147 1.1 christos The contents octets of this will contain the public key information. This can 148 1.1 christos be examined using the option C<-strparse 229> to yield: 149 1.1 christos 150 1.1 christos 0:d=0 hl=3 l= 137 cons: SEQUENCE 151 1.1 christos 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 152 1.1 christos 135:d=1 hl=2 l= 3 prim: INTEGER :010001 153 1.1 christos 154 1.1 christos =head1 NOTES 155 1.1 christos 156 1.1 christos If an OID is not part of OpenSSL's internal table it will be represented in 157 1.1 christos numerical form (for example 1.2.3.4). The file passed to the B<-oid> option 158 1.1 christos allows additional OIDs to be included. Each line consists of three columns, 159 1.1 christos the first column is the OID in numerical format and should be followed by white 160 1.1 christos space. The second column is the "short name" which is a single word followed 161 1.1 christos by whitespace. The final column is the rest of the line and is the 162 1.1 christos "long name". Example: 163 1.1 christos 164 1.1 christos C<1.2.3.4 shortName A long name> 165 1.1 christos 166 1.1 christos For any OID with an associated short and long name, this command will display 167 1.1 christos the long name. 168 1.1 christos 169 1.1 christos =head1 EXAMPLES 170 1.1 christos 171 1.1 christos Parse a file: 172 1.1 christos 173 1.1 christos openssl asn1parse -in file.pem 174 1.1 christos 175 1.1 christos Parse a DER file: 176 1.1 christos 177 1.1 christos openssl asn1parse -inform DER -in file.der 178 1.1 christos 179 1.1 christos Generate a simple UTF8String: 180 1.1 christos 181 1.1 christos openssl asn1parse -genstr 'UTF8:Hello World' 182 1.1 christos 183 1.1 christos Generate and write out a UTF8String, don't print parsed output: 184 1.1 christos 185 1.1 christos openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der 186 1.1 christos 187 1.1 christos Generate using a config file: 188 1.1 christos 189 1.1 christos openssl asn1parse -genconf asn1.cnf -noout -out asn1.der 190 1.1 christos 191 1.1 christos Example config file: 192 1.1 christos 193 1.1 christos asn1=SEQUENCE:seq_sect 194 1.1 christos 195 1.1 christos [seq_sect] 196 1.1 christos 197 1.1 christos field1=BOOL:TRUE 198 1.1 christos field2=EXP:0, UTF8:some random string 199 1.1 christos 200 1.1 christos 201 1.1 christos =head1 BUGS 202 1.1 christos 203 1.1 christos There should be options to change the format of output lines. The output of some 204 1.1 christos ASN.1 types is not well handled (if at all). 205 1.1 christos 206 1.1 christos =head1 SEE ALSO 207 1.1 christos 208 1.1 christos L<openssl(1)>, 209 1.1 christos L<ASN1_generate_nconf(3)> 210 1.1 christos 211 1.1 christos =head1 COPYRIGHT 212 1.1 christos 213 1.1 christos Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 214 1.1 christos 215 1.1 christos Licensed under the Apache License 2.0 (the "License"). You may not use 216 1.1 christos this file except in compliance with the License. You can obtain a copy 217 1.1 christos in the file LICENSE in the source distribution or at 218 1.1 christos L<https://www.openssl.org/source/license.html>. 219 1.1 christos 220 1.1 christos =cut 221
Indexes created Sun Apr 26 00:22:38 UTC 2026