The first week of study
asn.1 learning
asn.1 introduction
ASN.1 is a formal symbol used to describe the data transmitted through the telecommunications protocol, regardless of the language implementation and physical representation of these data, whether its application is complex or very simple.
asn.1 is a standard used to define the form of abstract data type specifications.
A certain number of predefined basic types are provided, for example:
- Integer (INTEGER)
- BOOLEAN
- String (IA5String, UniversalString ...)
- BIT STRING
- and many more
And you can define the type of construction, for example:
- Structure (SEQUENCE)
- List (SEQUENCE OF)
- Choose between types (CHOICE)
- and many more
Application of ASN.1 in certificate
The X.509 standard defines what the certificate should contain. The ASN.l standard can be used to describe the X.509 standard. In other words, ASN.1 is similar to pseudocode, which allows people to better understand and organize the X.509 standard.
The certificate has the following structure
Certificate ::= SEQUENCE
{
tbsCertificate TBSCertificate,
signatureAlgorithm Algorithmidentifier,
signature BIT STRING
}
- tbsCertificate: The core of the certificate, which contains server entity and CA organization information.
- signatureAlgorithm: describes the signature algorithm used to sign the content of tbsCertificate.
- signature: the value of the signature.
Next look at the structure of TBSCertifcate:
TBSCertificate ::= SEQUENCE {
version [0] Version DEFAULT vl,
serialNumber CertificateSerialNumber,
signature Algorithmidentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyinfo SubjectPublicKeyinfo,
issuerUniqueID [1] IMPLICIT Uniqueidentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT Uniqueidentifier OPTIONAL,
-- If present, vers工on MUST be v2 or v3
extensions [3] Extensions OPTIONAL
-- If present, version MUST be v3 --
}
- version: The version type is Version, which is equivalent to an enumerated type. The value indicates the version number of the certificate. There are currently three versions: v1, v2, and v3. The certificate verifier needs to use the corresponding version to verify.
- serialNumber: Each certificate has a unique number. For different CA organizations, the number is unpredictable. CertificateSerialNumber is an integer type.
- signature: describes the signature algorithm used.
- issuer: represents the name of the CA organization, and the value is composed of the name of the country, organization, and sub-organization.
- validity: Describes the validity period of the certificate.
- subject: represents the name of the server entity. The organization applies for a certificate from the CA organization. The corresponding Name type is the same as the Issuer's Name type.
- subjectPublicKeylnfo: contains the server's public password algorithm and public key value.
- issuerUniquelD and subjectUniquelD: These two represent the unique numbers of the CA organization and the server entity, and have been replaced by the corresponding certificate extension.
- extension: The extension was introduced in the X.509 V3 version, mainly to extend the meaning of the certificate. Without changing the X.509 version, the new attributes of the certificate can be added relatively easily. Whether the newly added extension takes effect depends on the certificate school Prescription.
Collect follow-up information
"568262 HTTPS authoritative guide to deploy SSL & TLS and PKI on servers and Web applications" PDF
"In-depth introduction to HTTPS from principle to actual combat" PDF + Weidong
ITU Telecommunication Standardization Department official website
ITU standard document X.680's documentation
ASN1 encoding learning
ASN learning