Cryptography Tutorials - Herong's Tutorial Examples - v5.42, by Herong Yang
What Is DER (Distinguished Encoding Rules) Encoding?
This section describes the DER (Distinguished Encoding Rules) - A binary format of encoding a data value of any data types including nested data structures.
What Is DER? DER (Distinguished Encoding Rules) is one of ASN.1 encoding rules defined in ITU-T X.690, 2002, specification. ASN.1 encoding rules can be used to encode any data object into a binary file.
The basic encoding rule of DER is that a data value of all data types shall be encoded as four components in the following order:
Of course, complex data types are supported to create data values of nested structures like this example:
{ name {givenName "John",initial "P",familyName "Smith"}, title "Director", number 51, dateOfHire "19710917", nameOfSpouse {givenName "Mary",initial "T",familyName "Smith"}, children { { name {givenName "Ralph",initial "T",familyName "Smith"}, dateOfBirth "19571111" }, { name {givenName "Susan",initial "B",familyName "Jones"}, dateOfBirth "19590717" } } }
As you can see from this example, DER is flexible enough to encode almost any data object.
The full specification of DER is in "ITU-T X.690 - Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)" at http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf.
DER is used as the most popular encoding format to store X.509 certificates in files. Those certificate DER files are binary files, which can not be viewed with text editors. But they can be processed by application without any problems.
DER encoded certificate files are supported by almost all applications. "OpenSSL" and "keytool" support DER encoded certificate files with no problem. See other sections below for examples of certificate files saved in DER encoding.
Table of Contents
Introduction to AES (Advanced Encryption Standard)
DES Algorithm - Illustrated with Java Programs
DES Algorithm Java Implementation
DES Algorithm - Java Implementation in JDK JCE
DES Encryption Operation Modes
PHP Implementation of DES - mcrypt
Blowfish - 8-Byte Block Cipher
Secret Key Generation and Management
Cipher - Secret Key Encryption and Decryption
RSA Implementation using java.math.BigInteger Class
Introduction of DSA (Digital Signature Algorithm)
Java Default Implementation of DSA
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Cipher - Public Key Encryption and Decryption
OpenSSL Introduction and Installation
OpenSSL Generating and Managing RSA Keys
OpenSSL Generating and Signing CSR
OpenSSL Validating Certificate Path
"keytool" and "keystore" from JDK
"OpenSSL" Signing CSR Generated by "keytool"
Migrating Keys from "keystore" to "OpenSSL" Key Files
►Certificate X.509 Standard and DER/PEM Formats
►What Is DER (Distinguished Encoding Rules) Encoding?
What Is PEM (Privacy Enhanced Mail) Encoding?
"keytool" Exporting Certificates in DER and PEM
"OpenSSL" Viewing Certificates in DER and PEM
"OpenSSL" Generating Certificates in DER and PEM
"keytool" Viewing Certificates in DER and PEM
"keytool" Importing Certificates in DER and PEM
Migrating Keys from "OpenSSL" Key Files to "keystore"