This project implements:
-
an ASN.1 parser,
-
a timestamp verifier,
-
an evidence record parser,
-
an evidence record verifier, and
-
a generator of CertificateRequestInfo.
More information about the beA timestamp verifier in german language can be found in bea.adoc.
Mehr Informationen über die beA-Zeitstempelprüfung finden Sie in bea.adoc.
Everything is pretty low level. Sorry for that. This parser has some advantages over other ASN.1 parsers.
-
ASN.1 often contain other ASN.1 substructures like members of a list or even a string consisting of ASN.1 octets. This parser tries hard to descend into such potential ASN.1 substructures and parses them as well.
-
It ships a file
oid.propertiesthat provides human readable values for various oid keys. Do you have an ASN.1 file that is not fully covered by this property file? Simply add your missing properties and their human readable messages. You have just created an even better ASN.1 parser!
A CertificateRequestInfo is the part of a certificate signing request (CSR) without the signature and the signature algorithm. Or in other words: the payload of a CSR.
How to use it:
java -jar crypto-misc.jar asn1 <fileName>
java -jar crypto-misc.jar er <erName> <certName> <dataName>
java -jar crypto-misc.jar cri <pubKeyFile> <x500Name> <outputFile>Please fetch a binary release from github’s release page.
The following command might be useful in Germany. Imaging you have a time stamp signature but not the certificate from the signer but this tool needs the certificate to check the signature. The time stamp contains the certificate issuers dn (distinguished name) and the certificate’s serial number. Both values can be used the fetch the actual certificate from the ca (certificate authority).
ldapsearch -h ldap.nrca-ds.de -b 'dc=ldap,dc=nrca-ds,dc=de' -x '(&(x509issuer=CN=14R-CA 1:PN,o=Bundesnetzagentur,c=de)(x509serialNumber=960))'