Lines Matching full:of
1 A Layman's Guide to a Subset of ASN.1, BER, and DER
13 Copyright (C) 1991-1993 RSA Laboratories, a division of RSA
22 subset of OSI's Abstract Syntax Notation One (ASN.1), Basic
24 (DER). The particular purpose of this note is to provide
26 implementing the PKCS family of standards.
33 a designer can specify a part of a system without concern
40 of most modern software specifications.
42 One of the most complex systems today, and one that also
43 involves a great deal of abstraction, is Open Systems
46 interconnection of computers from the physical layer up to
50 layer may require transfer of certain abstract objects
52 services for strings of ones and zeroes, using encoding
55 different implementations of the services at each layer.
57 OSI's method of specifying abstract objects is called ASN.1
59 set of rules for representing such objects as strings of
64 and sequences, as well as complex types defined in terms of
65 others. BER describes how to represent or encode values of
66 each ASN.1 type as a string of eight-bit octets. There is
68 Another set of rules, called the Distinguished Encoding
69 Rules (DER), which is a subset of BER, gives a unique
72 The purpose of this note is to describe a subset of ASN.1,
76 overview of ASN.1, BER, and DER and an abridged list of
78 give an overview of ASN.1, BER, and DER, in that order.
84 Advanced features of ASN.1, such as macros, are not
91 bit unsigned integer. Bit 8 of the octet is the most
121 In ASN.1, a type is a set of values. For some types, there
122 are a finite number of values, and for other types there are
123 an infinite number. A value of a given ASN.1 type is an
124 element of the type's set. ASN.1 has four kinds of type:
133 consists of a class and a nonnegative tag number. ASN.1
135 numbers are the same. In other words, the name of an ASN.1
137 does. There are four classes of tag:
155 with the same underlying tag within the context of
174 SEQUENCE and SEQUENCE OF 16 10
175 SET and SET OF 17 11
190 o Comments are delimited by pairs of hyphens (--),
191 or a pair of hyphens and a line break.
193 o Identifiers (names of values and fields) and type
194 references (names of types) consist of upper- and
199 The following four subsections give an overview of simple
207 Simple types are those not consisting of components; they
211 BIT STRING, an arbitrary string of bits (ones and
214 IA5String, an arbitrary string of IA5 (ASCII)
222 sequence of integer components that identify an
225 OCTET STRING, an arbitrary string of octets (eight-bit
228 PrintableString, an arbitrary string of printable
231 T61String, an arbitrary string of T.61 (eight-bit)
241 String types can be viewed, for the purposes of encoding, as
242 consisting of components, where the components are
249 length of values.
254 Structured types are those consisting of components. ASN.1
255 defines four, all of which are relevant to the PKCS
258 SEQUENCE, an ordered collection of one or more types.
260 SEQUENCE OF, an ordered collection of zero or more
261 occurrences of a given type.
263 SET, an unordered collection of one or more types.
265 SET OF, an unordered collection of zero or more
266 occurrences of a given type.
277 optional components of a SET or SEQUENCE type are typically
283 changing the tag of the underlying type. Implicit tagging is
289 explicitly tagged types are structured types consisting of
299 For purposes of encoding, an implicitly tagged type is
305 of the underlying type is indeterminate (e.g., the
312 CHOICE type denotes a union of one or more alternatives; the
313 ANY type denotes an arbitrary value of an arbitrary type,
315 registration of an object identifier or integer value.
327 the choice of which depends on the type of value and whether
328 the length of the value is known. The three methods are
332 definite-length method; structured types employ either of
334 of the methods, depending on whether the length of the value
336 method of the underlying type and types derived by explicit
342 number of the ASN.1 value, and indicate whether
346 give the number of contents octets. For the
351 method, these give a concrete representation of
353 give the concatenation of the BER encodings of the
354 components of the value.
356 End-of-contents octets. For the constructed, indefinite-
357 length method, these denote the end of the
360 The three methods of encoding are described in the following
368 length of the value be known in advance. The parts of the
394 with the bit 8 of each octet except the last set
404 Long form. Two to 127 octets. Bit 8 of first octet has
405 value "1" and bits 7-1 give the number of
410 Contents octets. These give a concrete representation of the
411 value (or the value of the underlying type, if the type is
421 by explicit tagging. It requires that the length of the
422 value be known in advance. The parts of the BER encoding are
431 Contents octets. The concatenation of the BER encodings of
432 the components of the value:
435 them by implicit tagging, the concatenation of the
436 BER encodings of consecutive substrings of the
440 by implicit tagging, the concatenation of the BER
441 encodings of components of the value (underlying
445 tagging, the BER encoding of the underlying value.
455 by explicit tagging. It does not require that the length of
456 the value be known in advance. The parts of the BER encoding
465 End-of-contents octets. Two octets, 00 00.
467 Since the end-of-contents octets appear where an ordinary
469 of a sequence value), the 00 and 00 appear as identifier and
470 length octets, respectively. Thus the end-of-contents octets
471 is really the primitive, definite-length encoding of a value
478 are a subset of BER, and give exactly one way to represent
482 on an ASN.1 value. DER is defined in Section 8.7 of X.509.
488 form of length must be used
491 of length must be used, and the length must be
492 encoded in the minimum number of octets.
506 BIT STRING, SEQUENCE, SET, and SET OF), and can be found in
513 describes how to encode values of those types under both BER
520 DER encoding. The focus of the encodings is primarily on the
531 type by changing the tag of the underlying type.
535 the extendedCertificate alternative of PKCS #7's
552 explicit inclusion of the keyword IMPLICIT is preferable to
557 component of a structured or CHOICE type.
574 of the underlying value.
576 Example: The BER encoding of the attributes component of a
585 length and contents octets of the BER encoding of
590 of the underlying value.
600 version component of X.509's Certificate type.
614 component of a SEQUENCE, SET or CHOICE type.
620 explicit inclusion of the keyword EXPLICIT is preferable to
648 encoding of the underlying value.
650 Example: the BER encoding of the content component of a
655 o length octets represent the length of the BER
656 encoding of the underlying ANY DEFINED BY
659 o contents octets are the BER encoding of the
663 encoding of the underlying value.
668 The ANY type denotes an arbitrary value of an arbitrary
670 registration of an object identifier or associated with an
673 The ANY type is used for content of a particular content
674 type in PKCS #7's ContentInfo type, for parameters of a
690 component of a SEQUENCE or SET type for which identifier
693 from either of those by tagging). In that form, the actual
694 type is determined by the value of the other component,
695 either in the registration of the object identifier value,
696 or in a table of integer values.
698 Example: X.509's AlgorithmIdentifier type has a component of
705 Here the actual type of the parameter component depends on
706 the value of the algorithm component. The actual type would
707 be defined in the registration of object identifier values
710 BER encoding. Same as the BER encoding of the actual value.
712 Example: The BER encoding of the value of the parameter
713 component is the BER encoding of the value of the actual
714 type as defined in the registration of object identifier
717 DER encoding. Same as the DER encoding of the actual value.
722 The BIT STRING type denotes an arbitrary string of bits
737 of type BIT STRING:
744 encoding, the first contents octet gives the number of bits
745 by which the length of the bit string is less than the next
746 multiple of eight (this is called the "number of unused
748 value of the bit string, converted to an octet string. The
752 zero to seven bits of any value to make the length
753 of the bit string a multiple of eight. If the
754 length of the bit string is a multiple of eight
758 first eight bits of the padded bit string become
760 the last eight bits of the padded bit string.
763 concatenation of the BER encodings of consecutive substrings
764 of the bit string, where each substring except the last has
765 a length that is a multiple of eight bits.
767 Example: The BER encoding of the BIT STRING value
768 "011011100101110111" can be any of the following, among
769 others, depending on the choice of padding bits, the form of
777 03 81 04 06 6e 5d c0 long form of length octets
787 Example: The DER encoding of the BIT STRING value
795 The CHOICE type denotes a union of one or more alternatives.
797 The CHOICE type is used to represent the union of an
810 the types of the alternatives. The identifiers are primarily
811 for documentation; they do not affect values of the type or
816 some of the alternatives.
827 and extendedCertificate, and the types of the alternatives
830 BER encoding. Same as the BER encoding of the chosen
839 DER encoding. Same as the DER encoding of the chosen
845 The IA5String type denotes an arbtrary string of IA5
862 contents octets give the concatenation of the BER encodings
863 of consecutive substrings of the IA5 string.
865 Example: The BER encoding of the IA5String value
866 "test1@rsa.com" can be any of the following, among others,
867 depending on the form of length octets and whether the
872 16 81 0d long form of length octets
883 Example: The DER encoding of the IA5String value
909 values of the type.
918 value of 0 for the version component:
924 BER encoding. Primitive. Contents octets give the value of
926 significant digit first, with the minimum number of octets.
941 Table 3. Example BER encodings of INTEGER values.
960 Example: The BER encoding of a NULL value can be either of
961 the following, as well as others, depending on the form of
969 encoding of a NULL value is always 05 00.
975 sequence of integer components that identifies an object
979 of components, and components can generally have any
984 all sequences of components beginning with a given sequence.
986 for subsets of the sequences in its domain to other
987 registration authorities, or for particular types of object.
1003 The ASN.1 notation for values of the OBJECT IDENTIFIER type
1021 set of identifiers defined in X.208.
1045 where value1, ..., valuen denote the integer values of the
1057 possible, and the most significant bit of each
1061 Example: The first octet of the BER encoding of RSA Data
1063 2a16. The encoding of 840 = 6 * 128 + 4816 is 86 48 and the
1064 encoding of 113549 = 6 * 1282 + 7716 * 128 + d16 is 86 f7
1075 The OCTET STRING type denotes an arbitrary string of octets
1095 Example: PKCS #5's PBEParameter type has a component of type
1102 Here the size of the salt component is always eight octets.
1105 encoding, the contents octets give the value of the octet
1107 encoding, the contents octets give the concatenation of the
1108 BER encodings of substrings of the OCTET STRING value.
1110 Example: The BER encoding of the OCTET STRING value 01 23 45
1111 67 89 ab cd ef can be any of the following, among others,
1112 depending on the form of length octets and whether the
1117 04 81 08 01 23 45 67 89 ab cd ef long form of length octets
1126 Example: The BER encoding of the OCTET STRING value 01 23 45
1134 The PrintableString type denotes an arbitrary string of
1155 encoding, the contents octets give the concatenation of the
1156 BER encodings of consecutive substrings of the string.
1158 Example: The BER encoding of the PrintableString value "Test
1159 User 1" can be any of the following, among others, depending
1160 on the form of length octets and whether the encoding is
1165 13 81 0b long form of length octets
1175 Example: The DER encoding of the PrintableString value "Test
1183 The SEQUENCE type denotes an ordered collection of one or
1198 types of the components, and value1, ..., valuen are optional
1200 primarily for documentation; they do not affect values of
1203 The OPTIONAL qualifier indicates that the value of a
1206 value of a component is optional, and assigns a default
1209 The types of any consecutive series of components with the
1210 OPTIONAL or DEFAULT qualifier, as well as of any component
1213 implicit tagging on some of the components.
1223 and the types of the components are both UTCTime.
1226 concatenation of the BER encodings of the values of the
1227 components of the sequence, in order of definition, with the
1231 o if the value of a component with the OPTIONAL or
1233 then the encoding of that component is not
1236 o if the value of a component with the DEFAULT
1238 of that component may or may not be included in
1242 the BER encoding, except that if the value of a component
1244 encoding of that component is not included in the contents
1248 5.13 SEQUENCE OF
1250 The SEQUENCE OF type denotes an ordered collection of zero
1251 or more occurrences of a given type.
1253 The SEQUENCE OF type is used in X.501 distinguished names.
1257 SEQUENCE OF Type
1261 Example: X.501's RDNSequence type consists of zero or more
1262 occurences of the RelativeDistinguishedName type, most
1265 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
1268 concatenation of the BER encodings of the values of the
1269 occurrences in the collection, in order of occurence.
1272 concatenation of the DER encodings of the values of the
1273 occurrences in the collection, in order of occurence.
1278 The SET type denotes an unordered collection of one or more
1292 types of the components, and value1, ..., valuen are
1295 of the type or their encodings in any way.
1297 The OPTIONAL qualifier indicates that the value of a
1299 The DEFAULT qualifier also indicates that the value of a
1305 some of the components.
1308 concatenation of the BER encodings of the values of the
1309 components of the set, in any order, with the following
1313 o if the value of a component with the OPTIONAL or
1315 encoding of that component is not included in the
1318 o if the value of a component with the DEFAULT
1320 of that component may or may not be included in
1326 1. If the value of a component with the DEFAULT
1327 qualifier is the default value, the encoding of
1334 5.15 SET OF
1336 The SET OF type denotes an unordered collection of zero or
1337 more occurrences of a given type.
1339 The SET OF type is used for sets of attributes in PKCS #6,
1340 #7, #8, #9 and #10, for sets of message-digest algorithm
1346 SET OF Type
1350 Example: X.501's RelativeDistinguishedName type consists of
1351 zero or more occurrences of the AttributeValueAssertion
1355 SET OF AttributeValueAssertion
1358 concatenation of the BER encodings of the values of the
1363 ascending lexicographic order of BER encoding. Lexicographic
1364 comparison of two different BER encodings is done as
1369 is the one with the smaller-valued octet at the point of
1375 The T61String type denotes an arbtrary string of T.61
1378 interpretation of subsequent character values as, for
1398 the contents octets give the concatenation of the BER
1399 encodings of consecutive substrings of the T.61 string.
1401 Example: The BER encoding of the T61String value "cl'es
1402 publiques" (French for "public keys") can be any of the
1403 following, among others, depending on the form of length
1409 14 81 0f long form of length octets
1423 Example: The DER encoding of the T61String value "cl'es
1434 offset from GMT in hours and minutes. It takes any of the
1446 YY is the least significant two digits of the year
1462 hh' is the absolute value of the offset from GMT in
1465 mm' is the absolute value of the offset from GMT in
1481 contents octets give the concatenation of the BER encodings
1482 of consecutive substrings of the string. (The constructed
1489 be represented with either of the following UTCTime values,
1509 This section gives an example of ASN.1 notation and DER
1521 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
1524 SET OF AttributeValueAssertion
1535 Name is a CHOICE type consisting of one alternative:
1536 RDNSequence. (Future revisions of X.500 may have other
1540 tree starting at the root. RDNSequence is a SEQUENCE OF type
1541 consisting of zero or more occurences of
1546 directory tree. RelativeDistinguishedName is a SET OF type
1547 consisting of zero or more occurrences of
1551 attribute of a relative distinguished name, such as country
1553 type consisting of two components, an AttributeType type and
1558 attribute value. The actual type of the attribute value is
1564 This section gives an example of a DER encoding of a value
1565 of type Name, working from the bottom up.
1567 The name is that of the Test User 1 from the PKCS examples
1579 value, each of which happens for this name to consist of one
1615 concatenation of three octet strings derived from
1640 the contents octets are the ASCII representation of the
1667 the contents octets are the concatenation of the DER
1668 encodings of the attributeType and attributeValue
1674 The three RelativeDistinguishedName values are SET OF
1688 the tag for SET OF, 17 (decimal), is between 0 and 30. Bits
1689 8 and 7 have value "0" since SET OF is in the universal
1692 octets are the DER encodings of the respective
1699 The RDNSequence value is a SEQUENCE OF value, so its DER
1708 the tag for SEQUENCE OF, 16 (decimal), is between 0 and 30.
1709 Bits 8 and 7 have value "0" since SEQUENCE OF is in the
1712 the contents octets are the concatenation of the DER
1713 encodings of the three RelativeDistinguishedName values, in
1714 order of occurrence.
1720 same as that of the RDNSequence value:
1767 X.200 CCITT. Recommendation X.200: Reference Model of
1771 X.208 CCITT. Recommendation X.208: Specification of
1774 X.209 CCITT. Recommendation X.209: Specification of
1779 Directory--Overview of Concepts, Models and
1791 [Kal93] Burton S. Kaliski Jr. Some Examples of the PKCS
1805 The June 3, 1991 version is part of the initial public
1806 release of PKCS. It was published as NIST/OSI Implementors'
1813 changes, including the addition of a revision history. It is
1814 updated to be consistent with the following versions of the
1843 Section 5: Description of T61String type is added.