asn1parse genstr question
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Apr 22 23:13:40 UTC 2019
On Tue, Apr 23, 2019 at 12:21:21AM +0300, Dmitry Belyavsky wrote:
> > For actual UTF-8 input, you can use:
> >
> > $ openssl asn1parse -out content -genstr 'FORMAT:UTF8,UTF8String:Он врет! Он не знает, КАК НАДО!' # [1]
> > 0:d=0 hl=2 l= 53 prim: UTF8STRING :Он врет! Он не знает, КАК НАДО!
> >
> > The "genstr" format is described in, for example:
> >
> > https://www.openssl.org/docs/man1.0.2/man3/ASN1_generate_nconf.html
>
> Thank you very much for your answer and especially for a brilliant example :)
>
> I'm trying to implement RFC 8398 and I try to create a valid certificate
> with EAI email in otherName.
>
> I expected that a line in the config file
>
> subjectAltName=otherName:1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8:医生@
The below worked for me:
subjectName = @alts
[alts]
otherName = 1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8String:виктор@например.рф
$ openssl asn1parse -in eecert.pem
0:d=0 hl=4 l= 858 cons: SEQUENCE
4:d=1 hl=4 l= 578 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 1 prim: INTEGER :02
16:d=2 hl=2 l= 13 cons: SEQUENCE
18:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
29:d=3 hl=2 l= 0 prim: NULL
31:d=2 hl=2 l= 20 cons: SEQUENCE
33:d=3 hl=2 l= 18 cons: SET
35:d=4 hl=2 l= 16 cons: SEQUENCE
37:d=5 hl=2 l= 3 prim: OBJECT :commonName
42:d=5 hl=2 l= 9 prim: UTF8STRING :Issuer CA
53:d=2 hl=2 l= 32 cons: SEQUENCE
55:d=3 hl=2 l= 13 prim: UTCTIME :190422230331Z
70:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :21190423230331Z
87:d=2 hl=2 l= 40 cons: SEQUENCE
89:d=3 hl=2 l= 38 cons: SET
91:d=4 hl=2 l= 36 cons: SEQUENCE
93:d=5 hl=2 l= 3 prim: OBJECT :commonName
98:d=5 hl=2 l= 29 prim: UTF8STRING :Виктор Духовный
129:d=2 hl=4 l= 290 cons: SEQUENCE
133:d=3 hl=2 l= 13 cons: SEQUENCE
135:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
146:d=4 hl=2 l= 0 prim: NULL
148:d=3 hl=4 l= 271 prim: BIT STRING
423:d=2 hl=3 l= 160 cons: cont [ 3 ]
426:d=3 hl=3 l= 157 cons: SEQUENCE
429:d=4 hl=2 l= 29 cons: SEQUENCE
431:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
436:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:041487FF5D9C758FDB282922102D0696834BD296A39D
460:d=4 hl=2 l= 31 cons: SEQUENCE
462:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
467:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014505CD4D6F75052F79EC51DA943AC099AD0079341
493:d=4 hl=2 l= 9 cons: SEQUENCE
495:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
500:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
504:d=4 hl=2 l= 19 cons: SEQUENCE
506:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
511:d=5 hl=2 l= 12 prim: OCTET STRING [HEX DUMP]:300A06082B06010505070301
525:d=4 hl=2 l= 59 cons: SEQUENCE
527:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
532:d=5 hl=2 l= 52 prim: OCTET STRING [HEX DUMP]:3032A03006082B06010505070809A0240C22D0B2D0B8D0BAD182D0BED18040D0BDD0B0D0BFD180D0B8D0BCD0B5D1802ED180D184
586:d=1 hl=2 l= 13 cons: SEQUENCE
588:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
599:d=2 hl=2 l= 0 prim: NULL
601:d=1 hl=4 l= 257 prim: BIT STRING
$ openssl asn1parse -in eecert.pem -strparse 532
0:d=0 hl=2 l= 50 cons: SEQUENCE
2:d=1 hl=2 l= 48 cons: cont [ 0 ]
4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.9
14:d=2 hl=2 l= 36 cons: cont [ 0 ]
16:d=3 hl=2 l= 34 prim: UTF8STRING :виктор@например.рф
--
Viktor.
More information about the openssl-users
mailing list