PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
ASN.1 Data Structure of PKCS13 File
This section provides a tutorial example to show the ASN.1 data structure of a PKCS12 file.
Since a PKCS12 file is written in the ASN.1 language, you can parse its data structure using the "openssl asn1parse" command as shown below:
herong$ openssl asn1parse -inform DER -in hy-cert-bundle.p12 0:d=0 hl=4 l=1478 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :03 7:d=1 hl=4 l=1420 cons: SEQUENCE 11:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data 22:d=2 hl=4 l=1405 cons: cont [ 0 ] 26:d=3 hl=4 l=1401 prim: OCTET STRING [HEX DUMP]:3082... 1431:d=1 hl=2 l= 49 cons: SEQUENCE 1433:d=2 hl=2 l= 33 cons: SEQUENCE 1435:d=3 hl=2 l= 9 cons: SEQUENCE 1437:d=4 hl=2 l= 5 prim: OBJECT :sha1 1444:d=4 hl=2 l= 0 prim: NULL 1446:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:4878... 1468:d=2 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:7C0A... 1478:d=2 hl=2 l= 2 prim: INTEGER :0800
The output can be reformatted to show the levels of the data structure:
d=0 hl=4 l=1478 cons: SEQUENCE d=1 hl=2 l= 1 prim: INTEGER :03 d=1 hl=4 l=1420 cons: SEQUENCE d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data d=2 hl=4 l=1405 cons: cont [ 0 ] d=3 hl=4 l=1401 prim: OCTET STRING [HEX DUMP]:3082... (Main data is encoded here in this binary string) d=1 hl=2 l= 49 cons: SEQUENCE d=2 hl=2 l= 33 cons: SEQUENCE d=3 hl=2 l= 9 cons: SEQUENCE d=4 hl=2 l= 5 prim: OBJECT :sha1 d=4 hl=2 l= 0 prim: NULL d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:4878... d=2 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:7C0A... d=2 hl=2 l= 2 prim: INTEGER :0800
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
►PKCS12 Certificate Bundle File
"openssl pkcs12 -export" - Certificate and Key Bundle
"openssl pkcs12 -export" - Certificate Chain and Key Bundle
"openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle
"openssl pkcs12 -export" - Limitations and Errors
"keytool -genkeypair" - Certificate and Key Bundle
"keytool -importcert" - Certificate-Only Bundle
"keytool -storetype pkcs12" - Limitations and Errors
►ASN.1 Data Structure of PKCS13 File