ASN.1 Data Structure of PKCS7 File

This section provides a tutorial example to show the ASN.1 data structure of a PKCS12 file.

Since a PKCS7 file is written in the ASN.1 language, you can parse its data structure using the "openssl asn1parse" command as shown below:

herong$ openssl asn1parse -inform PEM -in chain-cert.p7b

     0:d=0  hl=4 l=1344 cons: SEQUENCE          
     4:d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
    15:d=1  hl=4 l=1329 cons: cont [ 0 ]        
    19:d=2  hl=4 l=1325 cons: SEQUENCE          
    23:d=3  hl=2 l=   1 prim: INTEGER           :01
    26:d=3  hl=2 l=   0 cons: SET               
    28:d=3  hl=2 l=  11 cons: SEQUENCE          
    30:d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
    41:d=3  hl=4 l=1299 cons: cont [ 0 ]        
    45:d=4  hl=4 l= 367 cons: SEQUENCE          
    49:d=5  hl=3 l= 248 cons: SEQUENCE          
    52:d=6  hl=2 l=   2 prim: INTEGER           :1003
    56:d=6  hl=2 l=   9 cons: SEQUENCE          
    58:d=7  hl=2 l=   7 prim: OBJECT            :ecdsa-with-SHA1
    67:d=6  hl=2 l=  42 cons: SEQUENCE          
    69:d=7  hl=2 l=  11 cons: SET               
    71:d=8  hl=2 l=   9 cons: SEQUENCE          
    73:d=9  hl=2 l=   3 prim: OBJECT            :countryName
    78:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :ZZ
    82:d=7  hl=2 l=  27 cons: SET               
    84:d=8  hl=2 l=  25 cons: SEQUENCE          
    86:d=9  hl=2 l=   3 prim: OBJECT            :commonName
    91:d=9  hl=2 l=  18 prim: PRINTABLESTRING   :ZZ Intermediate CA
...

The output can be reformatted to show the levels of the data structure:

d=0  hl=4 l=1344 cons: SEQUENCE          
  d=1  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
  d=1  hl=4 l=1329 cons: cont [ 0 ]        
    d=2  hl=4 l=1325 cons: SEQUENCE          
      d=3  hl=2 l=   1 prim: INTEGER           :01
      d=3  hl=2 l=   0 cons: SET               
      d=3  hl=2 l=  11 cons: SEQUENCE          
        d=4  hl=2 l=   9 prim: OBJECT            :pkcs7-data
      d=3  hl=4 l=1299 cons: cont [ 0 ]        
        d=4  hl=4 l= 367 cons: SEQUENCE          
          d=5  hl=3 l= 248 cons: SEQUENCE          
            d=6  hl=2 l=   2 prim: INTEGER           :1003
            d=6  hl=2 l=   9 cons: SEQUENCE          
              d=7  hl=2 l=   7 prim: OBJECT            :ecdsa-with-SHA1
            d=6  hl=2 l=  42 cons: SEQUENCE          
              d=7  hl=2 l=  11 cons: SET               
                d=8  hl=2 l=   9 cons: SEQUENCE          
                  d=9  hl=2 l=   3 prim: OBJECT            :countryName
                  d=9  hl=2 l=   2 prim: PRINTABLESTRING   :ZZ
              d=7  hl=2 l=  27 cons: SET               
                d=8  hl=2 l=  25 cons: SEQUENCE          
                  d=9  hl=2 l=   3 prim: OBJECT            :commonName
                  d=9  hl=2 l=  18 prim: PRINTABLESTRING   :ZZ Intermediate CA
            d=6  hl=2 l=  30 cons: SEQUENCE          
              d=7  hl=2 l=  13 prim: UTCTIME           :241124141910Z
              d=7  hl=2 l=  13 prim: UTCTIME           :251124141910Z
            d=6  hl=2 l=  35 cons: SEQUENCE          
              d=7  hl=2 l=  11 cons: SET               
                d=8  hl=2 l=   9 cons: SEQUENCE          
                  d=9  hl=2 l=   3 prim: OBJECT            :countryName
                  d=9  hl=2 l=   2 prim: PRINTABLESTRING   :ZZ
              d=7  hl=2 l=  20 cons: SET               
                d=8  hl=2 l=  18 cons: SEQUENCE          
                  d=9  hl=2 l=   3 prim: OBJECT            :commonName
                  d=9  hl=2 l=  11 prim: PRINTABLESTRING   :Herong Yang
            d=6  hl=2 l= 118 cons: SEQUENCE          
              d=7  hl=2 l=  16 cons: SEQUENCE          
                d=8  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
                d=8  hl=2 l=   5 prim: OBJECT            :secp384r1
              d=7  hl=2 l=  98 prim: BIT STRING        
          d=5  hl=2 l=   9 cons: SEQUENCE          
            d=6  hl=2 l=   7 prim: OBJECT            :ecdsa-with-SHA1
          d=5  hl=2 l= 103 prim: BIT STRING   
     
        d=4  hl=4 l= 413 cons: SEQUENCE    
          ... Second certificate encoded here

        d=4  hl=4 l= 507 cons: SEQUENCE
          ... Third certificate encoded here

      d=3  hl=2 l=   0 cons: cont [ 1 ]        
      d=3  hl=2 l=   0 cons: SET        

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

PKCS7 Certificate Chain File

 What Is PKCS7 File Format

 "openssl crl2pkcs7 -nocrl" - PKCS7 Certificate File

 "openssl crl2pkcs7 -nocrl" - PKCS7 Certificate Chain

ASN.1 Data Structure of PKCS7 File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB