Re: questions about ASN.1

On 26 Nov 2006 22:06:02 -0800, yawnmoth <terra1024@xxxxxxxxx> wrote:
Say I'm trying to decode the following:

http://www.geocities.com/terra1024/paypal_cert_pem.txt

I remove the ---- stuff from the start and end and do a base64 decode.
The first few bytes are as follows:

30:82:03:a1:30:82:03:0a:a0

My interpretation of that is this. There's a constructed SEQUENCE of
929 bytes containing a constructed SEQUENCE of 778 bytes. This second
constructed SEQUENCE contains a constructed Context-specific class.

Looks right.

Is this correct? If so, then is there such a thing as a primitive
sequence?

No.

On the otherhand, some types (simple string types) you might
think are just primitive can also be constructed, e.g. an OCTET
STRING with the value ca fe da da could be BER encoded this way:

24 08 04 02 ca fe 04 02 da da
|
|
+- note that the constructed bit is set


Also, how do I decode something with a Context-specific class?
<http://www.columbia.edu/~ariel/ssleay/layman.html> suggests that
Universal classes can be decoded in any number of ways. The tag is the
ultimate determiner of how something gets decoded. So what about
Context-specific classes?

This bit from the Layman's Guide tells you: "...an implicitly tagged
type is considered the same as the underlying type, except that the
tag is different."

On otherwords, the underlying type is one of the universal
types (OCTET STRING, INTEGER, SEQUENCE, etc.) but with a
different tag value. The only way to know what that underlying
type is from the ASN.1 definition in the module for that bit
of ASN.1. I.e. the context tells you what it is.

Finally, to revisit a point Jeff Jacoby made...

To be more accurate, the BER/DER encoding rules use "octet"
and not byte, an important distinction.

What is the distinction?

Not all machines use 8-bit bytes. That's probably something
you don't need to worry about now too much, but it pays to be
accurate.

That said, thanks for the help, thus far, Tom St Denis and Jeff Jacoby!

You're welcome.

Another tool worth looking into is dumpasn1, by Peter Gutmann
(or is that one 'n'?). I believe the source is freely available,
just Google for it. It does a nice job of displaying the structure,
tags, and values of any BER/DER you feed it. It will also translate
many common OID values into their (semi-) readable names.

If you can find it, a Windows app. called VeiwBER.exe (I've also
seen ViewBERNT.exe) is a very nice parser, using the standard tree
view to show the structure of a piece of BER. Among other things,
it had the nice feature of digging into an OCTET STRING value and
decoding it as a piece of BER (which is common). Dumpasn1 will do
that too, btw, if you set the right switch. You can also select
just one field of a SEQUENCE or SET and save it to a seperate file.
At one time I think it was available off the IETF's S/MIME working
group site, but I don't know anymore.


Jeff

.