PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
PKI Certificate Structure in ASN.1 Notations
This section presents the PKI certificate structure defined in ASN.1 notations.
The X.509 standard actually uses the ASN.1 notation to define the PKI certificate structure. Here is how it looks like:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] EXPLICIT Extensions OPTIONAL } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } Version ::= INTEGER { v1(0), v2(1), v3(2) } CertificateSerialNumber ::= INTEGER Name ::= CHOICE { rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY Validity ::= SEQUENCE { notBefore Time, notAfter Time } Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } UniqueIdentifier ::= BIT STRING Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING }
After going through previous tutorials, we should be able to read the above definition with no problems now.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
What Is ASN.1 (Abstract Syntax Notation One)
What Is BER (Basic Encoding Rules)
ASN.1 Type Modifier - Type Tagging
What Is DER (Distinguished Encoding Rules)
►PKI Certificate Structure in ASN.1 Notations
PKI Certificate in Base64 Format
PKI Certificate File Viewer and Decoder
PKI Certificate File ASN.1 Parser
Certificate Wrapped in PKCS7 Formats
Certificate Wrapped in PKCS12 Formats
Certificate File Format Summary
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File