一、asn1parse命令介绍
asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据。
用法:
openssl asn1parse [-inform PEM|DER] [-in filename] [-out filename] [-noout] [-offset number] [-length number] [-i] [-oid filename] [-strparse offset] [-genstr string ] [-genconf file]
选项 | 说明 |
---|---|
-inform PEM|DER | 输入数据的格式为DER还是PEM,默认为PEM格式。 |
-in filename | 输入文件名,默认为标准输入。 |
-out filename | 输出文件名,默认为标准输出,给定一个PEM文件,采用此选项可用生成一个DER编码的文件。 |
-noout | 无输出打印。 |
-offset number | 数据分析字节偏移量,分析数据时,不一定从头开始分析,可用指定偏移量,默认从头开始分析。 |
-length number | 分析数据的长度,默认的长度为整个数据的长度; |
-i | 标记实体,加上此选项后,输出会有缩进,将一个ASN1实体下的其他对象缩进显示。此选项非默认选项,加上此选项后,显示更易看懂。 |
-dump | 显示十六进制数据。非默认选项。 |
-dlimit number | 与-dump不同,-dump显示所有的数据,而此选项只能显示由number指定数目的十六进制数据。 |
-oid file | 指定外部的oid文件。 |
-strparse offset | 此选项也用于从一个偏移量开始来分析数据,不过,与-offset不一样。-offset分析偏移量之后的所有数据,而-strparse只用于分析一段数据,并且这种数据必须是SET或者SEQUENCE,它只分析本SET或者SEQUENCE范围的数据。 |
二、asn1解析实例
2.1 demo证书下载
使用chrome浏览器下载一个证书。
证书内容如下:
-----BEGIN CERTIFICATE-----
MIIGoDCCBYigAwIBAgIQBF7pX1Nw8is5l+EQUskAczANBgkqhkiG9w0BAQsFADBf
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR4wHAYDVQQDExVHZW9UcnVzdCBDTiBSU0EgQ0EgRzEw
HhcNMjIxMTI4MDAwMDAwWhcNMjMxMjAxMjM1OTU5WjBrMQswCQYDVQQGEwJDTjES
MBAGA1UECAwJ5YyX5Lqs5biCMTMwMQYDVQQKDCrljJfkuqzliJvmlrDkuZDnn6Xn
vZHnu5zmioDmnK/mnInpmZDlhazlj7gxEzARBgNVBAMMCiouY3Nkbi5uZXQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2lbPxaWH7PI9KgkGNyfX2sgWb
u5EELsY651UgZuMvG+noF6G/tEx3MZRSaNFEbCrIX8/23k6jrnrsCNpANaMbnwR3
E7N/vBDwtRph5iCEQtq2bkBTrpxVmE2RwxCBxYK+6Jyqx9wIyC0wBpy7+gs851ND
NB3ZAJFbvE94u9F2qDJnja5CLLyxfRaT7zx6aqpTQkF8D8VNNZFxb607/IWVmAVA
eD6IlI/SUC9VCsmlm24vb3Kbs1N1C5XV+SteAl4E9KLemo65Dy5w4QqWeppoXmd6
FJIACIryyQC3qjCCU5U11jl/5uvhB7FJp+ylWwTnY2Ae6Ca/L7EhrJnEMeulAgMB
AAGjggNKMIIDRjAfBgNVHSMEGDAWgBSRn14xFa4Qn61gwffBzKpINC8MJjAdBgNV
HQ4EFgQUZiDbe5cmAjQVoXr3bEvyQjp0uhUwHwYDVR0RBBgwFoIKKi5jc2RuLm5l
dIIIY3Nkbi5uZXQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2Vy
dC5jb20vR2VvVHJ1c3RDTlJTQUNBRzEuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5k
aWdpY2VydC5jb20vR2VvVHJ1c3RDTlJTQUNBRzEuY3JsMD4GA1UdIAQ3MDUwMwYG
Z4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzBvBggrBgEFBQcBAQRjMGEwIQYIKwYBBQUHMAGGFWh0dHA6Ly9vY3NwLmRjb2Nz
cC5jbjA8BggrBgEFBQcwAoYwaHR0cDovL2NybC5kaWdpY2VydC1jbi5jb20vR2Vv
VHJ1c3RDTlJTQUNBRzEuY3J0MAkGA1UdEwQCMAAwggF/BgorBgEEAdZ5AgQCBIIB
bwSCAWsBaQB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhL1q
PloAAAQDAEgwRgIhAKPgSpnzlg4RU1LYas0olJ5zNt2jlfpbUdRxOuGiF38JAiEA
6/HMFEMumJulsAcYr6qgjudSgAWqn47QPMgeCNcfHggAdgCzc3cH4YRQ+GOG1gWp
3BEJSnktsWcMC4fc8AMOeTalmgAAAYS9aj6fAAAEAwBHMEUCIQCljKoA7bB4R56Y
QBvD0KmaM33Yh6rbPREhlbSPJmqYcgIgCpbRQJDOXGqCJl/VuVMB0WGU/oQVsz3S
jqiDWF81basAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYS9
aj5YAAAEAwBHMEUCIQDqYidL33NjR6Ukd5IiHSgUGd0udn9cgQG851anLCK7+wIg
dDbQ+Z34KgHWbdDRmC6uhRqYIewisG5iDSM9eh6r0MgwDQYJKoZIhvcNAQELBQAD
ggEBADm5AE6+hUxauc6kGc90L9kOdWgMgwn2T3WbDANEju8OxhddSmZNARi3ZXOa
