Re: ASN.1 DER (de)/coding tools

From: Michel Gallant (neutron_at_istar.ca)
Date: 04/28/04 

Date: Wed, 28 Apr 2004 09:49:06 -0400

Note sure about standalone tool applications, but OpenSSL command
has pretty good capabilities (specifically using the config. file which
allows almost arbitrary customizations/extensions to certs).

CryptoAPI provides CryptEncode/DecodeObject functions form
asn.1 encoding to/from CryptoAPI structs:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/example_c_program_asn1_encoding_and_decoding.asp

There is a good example of this with certificate generation in the PSDK sample at:
  C:\Program Files\Microsoft SDK\Samples\Security\CryptoApi\CreateCert

For dumping asn.1 info alone, Peter Gutmann's dumpasn1 utility is handy:
  http://www.cs.auckland.ac.nz/~pgut001

- Mitch

"Lars Olaussen" <Isolauss@hotmail.com> wrote in message
news:OpZF5NQLEHA.2624@TK2MSFTNGP09.phx.gbl...
> Hi
>
> Does anyone know about tools to code/decode ASN.1 DER?
>
> Some of the things I'd like to achieve are:
> - extracting certificatePolicies information from a certificate,
> decode it, edit it, and re-encode it so I can use it as input to a
> new certificate (by certutil.exe -setextension)
> - extract subject information from a certificate, decode it, add a
> SN value, and re-encode it so I can replace the subject-information
> provided in the request.
> - define and combine different extKeyUsages and encode them to be
> used as input to certutil.exe -setextension
>
> I guess that these things could be made possible by using
> certificate templates in Certificate Services, but I'm not always
> using an Enterprise CA. It might also be required to edit a
> certificate request from a certificate template by using this
> method.
>
> I've been trying to find applications that could provide these
> features, but I haven't found any yet, so any suggestions would be
> appreciated.
>
>
> Regards,
> Lars Olaussen
> Isolauss@hotmail.com
>
>

Relevant Pages

  • Re: ASN.1 DER (de)/coding tools
    ... Note sure about standalone tool applications, ... CryptoAPI provides CryptEncode/DecodeObject functions form ... There is a good example of this with certificate generation in the PSDK sample at: ... > certificate templates in Certificate Services, ...
    (microsoft.public.platformsdk.security)
  • Re: Using Client Certificates that Require User Password Verificat
    ... My client application is written in .NET. ... object and am accessing the certificates through P/Invoke and the CryptoAPI. ... When accesssing the certificate through the CryptoAPI I am hoping that I can ... What API methods can I use to get at the password protected private key? ...
    (microsoft.public.platformsdk.security)
  • Re: Auto certificate and key generation to pfx
    ... but the classes merely use CryptoAPI for certain functionality. ... Best Practices for implementing Windows Server 2003 PKI: ... I suppose my question should have> been: is it possible to use the CryptoAPI to perform all> the tasks involved in requesting a certificate and> keypair, receiving the generated certificate and keypair,> exporting them to a pfx file and then deleting the cert> and private key off the machine? ... > I have found the example using the CryptoAPI to create a> certificate request. ...
    (microsoft.public.platformsdk.security)
  • Re: Basic questions about CryptoAPI
    ... setting up a certificate server and issuing certificates for clients is ... >> I have another question regarding the cost of using Microsoft ... But what about setting up a MS certificate ... >>> Capicom is an easier to use com wrapper that depends on the CryptoAPI. ...
    (microsoft.public.security)
  • Re: Basic questions about CryptoAPI
    ... setting up a certificate server and issuing certificates for clients is ... >> I have another question regarding the cost of using Microsoft ... But what about setting up a MS certificate ... >>> Capicom is an easier to use com wrapper that depends on the CryptoAPI. ...
    (microsoft.public.win2000.security)