ASN.1

From MgmtWiki
Revision as of 06:32, 20 July 2021 by Tom (talk | contribs) (Solution)

Jump to: navigation, search

Full Title

Abstract Syntax Notation version 1 = ASN.1. Since there is no version 2, ASN is the typical abbreviation here.

Context

In the time before internet there was the 7 layer ISO model and a bunch of PTOs (mostly government postal and telegraphy organizations) worried by this new technology that wanted to dominate the identity layer of the internet. The result was a series of CCITT (now ITU-T) committees establish to translate the telephone industry white pages into the identity of every entity on the internet. This expanded to include X.400 series standards on electronic mail which went beyond that to create a security system base on ASN.1 X.500 series standards. The only legacy of that is the use of Distinguished Names in email directories, like Microsoft Outlook.

Abstract Syntax Notation One (ASN.1), which is defined in CCITT Recommendation X.208, is a way to specify abstract objects that will be serially transmitted. The set of ASN.1 rules for representing such objects as strings of ones and zeros is called the Distinguished Encoding Rules (DER), and is defined in CCITT Recommendation X.509, Section 8.7. These encoding methods are currently used to create the TLS certificates that are used to establish secure interchanges using HTTPS.

Problem

  1. Bureaucracy
  2. Complexity

Solution

  • Convert it all to json format so we don't need to spend so much effort understanding an syntax that was unnecessarily complex.
  • Visual studio editing tool
Data Types
Tag	Tag	
(dec) (hex)	Type
1	01	BOOLEAN
2	02	INTEGER
3	03	BIT STRING
4	04	OCTET STRING
5	05	NULL
6	06	OBJECT IDENTIFIER
9	09	REAL
10	0A	ENUMERATED
12	0C	UTF8String
16	10 & 30 *	SEQUENCE and SEQUENCE OF
17	11 & 31 *	SET and SET OF
18	12	NumericString
19	13	PrintableString (Upper and lower case letters, digits, space, apostrophe, left/right parenthesis, plus sign, comma, hyphen, full stop, solidus, colon, equal sign, question mark)
21	15	VideotexString
22	16	IA5String (internation ASCII)
23	17	UTCTime
24	18	GeneralizedTime
25	19	GraphicString
26	1A	VisibleString, ISO64String (printable ASCII + space)
27	1B	GeneralString
28	1C	UniversalString
29	1D	CHARACTER STRING
30	1E	BMPString
ss	Ax	This is a class of type used for extensions in certificates (ie a hack)

Subject Name

The subject field of a PKCS #10 certificate request contains the distinguished name of the entity requesting the certificate.

CertificationRequestInfo ::= SEQUENCE 
{
  version                 CertificationRequestInfoVersion,
  subject                 Name,
  subjectPublicKeyInfo    SubjectPublicKeyInfo,
  attributes              [0] IMPLICIT Attributes
}

The distinguished name consists of a sequence of relative distinguished names (RDNs). Each RDN consists of a set of attributes, and each attribute consists of an object identifier and a value. The data type of the value is identified by the DirectoryString structure.

Name ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeValue
AttributeTypeValue ::= SEQUENCE 
{
  type       EncodedObjectID,
  value      ANY 
}
DirectoryString ::= CHOICE  
{
  teletexString           TeletexString (SIZE (1..MAX)),
  printableString         PrintableString (SIZE (1..MAX)),
  universalString         UniversalString (SIZE (1..MAX)),
  utf8String              UTF8String (SIZE (1..MAX)),
  bmpString               BMPString (SIZE (1..MAX)) 
}

For more information, see https://docs.microsoft.com/en-us/windows/win32/seccertenroll/subject-names

References