4aXJy48Fc/dPD/6gfgfilD7BYZDymWlwJ2ar1D7WE9gV3JVmTtZmtD57j1LbXf6e
tNwawqZVaxGpIsp7VMVBUlYljfFSW3qNf5hIAmJ/wfNwhvMiPWIwK9WtU6+7n2aF
T+gEa+WGn4/B2HX1Qqj6gZMqHM96Ws51e7DHjRoB/dwcXR7VmFSZGaMJq2gk7YZh
2fLguLhV84CE2tKUuzaJDIS2feF0RNerzxRanvIdRlyvDJdl4PIfIoVI+fIHj13p
Mb7kB97cNdEzacv03lwuL+JIa2g=
-----END CERTIFICATE-----
2.2 asn1内容查看
使用示例:输入文件为一个证书的PEM格式文件,文件名为_.csdn.net,各种命令如下:
openssl asn1parse -in _.csdn.net
上面的输出内容如下:
0:d=0 hl=4 l=1696 cons: SEQUENCE
4:d=1 hl=4 l=1416 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :045EE95F5370F22B3997E11052C90073
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 95 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
61:d=3 hl=2 l= 21 cons: SET
63:d=4 hl=2 l= 19 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :organizationName
70:d=5 hl=2 l= 12 prim: PRINTABLESTRING :DigiCert Inc
84:d=3 hl=2 l= 25 cons: SET
86:d=4 hl=2 l= 23 cons: SEQUENCE
88:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
93:d=5 hl=2 l= 16 prim: PRINTABLESTRING :www.digicert.com
111:d=3 hl=2 l= 30 cons: SET
113:d=4 hl=2 l= 28 cons: SEQUENCE
115:d=5 hl=2 l= 3 prim: OBJECT :commonName
120:d=5 hl=2 l= 21 prim: PRINTABLESTRING :GeoTrust CN RSA CA G1
143:d=2 hl=2 l= 30 cons: SEQUENCE
145:d=3 hl=2 l= 13 prim: UTCTIME :221128000000Z
160:d=3 hl=2 l= 13 prim: UTCTIME :231201235959Z
175:d=2 hl=2 l= 107 cons: SEQUENCE
177:d=3 hl=2 l= 11 cons: SET
179:d=4 hl=2 l= 9 cons: SEQUENCE
181:d=5 hl=2 l= 3 prim: OBJECT :countryName
186:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
190:d=3 hl=2 l= 18 cons: SET
192:d=4 hl=2 l= 16 cons: SEQUENCE
194:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
199:d=5 hl=2 l= 9 prim: UTF8STRING :北京市
210:d=3 hl=2 l= 51 cons: SET
212:d=4 hl=2 l= 49 cons: SEQUENCE
214:d=5 hl=2 l= 3 prim: OBJECT :organizationName
219:d=5 hl=2 l= 42 prim: UTF8STRING :北京创新乐知网络技术有限公司
263:d=3 hl=2 l= 19 cons: SET
265:d=4 hl=2 l= 17 cons: SEQUENCE
267:d=5 hl=2 l= 3 prim: OBJECT :commonName
272:d=5 hl=2 l= 10 prim: UTF8STRING :*.csdn.net
284:d=2 hl=4 l= 290 cons: SEQUENCE
288:d=3 hl=2 l= 13 cons: SEQUENCE
290:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
301:d=4 hl=2 l= 0 prim: NULL
303:d=3 hl=4 l= 271 prim: BIT STRING
578:d=2 hl=4 l= 842 cons: cont [ 3 ]
582:d=3 hl=4 l= 838 cons: SEQUENCE
586:d=4 hl=2 l= 31 cons: SEQUENCE
588:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
593:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014919F5E3115AE109FAD60C1F7C1CCAA48342F0C26
619:d=4 hl=2 l= 29 cons: SEQUENCE
621:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
626:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04146620DB7B9726023415A17AF76C4BF2423A74BA15
650:d=4 hl=2 l= 31 cons: SEQUENCE
652:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
657:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:3016820A2A2E6373646E2E6E657482086373646E2E6E6574
683:d=4 hl=2 l= 14 cons: SEQUENCE
685:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
690:d=5 hl=2 l= 1 prim: BOOLEAN :255
693:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
699:d=4 hl=2 l= 29 cons: SEQUENCE
701:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
706:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
730:d=4 hl=2 l= 117 cons: SEQUENCE
732:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
737:d=5 hl=2 l= 110 prim: OCTET STRING [HEX DUMP]:306C3034A032A030862E687474703A2F2F63726C332E64696769636572742E636F6D2F47656F5472757374434E525341434147312E63726C3034A032A030862E687474703A2F2F63726C342E64696769636572742E636F6D2F47656F5472757374434E525341434147312E63726C
849:d=4 hl=2 l= 62 cons: SEQUENCE
851:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
856:d=5 hl=2 l= 55 prim: OCTET STRING [HEX DUMP]:30353033060667810C0102023029302706082B06010505070201161B687474703A2F2F7777772E64696769636572742E636F6D2F435053
913:d=4 hl=2 l= 111 cons: SEQUENCE
915:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
925:d=5 hl=2 l= 99 prim: OCTET STRING [HEX DUMP]:3061302106082B060105050730018615687474703A2F2F6F6373702E64636F6373702E636E303C06082B060105050730028630687474703A2F2F63726C2E64696769636572742D636E2E636F6D2F47656F5472757374434E525341434147312E637274
1026:d=4 hl=2 l= 9 cons: SEQUENCE
1028:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1033:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
1037:d=4 hl=4 l= 383 cons: SEQUENCE
1041:d=5 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
1053:d=5 hl=4 l= 367 prim: OCTET STRING [HEX DUMP]:0482016B0169007700E83ED0DA3EF5063532E75728BC896BC903D3CBD1116BECEB69E1777D6D06BD6E00000184BD6A3E5A0000040300483046022100A3E04A99F3960E115352D86ACD28949E7336DDA395FA5B51D4713AE1A2177F09022100EBF1CC14432E989BA5B00718AFAAA08EE7528005AA9F8ED03CC81E08D71F1E08007600B3737707E18450F86386D605A9DC11094A792DB1670C0B87DCF0030E7936A59A00000184BD6A3E9F0000040300473045022100A58CAA00EDB078479E98401BC3D0A99A337DD887AADB3D112195B48F266A987202200A96D14090CE5C6A82265FD5B95301D16194FE8415B33DD28EA883585F356DAB007600B73EFB24DF9C4DBA75F239C5BA58F46C5DFC42CF7A9F35C49E1D098125EDB49900000184BD6A3E580000040300473045022100EA62274BDF736347A5247792221D281419DD2E767F5C8101BCE756A72C22BBFB02207436D0F99DF82A01D66DD0D1982EAE851A9821EC22B06E620D233D7A1EABD0C8
1424:d=1 hl=2 l= 13 cons: SEQUENCE
1426:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1437:d=2 hl=2 l= 0 prim: NULL
1439:d=1 hl=4 l= 257 prim: BIT STRING
以其中的一行进行说明:
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
13表示偏移量;d=3表示此项的深度;hl=2表示asn1头长度;l=9表示内容长度;prim:OBJECT表示ASN1类型;sha256WithRSAEncryption表示oid。
示例如下:
2.2 生成der编码的文件
openssl asn1parse -in _.csdn.net -out _.csdn.net.cer
此命令除了显示上面内容外,并生成一个der编码的文件。
2.3 解析asn1并有缩进展示
openssl asn1parse -in _.csdn.net -i
此命令显示上面的内容,但是有缩进。
2.4 从某个编译量开始分析
注意offset设置的时候如果偏移量取在数据中间可能会报错.
openssl asn1parse -in _.csdn.net -i -offset 15
此命令从偏移量15开始分析,到结束。注意,15从前面命令的结果得到。
2.5 从某个编译量开始分析,分析固定长度
注意offset设置的时候如果偏移量取在数据中间可能会报错.
