What Is DER (Distinguished Encoding Rules)

This section introduces the DER (Distinguished Encoding Rules) defined in the ASN.1 standard. It is a restricted version of BER (Basic Encoding Rules) to ensure unique encoding output.

What Is DER (Distinguished Encoding Rules)? DER is a restricted version of BER (Basic Encoding Rules) with additional encoding rules to ensure unique encoding output. In other words, for each unique value, there is only one DER encoding output.

Here are the main rules added by the DER specification:

1. Minimum Length Encoding - The Length section must be encoded with minimum number of bytes. Here is an INTEGER value encoded in BER and DER standards:

luckyNumber INTEGER :== 7

  - BER encoding of luckyNumber in Hex digits:
    02 01 07          -- Short form in 1 byte
    02 81 01 07       -- Long form in 2 types
    02 82 00 01 07    -- Long form in 3 types
    02 83 00 00 01 07 -- Long form in 4 types
    ...

  - DER encoding of luckyNumber in Hex digits:
    02 01 07          -- Use short form in 1 byte only

3. BIT STRING, OCTET STRING, and *String in Primitive Form - BIT STRING, OCTET STRING and other *String values must be encoded in primitive form. Constructed forms are not allowed. Here is an OCTET STRING value encoded in BER and DER standards:

sevenBytes OCTET STRING ::= '11223344556677'H

  - BER encoding of sevenBytes in Hex digits:
    04 07 11223344556677  -- Primitive form
    24 09                 -- Constructed form of 1 member
       04 07 11223344556677
    24 0b                 -- Constructed form of 2 members
       04 04 11223344
       04 03 556677
    24 0d                 -- Constructed form of 3 members
       04 02 1122
       04 04 33445566
       04 01 77
    ...

  - DER encoding of sevenBytes in Hex digits:
    04 07 11223344556677  -- Primitive form only

3. SET Members Sorted by Tag - According to the ASN.1 standard, a SET value must be encoded by concatenating encoded outputs of all members in the ascending order of their tag values. I am not sure what are the "tag values" referring to in above statement.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

PKI Certificate File Formats

 What Is ASN.1 (Abstract Syntax Notation One)

 What Is BER (Basic Encoding Rules)

 BER Encoding Examples

 ASN.1 Type Modifier - Type Tagging

What Is DER (Distinguished Encoding Rules)

 PKI Certificate Structure in ASN.1 Notations

 PKI Certificate in DER Format

 PKI Certificate in Base64 Format

 PKI Certificate in PEM Format

 PKI Certificate File Viewer and Decoder

 PKI Certificate File ASN.1 Parser

 Certificate Wrapped in PKCS7 Formats

 Certificate Wrapped in PKCS12 Formats

 Certificate File Format Summary

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB