-.\" $OpenBSD: openssl.1,v 1.33 2016/07/16 07:27:53 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.34 2016/07/17 16:33:17 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
.\"
.\" OPENSSL
.\"
-.Dd $Mdocdate: July 16 2016 $
+.Dd $Mdocdate: July 17 2016 $
.Dt OPENSSL 1
.Os
.Sh NAME
or
.Cm no- Ns Ar XXX
itself.
-.\"
-.\" ASN1PARSE
-.\"
.Sh ASN1PARSE
.nr nS 1
.Nm "openssl asn1parse"
-.Bk -words
.Op Fl i
.Op Fl dlimit Ar number
.Op Fl dump
.Op Fl genconf Ar file
.Op Fl genstr Ar str
.Op Fl in Ar file
-.Op Fl inform Ar DER | PEM | TXT
+.Op Fl inform Cm der | pem | txt
.Op Fl length Ar number
.Op Fl noout
.Op Fl offset Ar number
.Op Fl oid Ar file
.Op Fl out Ar file
.Op Fl strparse Ar offset
-.Ek
.nr nS 0
.Pp
The
.Ar str ,
file
.Ar file ,
-or both using
-.Xr ASN1_generate_nconf 3
-format.
+or both, using the format described in
+.Xr ASN1_generate_nconf 3 .
If only
.Ar file
is present then the string is obtained from the default section
.Fl out
option.
.It Fl i
-Indents the output according to the
+Indent the output according to the
.Qq depth
of the structures.
.It Fl in Ar file
-The input file; default is standard input.
-.It Fl inform Ar DER | PEM | TXT
+The input file; the default is standard input.
+.It Fl inform Cm der | pem | txt
The input format.
-.Ar DER
+.Cm der
.Pq Distinguished Encoding Rules
is binary format and
-.Ar PEM
+.Cm pem
.Pq Privacy Enhanced Mail ,
the default, is base64-encoded.
-.Ar TXT
+.Cm txt
is plain text.
.It Fl length Ar number
-Number of bytes to parse; default is until end of file.
+Number of bytes to parse; the default is until end of file.
.It Fl noout
Don't output the parsed version of the input file.
.It Fl offset Ar number
-Starting offset to begin parsing; default is start of file.
+Starting offset to begin parsing; the default is start of file.
.It Fl oid Ar file
A file containing additional object identifiers
.Pq OIDs .
-The format of this file is described in the
-.Sx ASN1PARSE NOTES
-section below.
-.It Fl out Ar file
-Output file to place the DER-encoded data into.
-If this option is not present, no encoded data will be output.
-This is most useful when combined with the
-.Fl strparse
-option.
-.It Fl strparse Ar offset
-Parse the content octets of the ASN.1 object starting at
-.Ar offset .
-This option can be used multiple times to
-.Qq drill down
-into a nested structure.
-.El
-.Sh ASN1PARSE OUTPUT
-The output will typically contain lines like this:
-.Bd -literal -offset 2n
-0:d=0 hl=4 l= 681 cons: SEQUENCE
-
-\&.....
-
-229:d=3 hl=3 l= 141 prim: BIT STRING
-373:d=2 hl=3 l= 162 cons: cont [ 3 ]
-376:d=3 hl=3 l= 159 cons: SEQUENCE
-379:d=4 hl=2 l= 29 cons: SEQUENCE
-381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
-386:d=5 hl=2 l= 22 prim: OCTET STRING
-410:d=4 hl=2 l= 112 cons: SEQUENCE
-412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
-417:d=5 hl=2 l= 105 prim: OCTET STRING
-524:d=4 hl=2 l= 12 cons: SEQUENCE
-
-\&.....
-.Ed
-.Pp
-This example is part of a self-signed certificate.
-Each line starts with the offset in decimal.
-.Cm d=XX
-specifies the current depth.
-The depth is increased within the scope of any SET or SEQUENCE.
-.Cm hl=XX
-gives the header length
-.Pq tag and length octets
-of the current type.
-.Cm l=XX
-gives the length of the content octets.
-.Pp
-The
-.Fl i
-option can be used to make the output more readable.
-.Pp
-Some knowledge of the ASN.1 structure is needed to interpret the output.
-.Pp
-In this example, the BIT STRING at offset 229 is the certificate public key.
-The content octets of this will contain the public key information.
-This can be examined using the option
-.Fl strparse Cm 229
-to yield:
-.Bd -literal
- 0:d=0 hl=3 l= 137 cons: SEQUENCE
- 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA
-F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A
-9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58
-BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9
- 135:d=1 hl=2 l= 3 prim: INTEGER :010001
-.Ed
-.Sh ASN1PARSE NOTES
If an OID
.Pq object identifier
is not part of
-.Nm OpenSSL Ns Li 's
+.Nm openssl Ns 's
internal table it will be represented in
numerical form
.Pq for example 1.2.3.4 .
-The file passed to the
-.Fl oid
-option allows additional OIDs to be included.
+.Pp
Each line consists of three columns:
the first column is the OID in numerical format and should be followed by
whitespace.
The second column is the
-.Qq short name
+.Qq short name ,
which is a single word followed by whitespace.
The final column is the rest of the line and is the
.Qq long name .
.Nm asn1parse
displays the long name.
-Example:
-.Pp
-.Dl \&"1.2.3.4 shortname A long name\&"
-.Sh ASN1 EXAMPLES
-Parse a file:
-.Pp
-.Dl $ openssl asn1parse -in file.pem
-.Pp
-Parse a DER file:
-.Pp
-.Dl $ openssl asn1parse -inform DER -in file.der
-.Sh ASN1PARSE BUGS
-There should be options to change the format of output lines.
-The output of some ASN.1 types is not well handled
-.Pq if at all .
+.It Fl out Ar file
+The DER-encoded output file; the default is no encoded output
+(useful when combined with
+.Fl strparse ) .
+.It Fl strparse Ar offset
+Parse the content octets of the ASN.1 object starting at
+.Ar offset .
+This option can be used multiple times to
+.Qq drill down
+into a nested structure.
+.El
.\"
.\" CA
.\"
projects / openbsd / commitdiff