PKI Certificate Tutorials - Herong's Tutorial Examples - v1.10, by Herong Yang
ASN.1 Data Structure of PKCS7 File
This section provides a tutorial example to show the ASN.1 data structure of a PKCS12 file.
Since a PKCS7 file is written in the ASN.1 language, you can parse its data structure using the "openssl asn1parse" command as shown below:
herong$ openssl asn1parse -inform PEM -in chain-cert.p7b 0:d=0 hl=4 l=1344 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData 15:d=1 hl=4 l=1329 cons: cont [ 0 ] 19:d=2 hl=4 l=1325 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :01 26:d=3 hl=2 l= 0 cons: SET 28:d=3 hl=2 l= 11 cons: SEQUENCE 30:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 41:d=3 hl=4 l=1299 cons: cont [ 0 ] 45:d=4 hl=4 l= 367 cons: SEQUENCE 49:d=5 hl=3 l= 248 cons: SEQUENCE 52:d=6 hl=2 l= 2 prim: INTEGER :1003 56:d=6 hl=2 l= 9 cons: SEQUENCE 58:d=7 hl=2 l= 7 prim: OBJECT :ecdsa-with-SHA1 67:d=6 hl=2 l= 42 cons: SEQUENCE 69:d=7 hl=2 l= 11 cons: SET 71:d=8 hl=2 l= 9 cons: SEQUENCE 73:d=9 hl=2 l= 3 prim: OBJECT :countryName 78:d=9 hl=2 l= 2 prim: PRINTABLESTRING :ZZ 82:d=7 hl=2 l= 27 cons: SET 84:d=8 hl=2 l= 25 cons: SEQUENCE 86:d=9 hl=2 l= 3 prim: OBJECT :commonName 91:d=9 hl=2 l= 18 prim: PRINTABLESTRING :ZZ Intermediate CA ...
The output can be reformatted to show the levels of the data structure:
d=0 hl=4 l=1344 cons: SEQUENCE d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData d=1 hl=4 l=1329 cons: cont [ 0 ] d=2 hl=4 l=1325 cons: SEQUENCE d=3 hl=2 l= 1 prim: INTEGER :01 d=3 hl=2 l= 0 cons: SET d=3 hl=2 l= 11 cons: SEQUENCE d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data d=3 hl=4 l=1299 cons: cont [ 0 ] d=4 hl=4 l= 367 cons: SEQUENCE d=5 hl=3 l= 248 cons: SEQUENCE d=6 hl=2 l= 2 prim: INTEGER :1003 d=6 hl=2 l= 9 cons: SEQUENCE d=7 hl=2 l= 7 prim: OBJECT :ecdsa-with-SHA1 d=6 hl=2 l= 42 cons: SEQUENCE d=7 hl=2 l= 11 cons: SET d=8 hl=2 l= 9 cons: SEQUENCE d=9 hl=2 l= 3 prim: OBJECT :countryName d=9 hl=2 l= 2 prim: PRINTABLESTRING :ZZ d=7 hl=2 l= 27 cons: SET d=8 hl=2 l= 25 cons: SEQUENCE d=9 hl=2 l= 3 prim: OBJECT :commonName d=9 hl=2 l= 18 prim: PRINTABLESTRING :ZZ Intermediate CA d=6 hl=2 l= 30 cons: SEQUENCE d=7 hl=2 l= 13 prim: UTCTIME :241124141910Z d=7 hl=2 l= 13 prim: UTCTIME :251124141910Z d=6 hl=2 l= 35 cons: SEQUENCE d=7 hl=2 l= 11 cons: SET d=8 hl=2 l= 9 cons: SEQUENCE d=9 hl=2 l= 3 prim: OBJECT :countryName d=9 hl=2 l= 2 prim: PRINTABLESTRING :ZZ d=7 hl=2 l= 20 cons: SET d=8 hl=2 l= 18 cons: SEQUENCE d=9 hl=2 l= 3 prim: OBJECT :commonName d=9 hl=2 l= 11 prim: PRINTABLESTRING :Herong Yang d=6 hl=2 l= 118 cons: SEQUENCE d=7 hl=2 l= 16 cons: SEQUENCE d=8 hl=2 l= 7 prim: OBJECT :id-ecPublicKey d=8 hl=2 l= 5 prim: OBJECT :secp384r1 d=7 hl=2 l= 98 prim: BIT STRING d=5 hl=2 l= 9 cons: SEQUENCE d=6 hl=2 l= 7 prim: OBJECT :ecdsa-with-SHA1 d=5 hl=2 l= 103 prim: BIT STRING d=4 hl=4 l= 413 cons: SEQUENCE ... Second certificate encoded here d=4 hl=4 l= 507 cons: SEQUENCE ... Third certificate encoded here d=3 hl=2 l= 0 cons: cont [ 1 ] d=3 hl=2 l= 0 cons: SET
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File
"openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain
►ASN.1 Data Structure of PKCS7 File