Difference between revisions of "ASN.1"
(→Subject Name) |
m (→Solution) |
||
| Line 17: | Line 17: | ||
Tag Tag | Tag Tag | ||
(dec) (hex) Type | (dec) (hex) Type | ||
| − | 1 | + | 1 01 BOOLEAN |
2 02 INTEGER | 2 02 INTEGER | ||
3 03 BIT STRING | 3 03 BIT STRING | ||
Revision as of 10:18, 10 July 2021
Full Title
Abstract Syntax Notation version 1 = ASN.1. Since there is no version 2, ASN is the typical abbreviation here.
Context
In the time before internet there was the 7 layer ISO model and a bunch of PTOs (mostly government postal and telegraphy organizations) worried by this new technology that wanted to dominate the identity layer of the internet. The result was a series of CCITT (now ITU-T) committees establish to translate the telephone industry white pages into the identity of every entity on the internet. This expanded to include X.400 series standards on electronic mail which went beyond that to create a security system base on ASN.1 X.500 series standards. The only legacy of that is the use of Distinguished Names in email directories, like Microsoft Outlook.
Abstract Syntax Notation One (ASN.1), which is defined in CCITT Recommendation X.208, is a way to specify abstract objects that will be serially transmitted. The set of ASN.1 rules for representing such objects as strings of ones and zeros is called the Distinguished Encoding Rules (DER), and is defined in CCITT Recommendation X.509, Section 8.7. These encoding methods are currently used to create the TLS certificates that are used to establish secure interchanges using HTTPS.
Problem
- Bureaucracy
- Complexity
Solution
- Convert it all to json format so we don't need to spend so much effort understanding an syntax that was unnecessarily complex.
- Visual studio editing tool
Data Types Tag Tag (dec) (hex) Type 1 01 BOOLEAN 2 02 INTEGER 3 03 BIT STRING 4 04 OCTET STRING 5 05 NULL 6 06 OBJECT IDENTIFIER 9 09 REAL 10 0A ENUMERATED 12 0C UTF8String 16 10 & 30 * SEQUENCE and SEQUENCE OF 17 11 & 31 * SET and SET OF 18 12 NumericString 19 13 PrintableString 21 15 VideotexString 22 16 IA5String 23 17 UTCTime 24 18 GeneralizedTime 25 19 GraphicString 26 1A VisibleString, ISO64String 27 1B GeneralString 28 1C UniversalString 29 1D CHARACTER STRING 30 1E BMPString
Subject Name
The subject field of a PKCS #10 certificate request contains the distinguished name of the entity requesting the certificate.
CertificationRequestInfo ::= SEQUENCE
{
version CertificationRequestInfoVersion,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
attributes [0] IMPLICIT Attributes
}
The distinguished name consists of a sequence of relative distinguished names (RDNs). Each RDN consists of a set of attributes, and each attribute consists of an object identifier and a value. The data type of the value is identified by the DirectoryString structure.
Name ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeValue
AttributeTypeValue ::= SEQUENCE
{
type EncodedObjectID,
value ANY
}
DirectoryString ::= CHOICE
{
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX))
}
For more information, see https://docs.microsoft.com/en-us/windows/win32/seccertenroll/subject-names
References
- See the wiki page on Distinguished Encoding Rules for the most common encoding of ASN.1.
- Let's Encrypt web site description of ASN.1 and DER.