openssl asn1parse -in _.csdn.net -i -offset 1 -length 12
此命令从偏移量1进行分析,分析长度为12
2.6 显示BIT STRING等的十六进制数据
openssl asn1parse -in _.csdn.net -i -dump
分析时,显示BIT STRING等的十六进制数据
内容如下:
0:d=0 hl=4 l=1696 cons: SEQUENCE
4:d=1 hl=4 l=1416 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :045EE95F5370F22B3997E11052C90073
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 95 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
61:d=3 hl=2 l= 21 cons: SET
63:d=4 hl=2 l= 19 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :organizationName
70:d=5 hl=2 l= 12 prim: PRINTABLESTRING :DigiCert Inc
84:d=3 hl=2 l= 25 cons: SET
86:d=4 hl=2 l= 23 cons: SEQUENCE
88:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
93:d=5 hl=2 l= 16 prim: PRINTABLESTRING :www.digicert.com
111:d=3 hl=2 l= 30 cons: SET
113:d=4 hl=2 l= 28 cons: SEQUENCE
115:d=5 hl=2 l= 3 prim: OBJECT :commonName
120:d=5 hl=2 l= 21 prim: PRINTABLESTRING :GeoTrust CN RSA CA G1
143:d=2 hl=2 l= 30 cons: SEQUENCE
145:d=3 hl=2 l= 13 prim: UTCTIME :221128000000Z
160:d=3 hl=2 l= 13 prim: UTCTIME :231201235959Z
175:d=2 hl=2 l= 107 cons: SEQUENCE
177:d=3 hl=2 l= 11 cons: SET
179:d=4 hl=2 l= 9 cons: SEQUENCE
181:d=5 hl=2 l= 3 prim: OBJECT :countryName
186:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
190:d=3 hl=2 l= 18 cons: SET
192:d=4 hl=2 l= 16 cons: SEQUENCE
194:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
199:d=5 hl=2 l= 9 prim: UTF8STRING :北京市
210:d=3 hl=2 l= 51 cons: SET
212:d=4 hl=2 l= 49 cons: SEQUENCE
214:d=5 hl=2 l= 3 prim: OBJECT :organizationName
219:d=5 hl=2 l= 42 prim: UTF8STRING :北京创新乐知网络技术有限公司
263:d=3 hl=2 l= 19 cons: SET
265:d=4 hl=2 l= 17 cons: SEQUENCE
267:d=5 hl=2 l= 3 prim: OBJECT :commonName
272:d=5 hl=2 l= 10 prim: UTF8STRING :*.csdn.net
284:d=2 hl=4 l= 290 cons: SEQUENCE
288:d=3 hl=2 l= 13 cons: SEQUENCE
290:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
301:d=4 hl=2 l= 0 prim: NULL
303:d=3 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 f6 95 b3 f1 69 61 .0............ia
0010 - fb 3c 8f 4a 82 41 8d c9-f5 f6 b2 05 9b bb 91 04 .<.J.A..........
0020 - 2e c6 3a e7 55 20 66 e3-2f 1b e9 e8 17 a1 bf b4 ..:.U f./.......
0030 - 4c 77 31 94 52 68 d1 44-6c 2a c8 5f cf f6 de 4e Lw1.Rh.Dl*._...N
0040 - a3 ae 7a ec 08 da 40 35-a3 1b 9f 04 77 13 b3 7f ..z...@5....w...
0050 - bc 10 f0 b5 1a 61 e6 20-84 42 da b6 6e 40 53 ae .....a. .B..n@S.
0060 - 9c 55 98 4d 91 c3 10 81-c5 82 be e8 9c aa c7 dc .U.M............
0070 - 08 c8 2d 30 06 9c bb fa-0b 3c e7 53 43 34 1d d9 ..-0.....<.SC4..
0080 - 00 91 5b bc 4f 78 bb d1-76 a8 32 67 8d ae 42 2c ..[.Ox..v.2g..B,
0090 - bc b1 7d 16 93 ef 3c 7a-6a aa 53 42 41 7c 0f c5 ..}...<zj.SBA|..
00a0 - 4d 35 91 71 6f ad 3b fc-85 95 98 05 40 78 3e 88 M5.qo.;.....@x>.
00b0 - 94 8f d2 50 2f 55 0a c9-a5 9b 6e 2f 6f 72 9b b3 ...P/U....n/or..
00c0 - 53 75 0b 95 d5 f9 2b 5e-02 5e 04 f4 a2 de 9a 8e Su....+^.^......
00d0 - b9 0f 2e 70 e1 0a 96 7a-9a 68 5e 67 7a 14 92 00 ...p...z.h^gz...
00e0 - 08 8a f2 c9 00 b7 aa 30-82 53 95 35 d6 39 7f e6 .......0.S.5.9..
00f0 - eb e1 07 b1 49 a7 ec a5-5b 04 e7 63 60 1e e8 26 ....I...[..c`..&
0100 - bf 2f b1 21 ac 99 c4 31-eb a5 02 03 01 00 01 ./.!...1.......
578:d=2 hl=4 l= 842 cons: cont [ 3 ]
582:d=3 hl=4 l= 838 cons: SEQUENCE
586:d=4 hl=2 l= 31 cons: SEQUENCE
588:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
593:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 80 14 91 9f 5e 31-15 ae 10 9f ad 60 c1 f7 0.....^1.....`..
0010 - c1 cc aa 48 34 2f 0c 26- ...H4/.&
619:d=4 hl=2 l= 29 cons: SEQUENCE
621:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
626:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 04 14 66 20 db 7b 97 26-02 34 15 a1 7a f7 6c 4b ..f .{.&.4..z.lK
0010 - f2 42 3a 74 ba 15 .B:t..
650:d=4 hl=2 l= 31 cons: SEQUENCE
652:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
657:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 82 0a 2a 2e 63 73-64 6e 2e 6e 65 74 82 08 0...*.csdn.net..
0010 - 63 73 64 6e 2e 6e 65 74- csdn.net
683:d=4 hl=2 l= 14 cons: SEQUENCE
685:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
690:d=5 hl=2 l= 1 prim: BOOLEAN :255
693:d=5 hl=2 l= 4 prim: OCTET STRING
0000 - 03 02 05 a0 ....
699:d=4 hl=2 l= 29 cons: SEQUENCE
701:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
706:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 30 14 06 08 2b 06 01 05-05 07 03 01 06 08 2b 06 0...+.........+.
0010 - 01 05 05 07 03 02 ......
730:d=4 hl=2 l= 117 cons: SEQUENCE
732:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
737:d=5 hl=2 l= 110 prim: OCTET STRING
0000 - 30 6c 30 34 a0 32 a0 30-86 2e 68 74 74 70 3a 2f 0l04.2.0..http:/
0010 - 2f 63 72 6c 33 2e 64 69-67 69 63 65 72 74 2e 63 /crl3.digicert.c
0020 - 6f 6d 2f 47 65 6f 54 72-75 73 74 43 4e 52 53 41 om/GeoTrustCNRSA
0030 - 43 41 47 31 2e 63 72 6c-30 34 a0 32 a0 30 86 2e CAG1.crl04.2.0..
0040 - 68 74 74 70 3a 2f 2f 63-72 6c 34 2e 64 69 67 69 http://crl4.digi
0050 - 63 65 72 74 2e 63 6f 6d-2f 47 65 6f 54 72 75 73 cert.com/GeoTrus
0060 - 74 43 4e 52 53 41 43 41-47 31 2e 63 72 6c tCNRSACAG1.crl
849:d=4 hl=2 l= 62 cons: SEQUENCE
851:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
856:d=5 hl=2 l= 55 prim: OCTET STRING
0000 - 30 35 30 33 06 06 67 81-0c 01 02 02 30 29 30 27 0503..g.....0)0'
0010 - 06 08 2b 06 01 05 05 07-02 01 16 1b 68 74 74 70 ..+.........http
0020 - 3a 2f 2f 77 77 77 2e 64-69 67 69 63 65 72 74 2e ://www.digicert.
0030 - 63 6f 6d 2f 43 50 53 com/CPS
913:d=4 hl=2 l= 111 cons: SEQUENCE
915:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
925:d=5 hl=2 l= 99 prim: OCTET STRING
0000 - 30 61 30 21 06 08 2b 06-01 05 05 07 30 01 86 15 0a0!..+.....0...
0010 - 68 74 74 70 3a 2f 2f 6f-63 73 70 2e 64 63 6f 63 http://ocsp.dcoc
0020 - 73 70 2e 63 6e 30 3c 06-08 2b 06 01 05 05 07 30 sp.cn0<..+.....0
0030 - 02 86 30 68 74 74 70 3a-2f 2f 63 72 6c 2e 64 69 ..0http://crl.di
0040 - 67 69 63 65 72 74 2d 63-6e 2e 63 6f 6d 2f 47 65 gicert-cn.com/Ge
0050 - 6f 54 72 75 73 74 43 4e-52 53 41 43 41 47 31 2e oTrustCNRSACAG1.
