PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
What Is DER (Distinguished Encoding Rules)
This section introduces the DER (Distinguished Encoding Rules) defined in the ASN.1 standard. It is a restricted version of BER (Basic Encoding Rules) to ensure unique encoding output.
What Is DER (Distinguished Encoding Rules)? DER is a restricted version of BER (Basic Encoding Rules) with additional encoding rules to ensure unique encoding output. In other words, for each unique value, there is only one DER encoding output.
Here are the main rules added by the DER specification:
1. Minimum Length Encoding - The Length section must be encoded with minimum number of bytes. Here is an INTEGER value encoded in BER and DER standards:
luckyNumber INTEGER :== 7 - BER encoding of luckyNumber in Hex digits: 02 01 07 -- Short form in 1 byte 02 81 01 07 -- Long form in 2 types 02 82 00 01 07 -- Long form in 3 types 02 83 00 00 01 07 -- Long form in 4 types ... - DER encoding of luckyNumber in Hex digits: 02 01 07 -- Use short form in 1 byte only
3. BIT STRING, OCTET STRING, and *String in Primitive Form - BIT STRING, OCTET STRING and other *String values must be encoded in primitive form. Constructed forms are not allowed. Here is an OCTET STRING value encoded in BER and DER standards:
sevenBytes OCTET STRING ::= '11223344556677'H - BER encoding of sevenBytes in Hex digits: 04 07 11223344556677 -- Primitive form 24 09 -- Constructed form of 1 member 04 07 11223344556677 24 0b -- Constructed form of 2 members 04 04 11223344 04 03 556677 24 0d -- Constructed form of 3 members 04 02 1122 04 04 33445566 04 01 77 ... - DER encoding of sevenBytes in Hex digits: 04 07 11223344556677 -- Primitive form only
3. SET Members Sorted by Tag - According to the ASN.1 standard, a SET value must be encoded by concatenating encoded outputs of all members in the ascending order of their tag values. I am not sure what are the "tag values" referring to in above statement.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
What Is ASN.1 (Abstract Syntax Notation One)
What Is BER (Basic Encoding Rules)
ASN.1 Type Modifier - Type Tagging
►What Is DER (Distinguished Encoding Rules)
PKI Certificate Structure in ASN.1 Notations
PKI Certificate in Base64 Format
PKI Certificate File Viewer and Decoder
PKI Certificate File ASN.1 Parser
Certificate Wrapped in PKCS7 Formats
Certificate Wrapped in PKCS12 Formats
Certificate File Format Summary
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File