ASN.1 / BER / DER coding subset Getting Started (a) RSA Laboratory Technical Note Author: Burton S.Kaliski Jr. final revision date: Nov 1,1993 translation: David (David@javaresearch.org), June 2002 Month Abstract: This note provides a Getting Started Guide for ASN.1 (Basic Encoding Rules) / DER (Basic Encoding Rules) / der (DISTING Encoding Rules) proposed by OSI. The main purpose of this article is to provide full background detail information to facilitate readers to better understand and implement PKCS series standards.
Translator Note: About security or communication, coding is a basic thing, whether it is essential for designers or codents. I hope that through the translation of this article, I am helping for those who face ASN.1 coding or because of the people who are semi-solved by ASN.1. After translation, I will use the JAVA bag of JCE or some Java vendors to demonstrate how to resolve and build an ASN.1 encoded object.
1. Introduction is also known, abstract is an effective means of solving software development problems. With abstraction, designers can define a part of the system without paying attention to how this department is actually achieved or expressed. This method makes it easy to implement, which simplifies the definition process such that certain "axict" can be declared before the component is implemented, and when designing high-level components, it is assumed that the lower part is achievable. Abstract is the characteristics of modern multi-software specifications. As one of the most complex systems today, open system interconnect (OSI) is an example of a large amount of abstraction. OSI is an internationally versatile standard system that has been the interconnection between the computer from the physical layer until the user layer. High-level objects are abstracted and will be implemented by the underlying object. For example, a service of a layer may need to pass an abstract object between the computer; a certain underlying may provide implementation of the 0,1 string, using some encoding rules to convert the high-level abstract object into these strings. The reason why OSI is called an open system is because it supports different service implementations at each layer. OSI's Description Abstract object method is called abstract syntax tag (ASN.1, defined in X.208), and 0,1 characters to represent such an object's rule set is called basic encoding rules (BER). ASN.1 is a very flexible marking method that allows a number of data types - from integers and bit strings, such as collections, sequences, and the like, can also be other complex definitions. BER describes how to represent an ASN.1 type and encode into an eight-bit string. There is generally more than one method encoding a given data, another coded set called DER (DISTINGUISHED Encoding Rules), which is a subset of BER, which is characterized by a unique encoding of each ASN.1 value. The purpose of this note is to fully describe the ASN.1 / Ber / DER encoding subset to facilitate understanding and implementation of the PKCS standards based on OSI-based applications and RSA data companies. This note includes an overview of ASN.1 / BER / DER, with a list of ASN.1 types, and their Ber / DER encoding. 2-4 Present an overview of ASN.1 / BER / DER, Section 5 lists some ASN.1 types, gives their representation, specific coding rules, examples, and their applications for PKCS Happening. Section 6 has made a summary of the X.500 distinguishing name as an example. This note does not talk about the advanced features of ASN.1 (for example, macro) because they do not have to implement PKCS. For other features and more details, readers should refer to CCITT's Recommendation documentation: X.208, X.209, define ASN.1 and BER in both documents. In terms of the terminology and representation of this notes, the byte refers to the 8-bit unsigned integer, and the 8th is the most important, and the first bit is the least important. The following indication will be used to represent an ASN.1 tag: Bit uses equation to represent text characters in the type and value mark; for example, it represents a paragraph value in hexadecimal. [i] N1 [/ i] wide body slope represents a variable [] square brackets indicate an optional {} brace indicate that the relevant terms | vertical bar representation can be selected in a set of values ... Secondary = equity indicates that the entry is expressed by some sub-entries. 2. Abstract syntax notation one Abstract syntax NOTATION ONE is a marker that describes the abstract type and value, abbreviated as ASN.1. In ASN.1, a type is a collection of values. Some types have a limited value, some have unlimited multiple. A given value of a given ASN.1 is an element in this type of collection. ASN.1 has four types: simple type, it is equivalent to atoms, no lower components; structural types, components; tag types, generated by other types; other types, including Choice and Any types. You can use ASN.1 assignment (:: =) to specify names and values, which can be used to define other types or values. In addition to Choice and Any types, each ASN.1 type has a label, consisting of a class and a non-negative label number. The tag value can be unique to distinguish the ASN.1 type. That is, the name of the ASN.1 type does not affect its abstract meaning, only the label value has this role. There are four types of labels: ● Universal: This type of meaning is the same in all Application. This type is only defined in X.208. ● Application: The meaning of this type is determined by Application, such as the X.500 directory service.
The types in two different applications can have the same Application-Specific tag but can have different meanings. ● Private: The meaning of this type is different from a given company. ● Context-specificum: The meaning of this type is different depending on the type of structure. The Context-Specific tag is used to distinguish the components type using the same lower tag in a given structure type context. The component type in two different structural types can have the same label but the meaning is different. The type with the Universal tag is defined in X.208, and the X.208 also gives the type of Universal tag value. The type of other tags is defined in many places, usually available via the Implicit or Explicit tag. Table 1 lists some of the ASN.1 types and its Universal-Class tags. (Translator Note: In order to express clarity, the field in the table is separated by underscore) ==== Type tag ================ Number_ (DECIMAL) ==== ==== Tag_number_ (hexadecimal) ________ INTEGER____________________2_________________________02________________________BIT_STRING_________________3_________________________03________________________OCTET_STRING_______________4_________________________04________________________NULL_______________________5_________________________05________________________OBJECT IDENTIFIER__________6_________________________06________________________SEQUENCE and SEQUENCE OF___16________________________10________________________SET and SET OF____________17________________________11_________________________PrintableString____________19________________________13________________________T61String__________________20________________________14________________________IA5String__________________22________________________16________________________UTCTime____________________23________________________17________________ ASN.1 types and values using a flexible, similar programming languages The symbol representation, the rules are as follows: The layered (wrap) has no special meaning; multiple spaces and multiple space lines are equivalent to a space. Note The end of a pair of condiction characters (-), or a pair of consecutive characters and a space-oriented identifier (name or field name) and type index (name of the name) consisting of case letters, numbers, even characters, and spaces The identifier begins with lowercase letters, and the type index begins with a capital letter. The following four sub-sections summarizes simple type, structural type, implicit and explicit tag type, and other types. Section 5 defines more details of the type. 2.1 Simple Types Essential Types No components, is the type of "atomic level".
ASN.1 defines several simple types, which are related to the PKCS standards as follows: ● Bit String: Bit stream consisting of 0 and 1 ● IA5String: Character flow consisting of IA5 (ASCII) characters ● Integer: An arbitrary Integer ● NULL: NULL value ● Object Identifier: Object identifier, there is a column integer configuration, used to determine objects, such as algorithm or attribute type ● OCTET STRING: arbitrary OCTET (8bit value) stream ● PrintableString: Arbitrary printed word stream ● T61String: T.61 (8bit) Any stream of characters ● Utctime: "COORDINATED Universal Time" or Greenwich average (GMT) value. Simple types are divided into two categories: String type and Non-string type. Bit String, IA5String, OcTet String, Printablestring, T61String, and Utctime are String Types. Considering the encoding, the String type can be constructed by the component, and the component is substring. This can be encoded even if the length of the value is not known in advance, the encoding can be encoded (eg, an OCTET STRING value input from a file stream). The String type can specify a size limit to limit the length of the value. 2.2 Structured Types The structural type consists of components. ASN.1 defines four kinds of PKCS standards: ● SEQUENCE: One or more types of ordered collection ● sequence of: 0 or a given type of ordered collection ● SET: one or Multiple types of disorderly sets ● Set of: 0 or a given type multiple times the disseminated collection structure type allows optional components. Optional components may have default. 2.3 Implicity and Explicitly Tagged Types Tagging in an application is useful for distinguishing types, tagging is often used to distinguish components type in a struct type. For example, optional components of the SET or SEQUENCE type are generally given different context-specific tags to avoid confusion. There are two ways to mark a type: implicitly and explicitly. The implicit tag type is generated by changing the label of its lower level based on other types of labels. Implicit tags use asn.1 keywords [class number] Implicit (see Section 5.1). Explicit tags are generated by adding an outer label to other types of labels based on the tabs of their underlying types. From the effect, the explicit tag type is a structural type containing a component, which is the lower layer type. Explicit tags are represented by ASN.1 keywords [Class Number] Explicit (see Section 5.2). Only those keywords [Class Number] are the same as the explicit label, unless the "module" ASN.1 type default is implicit tag. ("Module" belongs to advanced features, not within this document) From the point of view, the implicit tag type can be treated as the next type, unless the label is different. Explicit tag types can be considered as a structure type of components, which is the next type. The implicit tag can make the code shorter, but if the lower layer type is uncertain, the explicit label must avoid embarrassment (for example, the next type of choice or any). Other types in ASN.1 include Choice and Any types. The Choice Type represents a consortium that has one or more alternatives; an ANY type represents any value of any type, any type may be defined in the object identifier or integer value. 3. Basic Encoding Rules ASN.1 The basic coding rules define one or more methods that represent any ASN.1 value as an OCTET STRING, abbreviated as BER. (Of course, there are other methods, but BER is the standard for converting these values in OSI) Use BER, and an ASN.1 has three coding methods, which depends on the value of the value and the value of the value is known. These three methods are: basic, fixed length coding; structured, fixed length coding; and structured, umbellia.
Simple Non-String Types use the first (simple, fixed length coding); structural types can use any structured encoding method; the simple String type is known to use any method according to the length of the value. Implicit tab defined types You can use the following type of method, explicit label defined types using structured encoding methods. Each BER encoding method has three or four parts: ● Identifier OcTs: Defines the class and tag value of the ASN.1 value, indicating that the encoding method is simple or structured. ● Length OCTS: For the fixed length coding method, it pointed out the number of content OCTET; for structured, non-pilot coding methods, its name is unsure. ● Contents OcTes: For simple, fixed length coding methods, it gives a specific representation of the value; for a structured method, it gives the BER encoded of the value of the value. ● End-of-contents OcTes: For structured, non-fixed coding methods, it represents the end of the content; for other methods, there is no part. These three coding methods are introduced in the following sections. 3.1 Method for simple gendensive methods for simple types and types generated using implicit labels by using the simple type. It requires the length of the value. The part of the BER encoding is as follows: 1.Identifier octets, there are two forms: smaller tag value (between 0 and 30) and larger tag value (tag value is greater than equal to 31) ● low-tag- Number Form: An OcTet. Bit8 and bit7 represent classes (such as Table 2), bit6 value is 0, indicating that the encoding method is simplified. Bit5-1 gives the tag value. As shown in the following table: Class Bit 8 Bit 7 Universal 0 0 Application 0 1 Context-Specific 1 0 Private 1 1 ● High-tag-number form: Two or more OCTETs. The first OCTET form is like Low-Tag-Number Form, but bit5-1 is 1. The second and subsequent OCTET give the tag value, based on 128, the highest bit is first in order to use as few numbers as possible, each OCTET's bit8 is set to 1, the last one is 0.2.length optets: There are two Format: Short (length between 0 to 127) and long (length between 0 to 21008-1) ● Short Form: An OcTet, bit8 is 0, bit7-1 represents the length. ● Long form: 2-127 OcTets. The first OCTET's bit8 is 1, and Bit7-1 indicates how many OcTets used to represent the actual length. The second and subsequent OCTET give the actual length, based on 256, high numbers in the first. 3.Contents OcTes: The specific representation of the value is given (if the type is defined by the implicit tag, the value of the lower level type is given) Section 5 for specific types of details. 3.2 Structured Calibration Methods Structured, the constant method is suitable for simple String types, structural types, based on the type generated by implicit labels, based on any type, based on any type Explicit label generated type. The length of the required value is known in advance. The BER encoding method is as follows: 1. Identifier Octets: As in Section 3.1, the value of Bit6 is 1, indicating that the encoding method is structured. 2. Length OcTes: See Section 3.1.