0060 - 63 72 74 crt
1026:d=4 hl=2 l= 9 cons: SEQUENCE
1028:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1033:d=5 hl=2 l= 2 prim: OCTET STRING
0000 - 30 00 0.
1037:d=4 hl=4 l= 383 cons: SEQUENCE
1041:d=5 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
1053:d=5 hl=4 l= 367 prim: OCTET STRING
0000 - 04 82 01 6b 01 69 00 77-00 e8 3e d0 da 3e f5 06 ...k.i.w..>..>..
0010 - 35 32 e7 57 28 bc 89 6b-c9 03 d3 cb d1 11 6b ec 52.W(..k......k.
0020 - eb 69 e1 77 7d 6d 06 bd-6e 00 00 01 84 bd 6a 3e .i.w}m..n.....j>
0030 - 5a 00 00 04 03 00 48 30-46 02 21 00 a3 e0 4a 99 Z.....H0F.!...J.
0040 - f3 96 0e 11 53 52 d8 6a-cd 28 94 9e 73 36 dd a3 ....SR.j.(..s6..
0050 - 95 fa 5b 51 d4 71 3a e1-a2 17 7f 09 02 21 00 eb ..[Q.q:......!..
0060 - f1 cc 14 43 2e 98 9b a5-b0 07 18 af aa a0 8e e7 ...C............
0070 - 52 80 05 aa 9f 8e d0 3c-c8 1e 08 d7 1f 1e 08 00 R......<........
0080 - 76 00 b3 73 77 07 e1 84-50 f8 63 86 d6 05 a9 dc v..sw...P.c.....
0090 - 11 09 4a 79 2d b1 67 0c-0b 87 dc f0 03 0e 79 36 ..Jy-.g.......y6
00a0 - a5 9a 00 00 01 84 bd 6a-3e 9f 00 00 04 03 00 47 .......j>......G
00b0 - 30 45 02 21 00 a5 8c aa-00 ed b0 78 47 9e 98 40 0E.!.......xG..@
00c0 - 1b c3 d0 a9 9a 33 7d d8-87 aa db 3d 11 21 95 b4 .....3}....=.!..
00d0 - 8f 26 6a 98 72 02 20 0a-96 d1 40 90 ce 5c 6a 82 .&j.r. ...@..\j.
00e0 - 26 5f d5 b9 53 01 d1 61-94 fe 84 15 b3 3d d2 8e &_..S..a.....=..
00f0 - a8 83 58 5f 35 6d ab 00-76 00 b7 3e fb 24 df 9c ..X_5m..v..>.$..
0100 - 4d ba 75 f2 39 c5 ba 58-f4 6c 5d fc 42 cf 7a 9f M.u.9..X.l].B.z.
0110 - 35 c4 9e 1d 09 81 25 ed-b4 99 00 00 01 84 bd 6a 5.....%........j
0120 - 3e 58 00 00 04 03 00 47-30 45 02 21 00 ea 62 27 >X.....G0E.!..b'
0130 - 4b df 73 63 47 a5 24 77-92 22 1d 28 14 19 dd 2e K.scG.$w.".(....
0140 - 76 7f 5c 81 01 bc e7 56-a7 2c 22 bb fb 02 20 74 v.\....V.,"... t
0150 - 36 d0 f9 9d f8 2a 01 d6-6d d0 d1 98 2e ae 85 1a 6....*..m.......
0160 - 98 21 ec 22 b0 6e 62 0d-23 3d 7a 1e ab d0 c8 .!.".nb.#=z....
1424:d=1 hl=2 l= 13 cons: SEQUENCE
1426:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1437:d=2 hl=2 l= 0 prim: NULL
1439:d=1 hl=4 l= 257 prim: BIT STRING
0000 - 00 39 b9 00 4e be 85 4c-5a b9 ce a4 19 cf 74 2f .9..N..LZ.....t/
0010 - d9 0e 75 68 0c 83 09 f6-4f 75 9b 0c 03 44 8e ef ..uh....Ou...D..
0020 - 0e c6 17 5d 4a 66 4d 01-18 b7 65 73 9a e1 a5 c9 ...]JfM...es....
0030 - cb 8f 05 73 f7 4f 0f fe-a0 7e 07 e2 94 3e c1 61 ...s.O...~...>.a
0040 - 90 f2 99 69 70 27 66 ab-d4 3e d6 13 d8 15 dc 95 ...ip'f..>......
0050 - 66 4e d6 66 b4 3e 7b 8f-52 db 5d fe 9e b4 dc 1a fN.f.>{.R.].....
0060 - c2 a6 55 6b 11 a9 22 ca-7b 54 c5 41 52 56 25 8d ..Uk..".{T.ARV%.
0070 - f1 52 5b 7a 8d 7f 98 48-02 62 7f c1 f3 70 86 f3 .R[z...H.b...p..
0080 - 22 3d 62 30 2b d5 ad 53-af bb 9f 66 85 4f e8 04 "=b0+..S...f.O..
0090 - 6b e5 86 9f 8f c1 d8 75-f5 42 a8 fa 81 93 2a 1c k......u.B....*.
00a0 - cf 7a 5a ce 75 7b b0 c7-8d 1a 01 fd dc 1c 5d 1e .zZ.u{........].
00b0 - d5 98 54 99 19 a3 09 ab-68 24 ed 86 61 d9 f2 e0 ..T.....h$..a...
00c0 - b8 b8 55 f3 80 84 da d2-94 bb 36 89 0c 84 b6 7d ..U.......6....}
00d0 - e1 74 44 d7 ab cf 14 5a-9e f2 1d 46 5c af 0c 97 .tD....Z...F\...
00e0 - 65 e0 f2 1f 22 85 48 f9-f2 07 8f 5d e9 31 be e4 e...".H....].1..
00f0 - 07 de dc 35 d1 33 69 cb-f4 de 5c 2e 2f e2 48 6b ...5.3i...\./.Hk
0100 - 68
2.7 显示BIT SRING的前10个十六进制数据
分析时,显示BIT SRING的前10个十六进制数据。
openssl asn1parse -in _.csdn.net -i -dlimit 10
内容如下:
0:d=0 hl=4 l=1696 cons: SEQUENCE
4:d=1 hl=4 l=1416 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :045EE95F5370F22B3997E11052C90073
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 95 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
61:d=3 hl=2 l= 21 cons: SET
63:d=4 hl=2 l= 19 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :organizationName
70:d=5 hl=2 l= 12 prim: PRINTABLESTRING :DigiCert Inc
84:d=3 hl=2 l= 25 cons: SET
86:d=4 hl=2 l= 23 cons: SEQUENCE
88:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
93:d=5 hl=2 l= 16 prim: PRINTABLESTRING :www.digicert.com
111:d=3 hl=2 l= 30 cons: SET
113:d=4 hl=2 l= 28 cons: SEQUENCE
115:d=5 hl=2 l= 3 prim: OBJECT :commonName
120:d=5 hl=2 l= 21 prim: PRINTABLESTRING :GeoTrust CN RSA CA G1
143:d=2 hl=2 l= 30 cons: SEQUENCE
145:d=3 hl=2 l= 13 prim: UTCTIME :221128000000Z
160:d=3 hl=2 l= 13 prim: UTCTIME :231201235959Z
175:d=2 hl=2 l= 107 cons: SEQUENCE
177:d=3 hl=2 l= 11 cons: SET
179:d=4 hl=2 l= 9 cons: SEQUENCE
181:d=5 hl=2 l= 3 prim: OBJECT :countryName
186:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CN
190:d=3 hl=2 l= 18 cons: SET
192:d=4 hl=2 l= 16 cons: SEQUENCE
194:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
199:d=5 hl=2 l= 9 prim: UTF8STRING :北京市
210:d=3 hl=2 l= 51 cons: SET
212:d=4 hl=2 l= 49 cons: SEQUENCE
214:d=5 hl=2 l= 3 prim: OBJECT :organizationName
219:d=5 hl=2 l= 42 prim: UTF8STRING :北京创新乐知网络技术有限公司
263:d=3 hl=2 l= 19 cons: SET
265:d=4 hl=2 l= 17 cons: SEQUENCE
267:d=5 hl=2 l= 3 prim: OBJECT :commonName
272:d=5 hl=2 l= 10 prim: UTF8STRING :*.csdn.net
284:d=2 hl=4 l= 290 cons: SEQUENCE
288:d=3 hl=2 l= 13 cons: SEQUENCE
290:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
301:d=4 hl=2 l= 0 prim: NULL
303:d=3 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 .0........
578:d=2 hl=4 l= 842 cons: cont [ 3 ]
582:d=3 hl=4 l= 838 cons: SEQUENCE
586:d=4 hl=2 l= 31 cons: SEQUENCE
588:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
593:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 80 14 91 9f 5e 31-15 ae 0.....^1..
619:d=4 hl=2 l= 29 cons: SEQUENCE
621:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
626:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 04 14 66 20 db 7b 97 26-02 34 ..f .{.&.4
650:d=4 hl=2 l= 31 cons: SEQUENCE
652:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
657:d=5 hl=2 l= 24 prim: OCTET STRING
0000 - 30 16 82 0a 2a 2e 63 73-64 6e 0...*.csdn
683:d=4 hl=2 l= 14 cons: SEQUENCE
685:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
690:d=5 hl=2 l= 1 prim: BOOLEAN :255
693:d=5 hl=2 l= 4 prim: OCTET STRING
0000 - 03 02 05 a0 ....
699:d=4 hl=2 l= 29 cons: SEQUENCE
701:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
706:d=5 hl=2 l= 22 prim: OCTET STRING
0000 - 30 14 06 08 2b 06 01 05-05 07 0...+.....
730:d=4 hl=2 l= 117 cons: SEQUENCE
732:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
737:d=5 hl=2 l= 110 prim: OCTET STRING
0000 - 30 6c 30 34 a0 32 a0 30-86 2e 0l04.2.0..
849:d=4 hl=2 l= 62 cons: SEQUENCE
851:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
856:d=5 hl=2 l= 55 prim: OCTET STRING
0000 - 30 35 30 33 06 06 67 81-0c 01 0503..g...
913:d=4 hl=2 l= 111 cons: SEQUENCE
915:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
925:d=5 hl=2 l= 99 prim: OCTET STRING
0000 - 30 61 30 21 06 08 2b 06-01 05 0a0!..+...
1026:d=4 hl=2 l= 9 cons: SEQUENCE
1028:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1033:d=5 hl=2 l= 2 prim: OCTET STRING
0000 - 30 00 0.
1037:d=4 hl=4 l= 383 cons: SEQUENCE
1041:d=5 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
1053:d=5 hl=4 l= 367 prim: OCTET STRING
0000 - 04 82 01 6b 01 69 00 77-00 e8 ...k.i.w..
1424:d=1 hl=2 l= 13 cons: SEQUENCE
1426:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1437:d=2 hl=2 l= 0 prim: NULL
1439:d=1 hl=4 l= 257 prim: BIT STRING
0000 - 00 39 b9 00 4e be 85 4c-5a b9 .9..N..LZ.
2.8 自动分析一个片段
openssl asn1parse -strparse 46 -in _.csdn.net
为什么填写46,请看最下面一张图!!!!
三、asn1文件结构
ASN.1(Abstract Syntax Notation One)是一种用于描述数据结构的标准。它提供了一种独立于特定硬件和软件平台的数据表示方法。ASN.1 文件结构定义了数据的类型和结构,通常以 .asn
或 .asn1
扩展名为文件。
ASN.1 文件结构通常由以下几个主要部分组成:
-
模块头(Module Header):
- 定义了模块的名称和版本信息。
- 指定了使用的符号命名空间。
- 包含了导入(IMPORTS)其他模块的声明。
示例:
MyModule DEFINITIONS ::= BEGIN EXPORTS ALL; IMPORTS AnotherModule, YetAnotherModule FROM OtherModule; -- Definitions go here END
-
类型定义(Type Definitions):
- 定义了数据类型,可以是原始类型(INTEGER、BOOLEAN、OCTET STRING等)或者复合类型(SEQUENCE、SET、CHOICE等)。
- 类型定义包括类型的名称和相应的编码规则。
示例:
MyType ::= INTEGER (0..255)
-
数值标识符定义(Value Definitions):
- 定义了枚举类型的数值标识符。
示例:
Color ::= ENUMERATED { red(1), green(2), blue(3) }
-
数据结构定义(Data Structure Definitions):
- 定义了复合类型的字段和成员。
示例:
Person ::= SEQUENCE { name UTF8String, age INTEGER, address OCTET STRING }
-
导出声明(Export Declarations):
- 指定了哪些定义可以在模块外部被其他模块引用。
示例:
EXPORTS Person, MyType, Color
ASN.1 文件结构可以包含更多的元素和定义,具体的结构和内容取决于定义的数据类型和模块的需求。ASN.1 文件通常用于描述数据协议、通信协议和编码标准,以便在不同的系统之间进行数据交换。ASN.1 文件通过编译器可以被转换为多种编程语言的数据结构定义,方便在应用程序中使用。