PKI Certificate Structure in ASN.1 Notations

This section presents the PKI certificate structure defined in ASN.1 notations.

The X.509 standard actually uses the ASN.1 notation to define the PKI certificate structure. Here is how it looks like:

Certificate ::= SEQUENCE {
  tbsCertificate       TBSCertificate,
  signatureAlgorithm   AlgorithmIdentifier,
  signatureValue       BIT STRING
}

TBSCertificate ::= SEQUENCE {
  version         [0]  EXPLICIT Version DEFAULT v1,
  serialNumber         CertificateSerialNumber,
  signature            AlgorithmIdentifier,
  issuer               Name,
  validity             Validity,
  subject              Name,
  subjectPublicKeyInfo SubjectPublicKeyInfo,
  issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
  subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
  extensions      [3]  EXPLICIT Extensions OPTIONAL
}

AlgorithmIdentifier ::=  SEQUENCE {
  algorithm            OBJECT IDENTIFIER,
  parameters           ANY DEFINED BY algorithm OPTIONAL
}

Version ::= INTEGER {  v1(0), v2(1), v3(2) }

CertificateSerialNumber ::= INTEGER

Name ::= CHOICE {
  rdnSequence RDNSequence
}

RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::=
  SET SIZE (1..MAX) OF AttributeTypeAndValue

AttributeTypeAndValue ::= SEQUENCE {
  type     AttributeType,
  value    AttributeValue
}

AttributeType ::= OBJECT IDENTIFIER

AttributeValue ::= ANY

Validity ::= SEQUENCE {
  notBefore      Time,
  notAfter       Time
}

Time ::= CHOICE {
  utcTime        UTCTime,
  generalTime    GeneralizedTime
}

SubjectPublicKeyInfo ::= SEQUENCE {
  algorithm            AlgorithmIdentifier,
  subjectPublicKey     BIT STRING
}

UniqueIdentifier ::= BIT STRING

Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension

Extension ::= SEQUENCE {
  extnID      OBJECT IDENTIFIER,
  critical    BOOLEAN DEFAULT FALSE,
  extnValue   OCTET STRING
}

After going through previous tutorials, we should be able to read the above definition with no problems now.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

PKI Certificate File Formats

 What Is ASN.1 (Abstract Syntax Notation One)

 What Is BER (Basic Encoding Rules)

 BER Encoding Examples

 ASN.1 Type Modifier - Type Tagging

 What Is DER (Distinguished Encoding Rules)

PKI Certificate Structure in ASN.1 Notations

 PKI Certificate in DER Format

 PKI Certificate in Base64 Format

 PKI Certificate in PEM Format

 PKI Certificate File Viewer and Decoder

 PKI Certificate File ASN.1 Parser

 Certificate Wrapped in PKCS7 Formats

 Certificate Wrapped in PKCS12 Formats

 Certificate File Format Summary

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB