Discussion:
Q: How to convert a .pem certificate into ASN1-Format?
T. Valent
2003-04-09 10:44:46 UTC
Permalink
I work together with a programmer who is using SSL-routines. I hand over
a certificate to his application in a function call, where the
certificate is in a string.

I have now been asked to hand over that certificate in ASN1-Format
instead of the pem format I'm currently exporting.

Can anyone tell me how to convert a pem certificate into ASN1 format?

Or how to create certificates in ASN1-Format?

Thanks in advance!

T.


______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Richard Levitte - VMS Whacker
2003-04-09 11:34:54 UTC
Permalink
In message <003e01c2fe85$15b9aa70$***@valentin> on Wed, 9 Apr 2003 12:44:46 +0200, "T. Valent" <winsock2-***@public.gmane.org> said:

winsock2> Can anyone tell me how to convert a pem certificate into ASN1 format?
winsock2>
winsock2> Or how to create certificates in ASN1-Format?

openssl x509 -in foo.pem -out foo.crt -outform d
--
Richard Levitte \ Spannvägen 38, II \ LeViMS-***@public.gmane.org
***@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- poei-***@public.gmane.org
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Muralidhar K (SSG) - CTD, Chennai.
2003-04-09 14:00:16 UTC
Permalink
openssl x509 -in foo.pem -out foo.crt -outform d

Does this output the certificate in DER encoded format ?


Regards,
Murali
-----Original Message-----
From: Richard Levitte - VMS Whacker [mailto:levitte-***@public.gmane.org]
Sent: Wednesday, April 09, 2003 5:05 PM
To: openssl-users-MCmKBN63+***@public.gmane.org; ***@musiker.de
Subject: Re: Q: How to convert a .pem certificate into ASN1-Format?


In message <003e01c2fe85$15b9aa70$***@valentin> on Wed, 9 Apr 2003
12:44:46 +0200, "T. Valent" <winsock2-***@public.gmane.org> said:

winsock2> Can anyone tell me how to convert a pem certificate into ASN1
format?
winsock2>
winsock2> Or how to create certificates in ASN1-Format?

openssl x509 -in foo.pem -out foo.crt -outform d
--
Richard Levitte \ Spannvägen 38, II \ LeViMS-***@public.gmane.org
***@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- poei-***@public.gmane.org
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Charles B Cranston
2003-04-09 14:37:34 UTC
Permalink
Post by Muralidhar K (SSG) - CTD, Chennai.
Does this output the certificate in DER encoded format ?
openssl x509 -in foo.pem -out foo.crt -outform d
As far as I know -- if the option had been given as

-outform der

it might have been more obvious.

DER is a short way of saying ASN.1/DER which is a standard way of
coding binary data. Essentially every certificate I've ever looked
at starts with the bytes 30 82 xx xx 30 82 yy yy which means

30 This is a SEQUENCE, a list of defined data items to follow
82 This says the next two bytes are the length of the sequence
xx Two length bytes for the whole certificate
30 This is a nested SEQUENCE
82 Next two bytes are length bytes
yy Length for the nested SEQUENCE

And, if you look at the definition for what a certificate looks like,
it is indeed a SEQUENCE whose first member is also a SEQUENCE

There are other types, I think 6 means an "object" and 4 is an "integer"
etc. There are some asn.1 references on the web.

=====

In the following example lack of a -out causes the output to be
sent to standard output, in this case a pipe to a hex dumper.

# openssl x509 -in root.cert.pem -outform der | hd
0: 30 82 06 51 30 82 05 39 A0 03 02 01 02 02 01 00 0..Q0..9........
16: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 0...*.H........0
32: 81 D4 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 ..1.0...U....US1
48: 11 30 0F 06 03 55 04 08 13 08 4D 61 72 79 6C 61 .0...U....Maryla
...

Code for hd program follows

#include <stdio.h>
#define DUMPSIZE 16
main(int argc, char **argv){
int i;
char *n;
FILE *f;
if (1==argc) {
dump(0,stdin);
} else for (i=1;i<argc;i++) {
n=argv[i];
if (0==strcmp("-",n)) {
dump("(stdin)",stdin);
} else if ( f = fopen(n,"r") ) {
dump(n,f);
fclose(f);
} else {
fprintf(stderr,"%s: cannot read %s\n",argv[0],n);
exit(2);
}
}
}
dump(char *h, FILE *f){
int m=0,n,i;
char *p,b[DUMPSIZE+1];
if (h) printf("%s:\n",h);
while ( 0 != (i=n=fread(p=b,1,DUMPSIZE,f)) ) {
printf("%3d: ",m);
m+=DUMPSIZE;
while (i--) {
int c = 0xFF & *p++;
if (!(isascii(c)&&isprint(c))) *(p-1)='.';
printf("%02X ",c);
}
*p = '\0';
i=1+3*(DUMPSIZE-n);
while(i--) putchar(' ');
puts(b);
if (DUMPSIZE!=n) return;
}
}
--
Charles B. (Ben) Cranston
mailto:zben-***@public.gmane.org
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Richard Levitte - VMS Whacker
2003-04-09 15:44:27 UTC
Permalink
In message <EF836A380096D511AD9000B0D021B5270125289A-***@public.gmane.orgech.com> on Wed, 9 Apr 2003 19:30:16 +0530 , "Muralidhar K (SSG) - CTD, Chennai." <murali_k-uRQgyBcx1Mrc+***@public.gmane.org> said:

murali_k> openssl x509 -in foo.pem -out foo.crt -outform d
murali_k>
murali_k> Does this output the certificate in DER encoded format ?

Yes.
--
Richard Levitte \ Spannvägen 38, II \ LeViMS-***@public.gmane.org
***@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- poei-***@public.gmane.org
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Steven Reddie
2003-04-10 00:28:30 UTC
Permalink
The correct terminology is DER. DER is an ASN.1 encoding, ASN.1 being the
language used to specify the structures and DER being one of many ways of
encoding the structures specified in ASN.1. PEM is a base64 encoding of the
DER, basically a textual representation of the binary DER data. Anyway,
something like the following should work:

openssl x509 -in cert.pem -out cert.der -outform der

Note that -inform doesn't need to be specified since PEM is the default
input and output formats. If you're using openssl to create the
certificates, just add an "-outform der" to whatever command you're using
and it will output DER instead of the default PEM.

Regards,

Steven

-----Original Message-----
From: owner-openssl-users-MCmKBN63+***@public.gmane.org
[mailto:owner-openssl-users-MCmKBN63+***@public.gmane.org]On Behalf Of T. Valent
Sent: Wednesday, 9 April 2003 8:45 PM
To: openssl-users-MCmKBN63+***@public.gmane.org
Subject: Q: How to convert a .pem certificate into ASN1-Format?


I work together with a programmer who is using SSL-routines. I hand over
a certificate to his application in a function call, where the
certificate is in a string.

I have now been asked to hand over that certificate in ASN1-Format
instead of the pem format I'm currently exporting.

Can anyone tell me how to convert a pem certificate into ASN1 format?

Or how to create certificates in ASN1-Format?

Thanks in advance!

T.


______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...