Skip to content

certificate disassembler.1

Jump to bottom Edit New page
mbenkmann edited this page Nov 20, 2015 · 2 revisions

CERTIFICATE-DISASSEMBLER(1)

NAME

certificate-disassembler - Analyse X.509 certificate and create source for certificate-assembler

SYNOPSIS

certificate-disassembler [defs.asn1 …​] inputfile.cert

DESCRIPTION

certificate-disassembler(1) reads an X.509 certificate in PEM or DER format and writes to stdout a JSON representation of the certificate compatible with certificate-assembler(1).

You can pass additional ASN.1 definition files defs.asn1 …​ with special HINTS (see section below) to allow certificate-disassembler(1) to decode custom certificate extensions into high level structures. Otherwise custom extensions that certificate-disassembler(1) does not know will produce hex-encoded OCTET or BIT STRINGS.

HINTS

The X.509 standard allows for extensions that consist of an OBJECT IDENTIFIER identifying the type of extension and an OCTET STRING that contains the DER-encoded data for the extension. All extension data can be represented hex-encoded. However if certificate-disassembler(1) knows the underlying definition of an extension it can produce more structured output. A lot of extension definitions are included by default. To inform certificate-disassembler(1) of other extensions, pass their ASN.1 definition files as extra arguments. Because certificate-disassembler(1) can not figure out on its own, which of the definitions in the provided extra files are extensions and which OBJECT IDENTIFIERS correspond to which type definitions, your ASN.1 files have to include hints in the following form:

id-Extension-extnValue-my-extension-name OBJECT IDENTIFIER ::= my-extension-oid
Extension-extnValue-my-extension-name ::= MyExtensionType

  • my-extension-name is an arbitrary identifier for your extension that needs to be unique.

  • my-extension-oid is the OBJECT IDENTIFIER stored in the extnID field for the custom extension.

  • MyExtensionType is the name of the type that defines the custom extension’s extnValue data.

For example the following hints are hardcoded in certificate-disassembler(1) to make it understand the extension extKeyUsage defined in RFC 5280:

id-Extension-extnValue-extKeyUsage OBJECT IDENTIFIER ::= id-ce-extKeyUsage
Extension-extnValue-extKeyUsage ::= ExtKeyUsageSyntax

AUTHOR

Matthias S. Benkmann, <msb@winterdrache.de>

SEE ALSO

certificate-assembler(1), openssl(1), RFC 5280, RFC 5480, RFC 4055

Add a custom footer
Add a custom sidebar
Clone this wiki locally