ASN.1 Data Structure of PKCS13 File

PKI Certificate Tutorials - Herong's Tutorial Examples

∟ASN.1 Data Structure of PKCS13 File

This section provides a tutorial example to show the ASN.1 data structure of a PKCS12 file.

Since a PKCS12 file is written in the ASN.1 language, you can parse its data structure using the "openssl asn1parse" command as shown below:

herong$ openssl asn1parse -inform DER -in hy-cert-bundle.p12

    0:d=0  hl=4 l=1478 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :03
    7:d=1  hl=4 l=1420 cons: SEQUENCE          
   11:d=2  hl=2 l=   9 prim: OBJECT            :pkcs7-data
   22:d=2  hl=4 l=1405 cons: cont [ 0 ]        
   26:d=3  hl=4 l=1401 prim: OCTET STRING      [HEX DUMP]:3082...
 1431:d=1  hl=2 l=  49 cons: SEQUENCE 
 1433:d=2  hl=2 l=  33 cons: SEQUENCE          
 1435:d=3  hl=2 l=   9 cons: SEQUENCE          
 1437:d=4  hl=2 l=   5 prim: OBJECT            :sha1
 1444:d=4  hl=2 l=   0 prim: NULL              
 1446:d=3  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:4878...
 1468:d=2  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:7C0A...
 1478:d=2  hl=2 l=   2 prim: INTEGER           :0800

The output can be reformatted to show the levels of the data structure:

d=0  hl=4 l=1478 cons: SEQUENCE          
  d=1  hl=2 l=   1 prim: INTEGER           		:03
  d=1  hl=4 l=1420 cons: SEQUENCE          
    d=2  hl=2 l=   9 prim: OBJECT             :pkcs7-data
    d=2  hl=4 l=1405 cons: cont [ 0 ]        
      d=3  hl=4 l=1401 prim: OCTET STRING     [HEX DUMP]:3082...
               (Main data is encoded here in this binary string)

  d=1  hl=2 l=  49 cons: SEQUENCE 
    d=2  hl=2 l=  33 cons: SEQUENCE          
      d=3  hl=2 l=   9 cons: SEQUENCE          
        d=4  hl=2 l=   5 prim: OBJECT         :sha1
        d=4  hl=2 l=   0 prim: NULL              
      d=3  hl=2 l=  20 prim: OCTET STRING     [HEX DUMP]:4878...
    d=2  hl=2 l=   8 prim: OCTET STRING       [HEX DUMP]:7C0A...
    d=2  hl=2 l=   2 prim: INTEGER            :0800