The piece that openssl doesn't handle is the rsaOAEP OID for the public key. Here's a typical certificate dump. I'm trying to extract the public modulus.
158 74: . . . SEQUENCE { 160 9: . . . . OBJECT IDENTIFIER rsaOAEP (1 2 840 113549 1 1 7) : . . . . . (PKCS #1) 171 61: . . . . SEQUENCE { 173 11: . . . . . [0] { 175 9: . . . . . . SEQUENCE { 177 5: . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . (OIW) 184 0: . . . . . . . NULL : . . . . . . . } : . . . . . . } 186 24: . . . . . [1] { 188 22: . . . . . . SEQUENCE { 190 9: . . . . . . . OBJECT IDENTIFIER pkcs1-MGF (1 2 840 113549 1 1 8) : . . . . . . . . (PKCS #1) 201 9: . . . . . . . SEQUENCE { 203 5: . . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . . (OIW) 210 0: . . . . . . . . NULL : . . . . . . . . } : . . . . . . . } : . . . . . . } 212 20: . . . . . [2] { 214 18: . . . . . . SEQUENCE { 216 9: . . . . . . . OBJECT IDENTIFIER : . . . . . . . . rsaOAEP-pSpecified (1 2 840 113549 1 1 9) : . . . . . . . . (PKCS #1) 227 5: . . . . . . . OCTET STRING 54 43 50 41 00 TCPA. : . . . . . . . } : . . . . . . } : . . . . . } : . . . . } 234 271: . . . BIT STRING, encapsulates { 239 266: . . . . SEQUENCE { 243 257: . . . . . INTEGER : . . . . . . 00 FB FD F9 09 63 15 A4 .....c.. : . . . . . . 62 5F 79 C7 A9 E2 F8 FF b_y..... : . . . . . . B4 C9 68 2F 32 F0 D4 3A ..h/2..: : . . . . . . 78 AF A3 51 D1 95 DF E3 x..Q.... [snip many lines of public modulus] : . . . . . . 93 05 99 B3 0C 4C B7 FA .....L.. : . . . . . . C4 36 BB 52 D1 B6 D5 9E .6.R.... : . . . . . . D7 . 504 3: . . . . . INTEGER 65537 : . . . . . } : . . . . } : . . . } -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Peter Sylvester <peter.sylves...@edelweb.fr> To: Cc: Kenneth Goldman/Watson/IBM@IBMUS Date: 09/05/2012 02:09 AM Subject: Re: asn1 parsing tutorial On 09/04/2012 10:47 PM, Ken Goldman wrote: > Is there any tutorial or other documentation on how to use the openssl asn1 parsing C functions? > That is, not the command line. > > The man pages are empty. I found that the asn1parse command line utility works, but the > asn1pars.c code is completely uncommented. It will be a chore to reverse engineer it with a debugger. > > ~~ > > Use case: I have to parse a non-standard X.509 certificate that openssl cannot handle at a higher > level. I think I have to parse at a low level and pull out the data I need. > > Any better ideas? give more details about what you mean by non-standard x509? are you talking about an non recognized extension for example? or just show an example and what you want to extract. /P