PKI Certificate Tutorials - Herong's Tutorial Examples - v1.10, by Herong Yang
What Is ASN.1 (Abstract Syntax Notation One)
This section introduces ASN.1 (Abstract Syntax Notation One), which is a language that allows you to define your own constructed data types.
What Is the ASN.1 (Abstract Syntax Notation One)? ASN.1 is a language that provides data types and systaxes for you to define your own constructed data types. It also provides encoding/decoding rules to serialize/unserialize values of constructed data types.
ASN.1 was specified in "X.208 - Specification of Abstract Syntax Notation One (ASN.1)" published by ISO and ITU-T jointly in 1988, and revided in "X.680 - Abstract Syntax Notation One (ASN.1): Specification of basic notation" in 1995 at itu.int/rec/T-REC-X.680.
Commonly used primitive data types provided in ASN.1 are listed below. Each of them is assigned with a tag ID to be used in the encoding/decoding process.
With those primitive types, you can define constructed types using the following notation syntaxes:
SEQUENCE Constructed Type - Defines a new constructed type, which contains an ordered list of values of any types.
type-name ::= SEQUENCE { member-id modifier type constraints, member-id modifier type constraints, ..., member-id modifier type constraints } where: type-name - Specifies the name of the new type member-id - Specifies a unique identifier of the given member value modifier - Optional. Specifies a tagging (type tag change) option type - Specifies the type of the give member value constraints - Optional. Adds constraints for the given member value
For example, the following notation defines 2 constructed types, Square and Point, as SEQUENCE types:
Square ::= SEQUENCE { size INTEGER, location Point } Point ::= SEQUENCE { x INTEGER, y INTEGER }
SET Constructed Type Defines a new constructed type, which contains an unordered list of values of any types.
type-name ::= SET { member-id modifier type constraints, member-id modifier type constraints, ..., member-id modifier type constraints } where: type-name - Specifies the name of the new type member-id - Specifies a unique identifier of the given member value modifier - Optional. Specifies a tagging (type tag change) option type - Specifies the type of the give member value constraints - Optional. Adds constraints for the given member value
For example, the following notation redefines Square as a SET type, because the order of its members is not important:
Square ::= SET { size INTEGER, location Point }
CHOICE Constructed Type Defines a new "virtual" type, which contains a set of values of any types. When a CHOICE value is specified, its type and value will be mapped to the selected member type and value.
type-name ::= CHOICE { member-id modifier type constraints, member-id modifier type constraints, ..., member-id modifier type constraints } where: type-name - Specifies the name of the new type member-id - Specifies a unique identifier of the given member value modifier - Optional. Specifies a tagging (type tag change) option type - Specifies the type of the give member value constraints - Optional. Adds constraints for the given member value
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
►What Is ASN.1 (Abstract Syntax Notation One)
What Is BER (Basic Encoding Rules)
ASN.1 Type Modifier - Type Tagging
What Is DER (Distinguished Encoding Rules)
PKI Certificate Structure in ASN.1 Notations
PKI Certificate in Base64 Format
PKI Certificate File Viewer and Decoder
PKI Certificate File ASN.1 Parser
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File