On 23/07/2018 16:56, Christian Böhme wrote:
Hello all,I have been trying to find a way to ascertain that the contents of a file is a DER-encoded ASN.1 structure such as $ openssl version OpenSSL 1.0.2g 1 Mar 2016 $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -i 0:d=0 hl=4 l= 978 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData 15:d=1 hl=4 l= 963 cons: cont [ 0 ] 19:d=2 hl=4 l= 959 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :03 26:d=3 hl=3 l= 133 cons: SET 29:d=4 hl=3 l= 130 cons: cont [ 3 ] 32:d=5 hl=2 l= 1 prim: INTEGER :00 35:d=5 hl=2 l= 27 cons: cont [ 0 ] 37:d=6 hl=2 l= 9 prim: OBJECT :PBKDF2 48:d=6 hl=2 l= 14 cons: SEQUENCE 50:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:64C8DCE92BE6CF80 60:d=7 hl=2 l= 2 prim: INTEGER :0800 64:d=5 hl=2 l= 46 cons: SEQUENCE 66:d=6 hl=2 l= 11 prim: OBJECT :id-alg-PWRI-KEK 79:d=6 hl=2 l= 31 cons: SEQUENCE 81:d=7 hl=2 l= 11 prim: OBJECT :camellia-256-cbc 94:d=7 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:DC131C842F099909DF465439C1B06038 112:d=5 hl=2 l= 48 prim: OCTET STRING [HEX DUMP]:7BEFFB307D05C8242A040B371EEA3C6F59F082C415057BF5A71F67437B92668CEED9C46B0F57B4E4A077B1651892D9D5 162:d=3 hl=4 l= 816 cons: SEQUENCE 166:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 177:d=4 hl=2 l= 31 cons: SEQUENCE 179:d=5 hl=2 l= 11 prim: OBJECT :camellia-256-cbc 192:d=5 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:995169EEF15C876E5F1A92DAF6A129D7 210:d=4 hl=4 l= 768 prim: cont [ 0 ] Since the files to test are rather large, I'd be content with being able to have only the first couple of bytes inspected. It would appear that the -length option allows to do just that. However, whatever argument specified, I get this: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 4 Error in encoding 140548547200664:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 16 Error in encoding 140076397213336:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 32 Error in encoding 139879438956184:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 64 Error in encoding 139887577974424:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 128 Error in encoding 140008118994584:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 256 Error in encoding 140518349809304:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147: $ openssl asn1parse -in ciphertext.der -inform DER -offset 0 -length 512 Error in encoding 140042967262872:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:147: etcpp. The files to test are expected to be at least 512 bytes in size. What's the expected behaviour of the -length option, BTW?
Best option is to download the documents that specify the DER (or BER) ASN.1 Encoding, which is the X.690 (2015) ITU-T "recommendation" which was a freely downloadable PDF last time I checked. Note: For clarity, DER is basically the BER but using the simplest byte sequence for everything. BER can usually be converted to DER without knowing the data format specification (such as RFC2315 for EnvelopedData). From there, you can see that a DER (and BER) file is based on the following structure, nested and/or repeated as necessary: TAG An encoding of a data type number such as SEQUENCE or "OBJECT" (Actually an OID). Length Byte length of contents (Variable length length encoding, see X.690) Actual contents bytes according to TAG and specific data type such as pkcs7 or X.509 etc. Binary encoding of each type is in X.690 Repeat terminator if Length was the (BER only) indefinite code used when a program starts output before knowing the final length (See X.690) For example, the one you show below is thus: 0x30 (TAG for SEQUENCE) Some length value large enough to hold what follows, see X.690 0x06 (TAG for OBJECT id) Any definite encoding of length = 9 bytes(127 possibilities) 0x2A (The bytes of pkcs7-envelopedData=1.2.840.113549.1.7.3) 0x86 .840 0x48 0x86 .113549 0xF7 0x0D 0x01 .1 0x07 .7 0x03 .3 Rest not needed for identification of a pkcs7-envelopedData file. Note that same length values can be encoded in more than one way if the file is in BER format, as is often the case with PKCS#7 files. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
