From f8da7e1dfc1904689d23349f0139b6d4aacbb9c3 Mon Sep 17 00:00:00 2001 From: jmc Date: Sun, 17 Jul 2016 16:33:17 +0000 Subject: [PATCH] strip back asn1parse; ok beck jsing description of -out altered on jsing's advice --- usr.bin/openssl/openssl.1 | 135 ++++++++------------------------------ 1 file changed, 27 insertions(+), 108 deletions(-) diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1 index cad60f26709..08769c56e41 100644 --- a/usr.bin/openssl/openssl.1 +++ b/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.33 2016/07/16 07:27:53 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.34 2016/07/17 16:33:17 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: July 16 2016 $ +.Dd $Mdocdate: July 17 2016 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -207,27 +207,22 @@ is not able to detect pseudo-commands such as or .Cm no- Ns Ar XXX itself. -.\" -.\" ASN1PARSE -.\" .Sh ASN1PARSE .nr nS 1 .Nm "openssl asn1parse" -.Bk -words .Op Fl i .Op Fl dlimit Ar number .Op Fl dump .Op Fl genconf Ar file .Op Fl genstr Ar str .Op Fl in Ar file -.Op Fl inform Ar DER | PEM | TXT +.Op Fl inform Cm der | pem | txt .Op Fl length Ar number .Op Fl noout .Op Fl offset Ar number .Op Fl oid Ar file .Op Fl out Ar file .Op Fl strparse Ar offset -.Ek .nr nS 0 .Pp The @@ -248,9 +243,8 @@ Generate encoded data based on string .Ar str , file .Ar file , -or both using -.Xr ASN1_generate_nconf 3 -format. +or both, using the format described in +.Xr ASN1_generate_nconf 3 . If only .Ar file is present then the string is obtained from the default section @@ -262,134 +256,59 @@ the contents can thus be examined and written to a file using the .Fl out option. .It Fl i -Indents the output according to the +Indent the output according to the .Qq depth of the structures. .It Fl in Ar file -The input file; default is standard input. -.It Fl inform Ar DER | PEM | TXT +The input file; the default is standard input. +.It Fl inform Cm der | pem | txt The input format. -.Ar DER +.Cm der .Pq Distinguished Encoding Rules is binary format and -.Ar PEM +.Cm pem .Pq Privacy Enhanced Mail , the default, is base64-encoded. -.Ar TXT +.Cm txt is plain text. .It Fl length Ar number -Number of bytes to parse; default is until end of file. +Number of bytes to parse; the default is until end of file. .It Fl noout Don't output the parsed version of the input file. .It Fl offset Ar number -Starting offset to begin parsing; default is start of file. +Starting offset to begin parsing; the default is start of file. .It Fl oid Ar file A file containing additional object identifiers .Pq OIDs . -The format of this file is described in the -.Sx ASN1PARSE NOTES -section below. -.It Fl out Ar file -Output file to place the DER-encoded data into. -If this option is not present, no encoded data will be output. -This is most useful when combined with the -.Fl strparse -option. -.It Fl strparse Ar offset -Parse the content octets of the ASN.1 object starting at -.Ar offset . -This option can be used multiple times to -.Qq drill down -into a nested structure. -.El -.Sh ASN1PARSE OUTPUT -The output will typically contain lines like this: -.Bd -literal -offset 2n -0:d=0 hl=4 l= 681 cons: SEQUENCE - -\&..... - -229:d=3 hl=3 l= 141 prim: BIT STRING -373:d=2 hl=3 l= 162 cons: cont [ 3 ] -376:d=3 hl=3 l= 159 cons: SEQUENCE -379:d=4 hl=2 l= 29 cons: SEQUENCE -381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier -386:d=5 hl=2 l= 22 prim: OCTET STRING -410:d=4 hl=2 l= 112 cons: SEQUENCE -412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier -417:d=5 hl=2 l= 105 prim: OCTET STRING -524:d=4 hl=2 l= 12 cons: SEQUENCE - -\&..... -.Ed -.Pp -This example is part of a self-signed certificate. -Each line starts with the offset in decimal. -.Cm d=XX -specifies the current depth. -The depth is increased within the scope of any SET or SEQUENCE. -.Cm hl=XX -gives the header length -.Pq tag and length octets -of the current type. -.Cm l=XX -gives the length of the content octets. -.Pp -The -.Fl i -option can be used to make the output more readable. -.Pp -Some knowledge of the ASN.1 structure is needed to interpret the output. -.Pp -In this example, the BIT STRING at offset 229 is the certificate public key. -The content octets of this will contain the public key information. -This can be examined using the option -.Fl strparse Cm 229 -to yield: -.Bd -literal - 0:d=0 hl=3 l= 137 cons: SEQUENCE - 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FA -F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A -9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58 -BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9 - 135:d=1 hl=2 l= 3 prim: INTEGER :010001 -.Ed -.Sh ASN1PARSE NOTES If an OID .Pq object identifier is not part of -.Nm OpenSSL Ns Li 's +.Nm openssl Ns 's internal table it will be represented in numerical form .Pq for example 1.2.3.4 . -The file passed to the -.Fl oid -option allows additional OIDs to be included. +.Pp Each line consists of three columns: the first column is the OID in numerical format and should be followed by whitespace. The second column is the -.Qq short name +.Qq short name , which is a single word followed by whitespace. The final column is the rest of the line and is the .Qq long name . .Nm asn1parse displays the long name. -Example: -.Pp -.Dl \&"1.2.3.4 shortname A long name\&" -.Sh ASN1 EXAMPLES -Parse a file: -.Pp -.Dl $ openssl asn1parse -in file.pem -.Pp -Parse a DER file: -.Pp -.Dl $ openssl asn1parse -inform DER -in file.der -.Sh ASN1PARSE BUGS -There should be options to change the format of output lines. -The output of some ASN.1 types is not well handled -.Pq if at all . +.It Fl out Ar file +The DER-encoded output file; the default is no encoded output +(useful when combined with +.Fl strparse ) . +.It Fl strparse Ar offset +Parse the content octets of the ASN.1 object starting at +.Ar offset . +This option can be used multiple times to +.Qq drill down +into a nested structure. +.El .\" .\" CA .\" -- 2.20.1