Openssl asn1parse命令

1、簡介

asn1parse命令是一種用來診斷ASN.1結構的工具，也能用於從ASN1.1數據中提取數據

 

2、語法

openssl asn1parse [-inform PEM|DER] [-in filename] [-out filename] [-noout] [-offset number] [-length number] [-i] [- structure filename] [-strparse offset]

選項

-inform arg   input format - one of DER PEM
 -in arg       input file
 -out arg      output file (output format is always DER
 -noout arg    don't produce any output
 -offset arg   offset into file
 -length arg   length of section in file
 -i            indent entries
 -dump         dump unknown data in hex form
 -dlimit arg   dump the first arg bytes of unknown data in hex form
 -oid file     file of extra oid definitions
 -strparse offset
               a series of these can be used to 'dig' into multiple
               ASN1 blob wrappings
 -genstr str   string to generate ASN1 structure from
 -genconf file file to generate ASN1 structure from

 

3、ASN.1結構

0:d=0  hl=4 l= 710 cons: SEQUENCE

0 表示節點在整個文件中的偏移長度

d=0 表示節點深度

hl=4 表示節點頭字節長度

l=710 表示節點數據字節長度

cons 表示該節點爲結構節點，表示包含子節點或者子結構數據

prim 表示該節點爲原始節點，包含數據

SEQUENCE、OCTETSTRING等都是ASN.1中定義的數據類型，具體能夠參考ASN.1格式說明。

最後一個節點OCTET STRING      [HEX DUMP]，就是加密後的私鑰數據。

 

4、實例

1）分析一個文件

openssl asn1parse -in ec_pubkey.pem

2）分析一個DER文件

openssl asn1parse -inform DER -in file.der

3）解析公鑰文件

openssl x509 -in cert.pem -pubkey -noout > pubkey.key

移除pem頭尾後進行base64解碼: openssl base64 x -in pubkey.key -out pubkey.bin

openssl asn1parse -in pubkey.key

    0:d=0  hl=3 l= 159 cons: SEQUENCE          

    3:d=1  hl=2 l=  13 cons: SEQUENCE          

    5:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption

   16:d=2  hl=2 l=   0 prim: NULL              

   18:d=1  hl=3 l= 141 prim: BIT STRING 

openssl asn1parse -strparse 18 -in pubkey.key

    0:d=0  hl=3 l= 137 cons: SEQUENCE          

    3:d=1  hl=3 l= 129 prim: INTEGER           :BD08016AC47043B12704EF63B82AA311204A627C550CB5E0B44FBF70731F5A19C3E1FAA36F8E52F6C8A673F3704B0A3F1888F665EBFB257D5689F36F805F2C7442A0E0F90B1E3542A08C5E347FA21

DE6CE84A572BAAC892DE8AF611B5B2F81E8DA3EEA6E6C92A488876DF0B9DD9CEECC2A22D0C985904F40740FFF49836DE2B7

  135:d=1  hl=2 l=   3 prim: INTEGER           :010001

4）解析私鑰文件

移除pem頭尾後進行base64解碼: openssl base64 -d -in cert.key -out prikey.key

openssl asn1parse -in prikey.key

    0:d=0  hl=4 l= 606 cons: SEQUENCE          

    4:d=1  hl=2 l=   1 prim: INTEGER           :00

    7:d=1  hl=3 l= 129 prim: INTEGER           :BD08016AC47043B12704EF63B82AA311204A627C550CB5E0B44FBF70731F5A19C3E1FAA36F8E52F6C8A673F3704B0A3F1888F665EBFB257D5689F36F805F2C7442A0E0F90B1E3542A08C5E347FA21

DE6CE84A572BAAC892DE8AF611B5B2F81E8DA3EEA6E6C92A488876DF0B9DD9CEECC2A22D0C985904F40740FFF49836DE2B7

  139:d=1  hl=2 l=   3 prim: INTEGER           :010001

  144:d=1  hl=3 l= 129 prim: INTEGER          :XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  276:d=1  hl=2 l=  65 prim: INTEGER           :XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  343:d=1  hl=2 l=  65 prim: INTEGER           :XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  410:d=1  hl=2 l=  64 prim: INTEGER           :XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  476:d=1  hl=2 l=  65 prim: INTEGER           :XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  543:d=1  hl=2 l=  65 prim: INTEGER           :XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

參考：ASN.1 key structures in DER and PEM