4 Replies Latest reply: Mar 16, 2012 3:10 PM by 924499 RSS

    X509 encoded certificate   - is it really ASN.1?

    918776
      I can get a good Certificate from encoded bytes bcert

      ByteArrayInputStream bis = new ByteArrayInputStream(bcert);
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      X509Certificate cert = (X509Certificate)cf.generateCertificate(bis);

      my question: is an encoded certificate (eg bcert) a good ASN.1 ?

      I cant DeCode with marben nor with codec.sourceforge

      Am I wasting my time looking for an ASN.1 decoder? anyway java decodes the bytes to a certificate just fine.
        • 1. Re: X509 encoded certificate   - is it really ASN.1?
          EJP
          According to the Javadoc for CertificateFactory.generateCertificates(), the input it recognizes is DER-encoded and may be further Base64-encoded, with the familiar -----BEGIN CERTIFICATE-----/-----END CERTIFICATE----- header and trailer, or a PKCS#7 certificate chain.
          • 2. Re: X509 encoded certificate   - is it really ASN.1?
            918776
            I am giving up looking for ASN.1 decoders
            marben does NOT decode codec.sourceforge does NOT decode ViewBer does NOT decode
            I guess oughta look for DER decoders

            ASN1VE thinks it has decoded, but gives final element a bitstring 1022 which you might think was the public key,
            except it isnt

            and I believe the last item is 2.5.29.19 BasicConstraints 0402300 (java says so, and 0402300 << 2 = 1008C00 whereas my encoded ends in ...C08C0 notice some matching bits?


            I've been waiting since the 90's for X509 to get rational.
            Thanks Almighty that Java at least has come to the party.

            PS
            ASN1VE does display some objects which java says are CN C L O OU et al
            wo its not totally useless - maybe it has a DER switch ?

            Edited by: 915773 on 14-Mar-2012 20:46
            • 3. Re: X509 encoded certificate   - is it really ASN.1?
              EJP
              DER and BER are encodings of ASN.1. There is no such thing as an ASN.1 decoder itself as far as I am aware.
              • 4. Re: X509 encoded certificate   - is it really ASN.1?
                924499
                Yes, Certificates are encoded using ASN.1 DER (Distinguished Encoding Rules). There are several good ASN.1 Tools which can encode/decode valid Certificates using various programming languages: Java, C, C++, C# and more. A good list of ASN.1 Tools can be found at http://www.itu.int/ITU-T/asn1/links/index.htm.

                Consider trying a free trial of the OSS ASN.1 Tools which includes ASN.1 Studio, an IDE that allows you to compile ASN.1 specifications and encode/decode messages without writing any code. Go to http://www.oss.com/asn1/products/asn1-download.html to download a free trial.