OpenSSL ASN1_generate_nconf(3openssl)
NNNNAAAAMMMMEEEEASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation
functions SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS#include
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN These functions generate the ASN1 encoding of a string in anAAAASSSSNNNN1111_TTTTYYYYPPPPEEEE structure.
ssssttttrrrr contains the string to encode nnnnccccoooonnnnffff or ccccnnnnffff contains the optional configuration information where additional strings will be read from. nnnnccccoooonnnnffff will typically come from a configfile wherease ccccnnnnffff is obtained from an XXXX555500009999VVVV3333_CCCCTTTTXXXX structure
which will typically be used by X509 v3 certificate extension functions. ccccnnnnffff or nnnnccccoooonnnnffff can be set to NNNNUUUULLLLLLLL if no additional configuration will be used. GGGGEEEENNNNEEEERRRRAAAATTTTIIIIOOOONNNN SSSSTTTTRRRRIIIINNNNGGGG FFFFOOOORRRRMMMMAAAATTTT The actual data encoded is determined by the string ssssttttrrrr and the configuration information. The general format of the string is: [[[[mmmmooooddddiiiiffffiiiieeeerrrr,,,,]]]]ttttyyyyppppeeee[[[[::::vvvvaaaalllluuuueeee]]]] That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of ttttyyyyppppeeee, vvvvaaaalllluuuueeee and mmmmooooddddiiiiffffiiiieeeerrrr are explained below. SSSSUUUUPPPPPPPPOOOORRRRTTTTEEEEDDDD TTTTYYYYPPPPEEEESSSS The supported types are listed below. Unless otherwise specified only the AAAASSSSCCCCIIIIIIII format is permissible. BBBBOOOOOOOOLLLLEEEEAAAANNNN, BBBBOOOOOOOOLLLL This encodes a boolean type. The vvvvaaaalllluuuueeee string is mandatory and should be TTTTRRRRUUUUEEEE or FFFFAAAALLLLSSSSEEEE. Additionally TTTTRRRRUUUUEEEE, ttttrrrruuuueeee, YYYY, yyyy, YYYYEEEESSSS, yyyyeeeessss, FFFFAAAALLLLSSSSEEEE, ffffaaaallllsssseeee, NNNN, nnnn, NNNNOOOO and nnnnoooo are acceptable. NNNNUUUULLLLLLLL Encode the NNNNUUUULLLLLLLL type, the vvvvaaaalllluuuueeee string must not be present. IIIINNNNTTTTEEEEGGGGEEEERRRR, IIIINNNNTTTT Encodes an ASN1 IIIINNNNTTTTEEEEGGGGEEEERRRR type. The vvvvaaaalllluuuueeee string represents the value of the integer, it can be preceeded by a minus sign and is normally interpreted as a decimal value unless27/Mar/2010 Last change: 0.9.8o 1
OpenSSL ASN1_generate_nconf(3openssl)
the prefix 0000xxxx is included. EEEENNNNUUUUMMMMEEEERRRRAAAATTTTEEEEDDDD, EEEENNNNUUUUMMMM Encodes the ASN1 EEEENNNNUUUUMMMMEEEERRRRAAAATTTTEEEEDDDD type, it is otherwise identical to IIIINNNNTTTTEEEEGGGGEEEERRRR. OOOOBBBBJJJJEEEECCCCTTTT, OOOOIIIIDDDD Encodes an ASN1 OOOOBBBBJJJJEEEECCCCTTTT IIIIDDDDEEEENNNNTTTTIIIIFFFFIIIIEEEERRRR, the vvvvaaaalllluuuueeee string can be a short name, a long name or numerical format. UUUUTTTTCCCCTTTTIIIIMMMMEEEE, UUUUTTTTCCCC Encodes an ASN1 UUUUTTTTCCCCTTTTiiiimmmmeeee structure, the value should be in the format YYYYYYYYMMMMMMMMDDDDDDDDHHHHHHHHMMMMMMMMSSSSSSSSZZZZ. GGGGEEEENNNNEEEERRRRAAAALLLLIIIIZZZZEEEEDDDDTTTTIIIIMMMMEEEE, GGGGEEEENNNNTTTTIIIIMMMMEEEE Encodes an ASN1 GGGGeeeennnneeeerrrraaaalllliiiizzzzeeeeddddTTTTiiiimmmmeeee structure, the value should be in the format YYYYYYYYYYYYYYYYMMMMMMMMDDDDDDDDHHHHHHHHMMMMMMMMSSSSSSSSZZZZ. OOOOCCCCTTTTEEEETTTTSSSSTTTTRRRRIIIINNNNGGGG, OOOOCCCCTTTT Encodes an ASN1 OOOOCCCCTTTTEEEETTTT SSSSTTTTRRRRIIIINNNNGGGG. vvvvaaaalllluuuueeee represents the contents of this structure, the format strings AAAASSSSCCCCIIIIIIII and HHHHEEEEXXXX can be used to specify the format of vvvvaaaalllluuuueeee. BBBBIIIITTTTSSSSTTTTRRRRIIIINNNNGGGG, BBBBIIIITTTTSSSSTTTTRRRR Encodes an ASN1 BBBBIIIITTTT SSSSTTTTRRRRIIIINNNNGGGG. vvvvaaaalllluuuueeee represents the contents of this structure, the format strings AAAASSSSCCCCIIIIIIII, HHHHEEEEXXXX and BBBBIIIITTTTLLLLIIIISSSSTTTT can be used to specify the format of vvvvaaaalllluuuueeee. If the format is anything other than BBBBIIIITTTTLLLLIIIISSSSTTTT the number of unused bits is set to zero. BBBBMMMMPPPPSSSSTTTTRRRRIIIINNNNGGGG, VVVVIIIISSSSIIIIBBBBLLLLEEEESSSSTTTTRRRRIIIINNNNGGGG, VVVVIIIISSSSIIIIBBBBLLLLEEEE, PPPPRRRRIIIINNNNTTTTAAAABBBBLLLLEEEESSSSTTTTRRRRIIIINNNNGGGG, PPPPRRRRIIIINNNNTTTTAAAABBBBLLLLEEEE, TTTT66661111, TTTT66661111SSSSTTTTRRRRIIIINNNNGGGG, TTTTEEEELLLLEEEETTTTEEEEXXXXSSSSTTTTRRRRIIIINNNNGGGG, GGGGeeeennnneeeerrrraaaallllSSSSttttrrrriiiinnnngggg UUUUNNNNIIIIVVVVEEEERRRRSSSSAAAALLLLSSSSTTTTRRRRIIIINNNNGGGG, UUUUNNNNIIIIVVVV, IIIIAAAA5555, IIIIAAAA5555SSSSTTTTRRRRIIIINNNNGGGG, UUUUTTTTFFFF8888, UUUUTTTTFFFF8888SSSSttttrrrriiiinnnngggg, BBBBMMMMPPPP, These encode the corresponding string types. vvvvaaaalllluuuueeee represents the contents of this structure. The format can be AAAASSSSCCCCIIIIIIII or UUUUTTTTFFFF8888. SSSSEEEEQQQQUUUUEEEENNNNCCCCEEEE, SSSSEEEEQQQQ, SSSSEEEETTTT Formats the result as an ASN1 SSSSEEEEQQQQUUUUEEEENNNNCCCCEEEE or SSSSEEEETTTT type. vvvvaaaalllluuuueeee should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If vvvvaaaalllluuuueeee is absent then an empty SEQUENCE will be encoded. MMMMOOOODDDDIIIIFFFFIIIIEEEERRRRSSSS Modifiers affect the following structure, they can be used to add EXPLICIT or IMPLICIT tagging, add wrappers or to change the string format of the final type and value. The supported formats are documented below.27/Mar/2010 Last change: 0.9.8o 2
OpenSSL ASN1_generate_nconf(3openssl)
EEEEXXXXPPPPLLLLIIIICCCCIIIITTTT, EEEEXXXXPPPP Add an explicit tag to the following structure. This string should be followed by a colon and the tag value to use as a decimal value. By following the number with UUUU, AAAA, PPPP or CCCC UNIVERSAL,APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be
used, the default is CONTEXT SPECIFIC.
IIIIMMMMPPPPLLLLIIIICCCCIIIITTTT, IIIIMMMMPPPP This is the same as EEEEXXXXPPPPLLLLIIIICCCCIIIITTTT except IMPLICIT tagging is used instead. OOOOCCCCTTTTWWWWRRRRAAAAPPPP, SSSSEEEEQQQQWWWWRRRRAAAAPPPP, SSSSEEEETTTTWWWWRRRRAAAAPPPP, BBBBIIIITTTTWWWWRRRRAAAAPPPP The following structure is surrounded by an OCTET STRING, a SEQUENCE, a SET or a BIT STRING respectively. For a BIT STRING the number of unused bits is set to zero. FFFFOOOORRRRMMMMAAAATTTT This specifies the format of the ultimate value. It should be followed by a colon and one of the strings AAAASSSSCCCCIIIIIIII, UUUUTTTTFFFF8888, HHHHEEEEXXXX or BBBBIIIITTTTLLLLIIIISSSSTTTT. If no format specifier is included then AAAASSSSCCCCIIIIIIII is used. If UUUUTTTTFFFF8888 is specified then the value string must be a valid UUUUTTTTFFFF8888 string. For HHHHEEEEXXXX the output must be a set of hex digits. BBBBIIIITTTTLLLLIIIISSSSTTTT (which is only valid for a BIT STRING) is a comma separated list of the indices of the set bits, all other bits are zero. EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS A simple IA5String: IA5STRING:Hello World An IA5String explicitly tagged: EXPLICIT:0,IA5STRING:Hello World An IA5String explicitly tagged using APPLICATION tagging: EXPLICIT:0A,IA5STRING:Hello World A BITSTRING with bits 1 and 5 set and all others zero: FORMAT:BITLIST,BITSTRING:1,5 A more complex example using a config file to produce a SEQUENCE consiting of a BOOL an OID and a UTF8String:asn1 = SEQUENCE:seq_section
27/Mar/2010 Last change: 0.9.8o 3
OpenSSL ASN1_generate_nconf(3openssl)
[seq_section]
field1 = BOOLEAN:TRUE field2 = OID:commonName field3 = UTF8:Third field This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions (note: the field names such as 'coeff' are ignored and are present just for clarity):asn1=SEQUENCE:private_key
[private_key]
version=INTEGER:0 n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 e=INTEGER:0x010001 d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\ F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\ D4BD57 q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\ 46EC4F exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\ 9C0A39B9 exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\ E7B2458F coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\ 628657053A This example is the corresponding public key in a SubjectPublicKeyInfo structure:# Start with a SEQUENCE
asn1=SEQUENCE:pubkeyinfo# pubkeyinfo contains an algorithm identifier and the public key wrapped
# in a BIT STRING
[pubkeyinfo]algorithm=SEQUENCE:rsa_alg
pubkey=BITWRAP,SEQUENCE:rsapubkey27/Mar/2010 Last change: 0.9.8o 4
OpenSSL ASN1_generate_nconf(3openssl)
# algorithm ID for RSA is just an OID and a NULL
[rsa_alg]
algorithm=OID:rsaEncryption parameter=NULL# Actual public key: modulus and exponent
[rsapubkey] n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 e=INTEGER:0x010001 RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSSASN1_generate_nconf() and ASN1_generate_v3() return the
encoded data as an AAAASSSSNNNN1111_TTTTYYYYPPPPEEEE structure or NNNNUUUULLLLLLLL if an error
occurred.The error codes that can be obtained by ERR_get_error(3).
SSSSEEEEEEEE AAAALLLLSSSSOOOOERR_get_error(3)
HHHHIIIISSSSTTTTOOOORRRRYYYYASN1_generate_nconf() and ASN1_generate_v3() were added to
OpenSSL 0.9.827/Mar/2010 Last change: 0.9.8o 5
OpenSSL ASN1_generate_nconf(3openssl)
27/Mar/2010 Last change: 0.9.8o 6