Android_verify/third_party/android-libs/share/man/man1/openssl-asn1parse.1ossl

.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "OPENSSL-ASN1PARSE 1ossl"
.TH OPENSSL-ASN1PARSE 1ossl "2025-06-29" "3.3.2" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
openssl\-asn1parse \- ASN.1 parsing command
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBopenssl\fR \fBasn1parse\fR
[\fB\-help\fR]
[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBB64\fR]
[\fB\-in\fR \fIfilename\fR]
[\fB\-out\fR \fIfilename\fR]
[\fB\-noout\fR]
[\fB\-offset\fR \fInumber\fR]
[\fB\-length\fR \fInumber\fR]
[\fB\-i\fR]
[\fB\-oid\fR \fIfilename\fR]
[\fB\-dump\fR]
[\fB\-dlimit\fR \fInum\fR]
[\fB\-strparse\fR \fIoffset\fR]
[\fB\-genstr\fR \fIstring\fR]
[\fB\-genconf\fR \fIfile\fR]
[\fB\-strictpem\fR]
[\fB\-item\fR \fIname\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This command is a diagnostic utility that can parse \s-1ASN.1\s0 structures.
It can also be used to extract data from \s-1ASN.1\s0 formatted data.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-help\fR" 4
.IX Item "-help"
Print out a usage message.
.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBB64\fR" 4
.IX Item "-inform DER|PEM|B64"
The input format; the default is \fB\s-1PEM\s0\fR.
See \fBopenssl\-format\-options\fR\|(1) for details.
.IP "\fB\-in\fR \fIfilename\fR" 4
.IX Item "-in filename"
The input file, default is standard input.
.IP "\fB\-out\fR \fIfilename\fR" 4
.IX Item "-out filename"
Output file to place the \s-1DER\s0 encoded data into. If this
option is not present then no data will be output. This is most useful when
combined with the \fB\-strparse\fR option.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
Don't output the parsed version of the input file.
.IP "\fB\-offset\fR \fInumber\fR" 4
.IX Item "-offset number"
Starting offset to begin parsing, default is start of file.
.IP "\fB\-length\fR \fInumber\fR" 4
.IX Item "-length number"
Number of bytes to parse, default is until end of file.
.IP "\fB\-i\fR" 4
.IX Item "-i"
Indents the output according to the \*(L"depth\*(R" of the structures.
.IP "\fB\-oid\fR \fIfilename\fR" 4
.IX Item "-oid filename"
A file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this
file is described in the \s-1NOTES\s0 section below.
.IP "\fB\-dump\fR" 4
.IX Item "-dump"
Dump unknown data in hex format.
.IP "\fB\-dlimit\fR \fInum\fR" 4
.IX Item "-dlimit num"
Like \fB\-dump\fR, but only the first \fBnum\fR bytes are output.
.IP "\fB\-strparse\fR \fIoffset\fR" 4
.IX Item "-strparse offset"
Parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This
option can be used multiple times to \*(L"drill down\*(R" into a nested structure.
.IP "\fB\-genstr\fR \fIstring\fR, \fB\-genconf\fR \fIfile\fR" 4
.IX Item "-genstr string, -genconf file"
Generate encoded data based on \fIstring\fR, \fIfile\fR or both using
\&\fBASN1_generate_nconf\fR\|(3) format. If \fIfile\fR only is
present then the string is obtained from the default section using the name
\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as
though it came from a file, the contents can thus be examined and written to a
file using the \fB\-out\fR option.
.IP "\fB\-strictpem\fR" 4
.IX Item "-strictpem"
If this option is used then \fB\-inform\fR will be ignored. Without this option any
data in a \s-1PEM\s0 format input file will be treated as being base64 encoded and
processed whether it has the normal \s-1PEM BEGIN\s0 and \s-1END\s0 markers or not. This
option will ignore any data prior to the start of the \s-1BEGIN\s0 marker, or after an
\&\s-1END\s0 marker in a \s-1PEM\s0 file.
.IP "\fB\-item\fR \fIname\fR" 4
.IX Item "-item name"
Attempt to decode and print the data as an \fB\s-1ASN1_ITEM\s0\fR \fIname\fR. This can be
used to print out the fields of any supported \s-1ASN.1\s0 structure if the type is
known.
.SS "Output"
.IX Subsection "Output"
The output will typically contain lines like this:
.PP
.Vb 1
\&  0:d=0  hl=4 l= 681 cons: SEQUENCE
.Ve
.PP
\&.....
.PP
.Vb 10
\&  229:d=3  hl=3 l= 141 prim: BIT STRING
\&  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
\&  376:d=3  hl=3 l= 159 cons: SEQUENCE
\&  379:d=4  hl=2 l=  29 cons: SEQUENCE
\&  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
\&  386:d=5  hl=2 l=  22 prim: OCTET STRING
\&  410:d=4  hl=2 l= 112 cons: SEQUENCE
\&  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
\&  417:d=5  hl=2 l= 105 prim: OCTET STRING
\&  524:d=4  hl=2 l=  12 cons: SEQUENCE
.Ve
.PP
\&.....
.PP
This example is part of a self-signed certificate. Each line starts with the
offset in decimal. \f(CW\*(C`d=XX\*(C'\fR specifies the current depth. The depth is increased
within the scope of any \s-1SET\s0 or \s-1SEQUENCE.\s0 \f(CW\*(C`hl=XX\*(C'\fR gives the header length
(tag and length octets) of the current type. \f(CW\*(C`l=XX\*(C'\fR gives the length of
the contents octets.
.PP
The \fB\-i\fR option can be used to make the output more readable.
.PP
Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output.
.PP
In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option \f(CW\*(C`\-strparse 229\*(C'\fR to yield:
.PP
.Vb 3
\&    0:d=0  hl=3 l= 137 cons: SEQUENCE
\&    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
\&  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
.Ve
.SH "NOTES"
.IX Header "NOTES"
If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in
numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option
allows additional OIDs to be included. Each line consists of three columns,
the first column is the \s-1OID\s0 in numerical format and should be followed by white
space. The second column is the \*(L"short name\*(R" which is a single word followed
by whitespace. The final column is the rest of the line and is the
\&\*(L"long name\*(R". Example:
.PP
\&\f(CW\*(C`1.2.3.4       shortName       A long name\*(C'\fR
.PP
For any \s-1OID\s0 with an associated short and long name, this command will display
the long name.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Parse a file:
.PP
.Vb 1
\& openssl asn1parse \-in file.pem
.Ve
.PP
Parse a \s-1DER\s0 file:
.PP
.Vb 1
\& openssl asn1parse \-inform DER \-in file.der
.Ve
.PP
Generate a simple UTF8String:
.PP
.Vb 1
\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq
.Ve
.PP
Generate and write out a UTF8String, don't print parsed output:
.PP
.Vb 1
\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der
.Ve
.PP
Generate using a config file:
.PP
.Vb 1
\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der
.Ve
.PP
Example config file:
.PP
.Vb 1
\& asn1=SEQUENCE:seq_sect
\&
\& [seq_sect]
\&
\& field1=BOOL:TRUE
\& field2=EXP:0, UTF8:some random string
.Ve
.SH "BUGS"
.IX Header "BUGS"
There should be options to change the format of output lines. The output of some
\&\s-1ASN.1\s0 types is not well handled (if at all).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBopenssl\fR\|(1),
\&\fBASN1_generate_nconf\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.