The piece that openssl doesn't handle is the rsaOAEP OID for the public
key. Here's a typical certificate dump. I'm trying to extract the public
modulus.
158 74: . . . SEQUENCE {
160 9: . . . . OBJECT IDENTIFIER rsaOAEP (1 2 840 113549 1 1 7)
: . . . . . (PKCS #1)
171 61: . . . . SEQUENCE {
173 11: . . . . . [0] {
175 9: . . . . . . SEQUENCE {
177 5: . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: . . . . . . . . (OIW)
184 0: . . . . . . . NULL
: . . . . . . . }
: . . . . . . }
186 24: . . . . . [1] {
188 22: . . . . . . SEQUENCE {
190 9: . . . . . . . OBJECT IDENTIFIER pkcs1-MGF (1 2 840 113549 1 1 8)
: . . . . . . . . (PKCS #1)
201 9: . . . . . . . SEQUENCE {
203 5: . . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: . . . . . . . . . (OIW)
210 0: . . . . . . . . NULL
: . . . . . . . . }
: . . . . . . . }
: . . . . . . }
212 20: . . . . . [2] {
214 18: . . . . . . SEQUENCE {
216 9: . . . . . . . OBJECT IDENTIFIER
: . . . . . . . . rsaOAEP-pSpecified (1 2 840 113549 1 1 9)
: . . . . . . . . (PKCS #1)
227 5: . . . . . . . OCTET STRING 54 43 50 41 00 TCPA.
: . . . . . . . }
: . . . . . . }
: . . . . . }
: . . . . }
234 271: . . . BIT STRING, encapsulates {
239 266: . . . . SEQUENCE {
243 257: . . . . . INTEGER
: . . . . . . 00 FB FD F9 09 63 15 A4.c..
: . . . . . . 62 5F 79 C7 A9 E2 F8 FFb_y.
: . . . . . . B4 C9 68 2F 32 F0 D4 3A..h/2..:
: . . . . . . 78 AF A3 51 D1 95 DF E3x..Q
[snip many lines of public modulus]
: . . . . . . 93 05 99 B3 0C 4C B7 FA.L..
: . . . . . . C4 36 BB 52 D1 B6 D5 9E.6.R
: . . . . . . D7 .
504 3: . . . . . INTEGER 65537
: . . . . . }
: . . . . }
: . . . }
--
Ken Goldman kgold...@us.ibm.com
914-945-2415 (862-2415)
From: Peter Sylvester
To:
Cc: Kenneth Goldman/Watson/IBM@IBMUS
Date: 09/05/2012 02:09 AM
Subject: Re: asn1 parsing tutorial
On 09/04/2012 10:47 PM, Ken Goldman wrote:
> Is there any tutorial or other documentation on how to use the openssl
asn1 parsing C functions?
> That is, not the command line.
>
> The man pages are empty. I found that the asn1parse command line
utility works, but the
> asn1pars.c code is completely uncommented. It will be a chore to reverse
engineer it with a debugger.
>
> ~~
>
> Use case: I have to parse a non-standard X.509 certificate that openssl
cannot handle at a higher
> level. I think I have to parse at a low level and pull out the data I
need.
>
> Any better ideas?
give more details about what you mean by non-standard x509?
are you talking about an non recognized extension for example?
or just show an example and what you want to extract.
/P
