Original article from:
Http://blog.chinaunix.net/space.php? Uid = 20396006 & Do = Blog & id = 1951299
1. What is ASN.1 (Abstract Syntax 1 )?
ASN.1 is a standard set of ITU-T used to encode and represent common data types, which have printable string values, octal string values, bit string values, integer and other types of sequence values that are combined by shift. in short, ASN.1 specifies the method used to encode non-trivial data types so that any other platform or third-party tool can interpret the content. for example, the letter A is in some platforms with ASCII Encoding As the decimal value 97, while on other non-ASCII platforms, it may be another encoding. ASN.1 specifies a encoding method. on any platform, the letter A is encoded in a unified manner.
2. ASN.1 syntax.
ASN.1 syntax follows the traditional BNF style of the bucos paradigm. the most basic expression is name: = type. defines an element named name. Its type is type. for example, myname: = ia5string. defines an element or variable named myname. Its type is ASN.1 type ia5string (similar to ASCII string ).
2.1 ASN.1 explicit value (explict value ).
In some cases, we need to define an ASN.1 type. Its subset element contains a predefined value. name: = type (explict value ). explicit value (explict value ). it must be a value allowed by the ASN.1 type, and must also be a value allowed by the element. for example, myname ::= ia5string (Tom) indicates that myname is the ia5string encoding of the string Tom. for example, myname ::= ia5string (Tom | Joe) indicates that the string value can be either Tom or Joe.
This syntax is used to extend the fixed decoder. For example:
Publickey: = SEQUENCE {
Keytype Boolean (0 ),
Modulus integer,
Pubexponent integer
}
Privatekey ::= SEQUENCE {
Keytype Boolean (1)
Modulus integer,
Pubexponent integer,
Privateexponent integer
}
2.2 ASN.1 container (container)
A container is a value that contains other data types of the same or different types of elements (such as sequence value sequence or set value set type ). the purpose is to combine some complex data type sets. the ASN.1 Specification defines four container types: sequence, single sequence of, set and single set (setof ). although they have different meanings, the syntax is the same.
Name: = container {name type [name type...]} The content in square brackets and the number of elements in the container are optional. nested definitions can also be performed.
Example:
Userrecord: = SEQUENCE {
Name SEQUENCE {
First ia5string,
Last ia5string
},
DOB utctime
}
The structure in the C language is roughly translated as follows:
Struct userrecord {
Struct name {
Char * first,
Char * Last
};
Time_t DOB;
}
It is roughly translated into the following records in the Object Pascal Language (Object Pascal does not support nested records ):
Type
Name = record
First: string;
Last: string;
End;
Userrecord = record
Aname: Name;
DOB: datetime;
End;
2.3asn.1 Modifier
ASN.1 defines various modifiers, such as optional (optional), default, and choice ). they can change the expression declaration. it is typically used to define a type that requires flexible encoding and is not cumbersome to define.
<1>. Optional (optional ). As the name suggests, it indicates changing an element so that its type is optional During encoding. that is, the encoder can ignore this element. The decoder cannot assume that it will appear. however, when the two adjacent elements have the same type, the decoder may encounter some problems.
Definition: Name: = type optional
For example:
Float ::= SEQUENCE {
Exponent integer optional,
Mantissa integer,
Sign Boolean
}
When the decoder reads this structure, the first integer may be exponent or mantissa. We do not recommend this method to define the structure.
<2>. default ). default modifier allows the container to include default values. if the data value to be encoded is equivalent to its default value, it will be ignored in the sent data stream. for example:
Command: = SEQUENCE {
Token ia5string (NOP) default,
Parameter integer
}
If the encoder regards the token as a string NOP, the sequence is encoded as follows:
Command: = SEQUENCE {
Parameter integer
}
<3>. select (choice ). the Select modifier allows an element to have multiple possible values in a given instance. essentially, the decoder will try all the desired Decoding Algorithms until there is a type that fits. the selector is useful when a complex container contains other containers. for example:
Userkey: = SEQUENCE {
Name ia5string,
Startdate utctime,
Expire utctime,
Keydata CHOICE {
Ecckey ecckeytype,
Rsakey rsakeytype
}
}
In the preceding example, ECC is allowed to also allow public key certificates of RSA keys.
3. ASN.1 Data Type
ASN.1 defines multiple data types for a wide range of applications. Here we only discuss the data types related to cryptographic applications. We will discuss the following data types:
Any ASN.1 encoding starts with two bytes (or an octal group containing eight binary digits). They are generic regardless of the type. the first byte is a type identifier and contains some corrected bits. The second byte is the length.
3.1 ASN.1 header bytes
The header byte is at the beginning of ASN.1 encoding and consists of three parts. For example:
<1>. Category bit.
Classification bits is expressed by two digits to describe the context of the data to be interpreted.
| Bits 8 | Bits 7 | Category |
| 0 | 0 | Universal) |
| 0 | 1 | Application) |
| 1 | 0 | Context-specific) |
| 1 | 1 | Private) |
Among all types, general categories are the most commonly used.
<2>. Structured bit.
Constructed bit indicates whether a given encoding is structured with multiple encodings of the same type. Structured elements are required for the container type, because logically, they are only a set of other elements.
Structured elements have their own header bytes and length bytes, which are then individually encoded by each element component. That is to say, these element components can independently decode the ASN.1 data type.
Strictly speaking, the container class is the only data type that allows the use of structured bits. This is because only one encoding is allowed for the given content of other data types. Therefore, the structured bits of all other data types are 0.
<3>. original type.
The lower five bits of ASN.1 header bytes define 32 primitive types of ASN.1 (primitive type)
| Code | ASN.1 type | Function |
| 1 | Boolean | Store Boolean values |
| 2 | Integer | Large integer |
| 3 | Bit String | Storage space Array |
| 4 | Octal string | Store byte Arrays |
| 5 | Null | Reserved Bit (for example, in the selection modifier) |
| 6 | Object Identifier | Identification Algorithms and protocols |
| 16 | Sequence and single sequence | Containers with unclassified Elements |
| 17 | Set and single set | Containers with categorized Elements |
| 19 | Printable string | ASCII encoding (ignore some printable characters) |
| 22 | Ia5string | ASCII code |
| 23 | World coordination | Time in uniform format |
3.2 ASN.1 Length Encoding
According to the actual length of the encoding, ASN.1 defines two length encoding methods: long encoding and short encoding.
The highest bit of the encoded byte indicates the short encoding or long encoding, while the low 7 bit indicates a length instant number.
<1>. Short encoding.
In short encoding, the load length must be less than 128 bytes. The length instant count is used to indicate the length of the load. For example, to encode a 65 (0x41) load, you only need to set the length of the encoding byte to 0x41. Because its maximum bit is 0, the encoder can determine that this is short encoding and the length is 65.
<2>. long encoding.
In long encoding, additional abstract data is defined to encode the length. It is only applicable to all loads with a length of 128 bytes or more. In this mode, the immediate length is stored to indicate the number of bytes required for the load length. The length must be encoded in big-Endian format. (In fact, big endian stores the highest valid byte (MSB) at a low address, while littleendian stores the lowest valid byte (LSB) at a low address ).).
For example, it is encoded for a load with a length of 47310 (0xb8ce) because the length is greater than 127, so the long encoding mode is required. The actual length must be two bytes. The encoded bytes are 0x82, and the length value stored in the big-Endian format is 0xb80xce. The full length is encoded as 0x82 B8 ce.
3.3 ASN.1 Boolean Type
The load of Boolean encoding is either 0 or an octal group of all 1. The header byte starts with 0x01 and the length of the encoded byte is 0x01. The load content depends on the Boolean value.
| Boolean Value | Encoding |
| False | 0x01 01 00 |
| True | 0x01 01 FF |
3.4 ASN.1 Integer type
The integer type represents a signed scalar of any precision. Its Encoding is portable and platform-independent.
The positive integer encoding is relatively simple. Each byte represents a maximum integer of 255 (0xff). The actual values stored are divided into byte-sized numbers and stored in big-Endian format. For example:
Octal Group {XK, Xk-1 ,...., x0} is stored in descending order from XK to x0. encoding specifies that the maximum bit of the first byte of a positive integer must be 0, that is, the maximum value of XK must be 0. If it is 1, it is a negative number. for example, x = 49468 = 193*256 + 60 = 0xc1 * 0x FF + 0x3c; that is, X1 = 0xc1, X0 = 0x3c. according to normal regulations, the code should be 0x02 C1 3c, but the maximum bit of X1 is 1, which should be regarded as a negative number. the simplest method is to use the front-end zero-byte filling. the code is changed to 0x02 00 C1 3C.
The encoding of negative integers is complicated. first, we need to find a minimum 256 power so that it is larger than the absolute value of the negative number to be encoded. for example, x =-1555; the smallest power of 1555, Which is 256, is 256 ^ 2 = 65536. Then, the number is supplemented with a negative number to obtain a 2nd complement. 65536 + (-1555) = 63981 = 0xf9 * 0xff + 0x ed. it is encoded as 0x02 F9 ed.
Here are some examples of common integer encoding.
| Value | Encoding |
| 0 | 0x02 01 00 |
| 1 | 0x02 01 01 |
| 2 | 0x02 01 02 |
| 127 | 0x02 01 7f |
| 128 | 0x02 02 00 80 |
| -1 | 0x02 01 FF |
| -128 | 0x02 01 80 |
| -32768 | 0x02 02 80 00 |
| 1234567890 | 0x02 04 49 96 02 D2 |
3.5 ans.1 bit string type
The bitstring type represents a bitarray in portable form. in addition to the ASN.1 header, there is an additional header used to indicate the data to be filled (usually one byte, because the padding is used to form a complete byte ). encoding Rules: Put the first character of a bit string to the first character of the load byte, and put the second character of a bit string to the first character of the load byte to the second character. fill the first load byte, and then fill the second load byte. if the last load byte is not fully filled, the null bit is filled with 0, and the number of 0 is stored in the header to indicate the byte that fills the data.
The following is an example:
There is a single string {,}, starting to fill the load bytes. the first byte is filled with 10001110 = 0x 8e; the second byte is filled with 10010000 = 0x90, and the fourth low byte is filled with space. then, the load is 2 bytes plus a byte 0x04 that indicates the number of digits to fill in a total of 3 bytes. the complete code is: 0x03 03 04 8e 90.
The decoder calculates the 8 x Load Length-fill number to obtain the number of digits required for the storage output.
3.6 ASN.1 eight-bit group string type
Octet string is a byte array, which is similar to bitstring. this encoding is very simple. You can encode the header like other types, and then copy the octal group directly. for example, encode {Fe, Ed, 6a, B4}. The storage type is 0x04, followed by the length 0x04, and then the byte 0xfe ed 6a B4; the complete code is 0x04 04 Fe ed6a B4.
3.7 null type
The null type is actually a placeholder, which is unique to the selection Modifier with blank options. For example:
Myaccount: = SEQUENCE {
Name ia5string,
Group ia5string,
Credentials CHOICE {
Rsakey rsapublickey,
Passwdhash octet string,
None null
}
}
In the above structure, the account certificate should contain an RSA key, a password hash value, or nothing.
The null encoding is 0x05 00.
3.8 ASN.1 object identifier type
Object Identifier (OID) types use hierarchical representation of standard specifications. the identifier tree is defined by a point-to-point decimal symbol. This symbol starts with an organization, Sub-division, and then a standard type and their respective sub-identifiers.
For example, the MD5 oid is 1.2.840.113549.2.5, which indicates "ISO (1) member-body (2) US (840) rsadsi (113549) digestalgorithm (2) MD5 (5 )", so when the decoder sees this OID, it will know that it is an MD5 hash.
Oid is very popular in Public Key algorithm standards. It specifies which hash algorithm is bound to the certificate. likewise, there are public key algorithms, grouping algorithms, and operation mode oid. they are an efficient and portable representation of the algorithm selected in the data packet.
Encoding Rules for OID:
For example, 30331 = 1*128 ^ 2 + 108*128 + 123 is split into seven digits (0x80) and then set the highest bit for {1,108,123} to {129,236,123 }. if the word has only one 7-digit number, the maximum value is 0.
MD5 OID encoding:
1. Convert 1.2.840.113549.2.5 to a Word Array {42,840,113 rows, 2, 5 }.
2. divide each word into seven digits with the highest digit, {0x2a}, {0x48}, {0x86, 0xf7, 0x0d }, {0x02 },{ 0x05 }}.
3. The complete code is 0x06 08 2a 86 48 86 F7 0d 02 05.
3.9 ASN.1 sequence and set type
Sequence and single sequence, and corresponding set and single set are called "structure" type or simple container. they are a simple method to collect related data elements into an independent decoded element.
Sequence encoding has the following properties:
1. The encoding is structured. That is, the length of the header byte 6 must be set.
2. the encoding content is composed of the full encoding of all data type values in the ASN.1 sequence type definition list and encoded according to the order in which they appear, unless these types are optional (optional) or the default keyword is referenced.
For example, consider the following sequence:
User: = SEQUENCE {
Id integer,
Active Boolean
}
When the value is {32, true}, the encoding is 0x30 06 02 01 20 01 01 ff}. In ASN.1, spaces are used to represent the encoding attribute.
0x30 06
02 01 20
01 01 FF
3.10 ASN.1 printable string and ia5string type
Printablestring and ia5string types define a portable method independent of the local code page and character set definition. ASCII strings can be encoded as readable strings on any platform.
The printable String object is a finite subset of the ASCII set, which contains 32, 39, 40 ~ ~ 58,61, 63 and 65 ~ 122.
The ia5string encoding objects are the majority of ASCII objects, including null, Bel, tab, NL, lf, Cr, and 32 ~ 126.
The printable string and ia5string are encoded similarly to octal strings. the header bytes of the printable string are 0x13, and the ia5string is 0x16. for example, "Hello world" is encoded as 0x13 0b 48 65 6D 6f 20 57 6f 72 6D 64.
3.11 ASN.1 global coordination time type
Utctime defines a standard time (encoded by date) relative to the GMT time. it uses the format of "yymmddhhmmssz" to indicate year, month, day, hour, minute, and second, respectively. "Z" is the original utctime. if no "Z" exists, two additional groups are allowed: [+/-] HH 'mm '", the "hh" and "mm" are respectively the time difference and the difference. if "Z" exists, the time is expressed in Zulu or GMT time.
The character string encoding is converted according to the ia5string Encoding Rules (ASCII character set). The header byte is 0x17 rather than 0x16. For example:
July 4,2003 at and 28 seconds are encoded as "030704113328z", and then 0x17 0d 30 33 30 37 30 34 31 31 33 32 38 5A.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
