ASN.1 Data Structure of PKCS13 File

This section provides a tutorial example to show the ASN.1 data structure of a PKCS12 file.

Since a PKCS12 file is written in the ASN.1 language, you can parse its data structure using the "openssl asn1parse" command as shown below:

herong$ openssl asn1parse -inform DER -in hy-cert-bundle.p12

    0:d=0  hl=4 l=1478 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :03
    7:d=1  hl=4 l=1420 cons: SEQUENCE          
   11:d=2  hl=2 l=   9 prim: OBJECT            :pkcs7-data
   22:d=2  hl=4 l=1405 cons: cont [ 0 ]        
   26:d=3  hl=4 l=1401 prim: OCTET STRING      [HEX DUMP]:3082...
 1431:d=1  hl=2 l=  49 cons: SEQUENCE 
 1433:d=2  hl=2 l=  33 cons: SEQUENCE          
 1435:d=3  hl=2 l=   9 cons: SEQUENCE          
 1437:d=4  hl=2 l=   5 prim: OBJECT            :sha1
 1444:d=4  hl=2 l=   0 prim: NULL              
 1446:d=3  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:4878...
 1468:d=2  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:7C0A...
 1478:d=2  hl=2 l=   2 prim: INTEGER           :0800

The output can be reformatted to show the levels of the data structure:

d=0  hl=4 l=1478 cons: SEQUENCE          
  d=1  hl=2 l=   1 prim: INTEGER           		:03
  d=1  hl=4 l=1420 cons: SEQUENCE          
    d=2  hl=2 l=   9 prim: OBJECT             :pkcs7-data
    d=2  hl=4 l=1405 cons: cont [ 0 ]        
      d=3  hl=4 l=1401 prim: OCTET STRING     [HEX DUMP]:3082...
               (Main data is encoded here in this binary string)

  d=1  hl=2 l=  49 cons: SEQUENCE 
    d=2  hl=2 l=  33 cons: SEQUENCE          
      d=3  hl=2 l=   9 cons: SEQUENCE          
        d=4  hl=2 l=   5 prim: OBJECT         :sha1
        d=4  hl=2 l=   0 prim: NULL              
      d=3  hl=2 l=  20 prim: OCTET STRING     [HEX DUMP]:4878...
    d=2  hl=2 l=   8 prim: OCTET STRING       [HEX DUMP]:7C0A...
    d=2  hl=2 l=   2 prim: INTEGER            :0800

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

PKCS12 Certificate Bundle File

 What Is PKCS12 File Format

 "openssl pkcs12 -export" - Certificate and Key Bundle

 "openssl pkcs12 -export" - Certificate Chain and Key Bundle

 "openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle

 "openssl pkcs12 -export" - Limitations and Errors

 "keytool -genkeypair" - Certificate and Key Bundle

 "keytool -importcert" - Certificate-Only Bundle

 "keytool -storetype pkcs12" - Limitations and Errors

ASN.1 Data Structure of PKCS13 File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB