DumpASN1 for Windows

DumpASN1 is a program written by Peter Gutmann to analyze binary ASN.1 files. We provide here a Windows executable dumpasn1.exe which is simply a compiled version of Dr Gutmann's code for the Windows platform^†. We've signed the EXE file with our signing certificate to help prevent Windows treating it as a virus - we don't claim any ownership by doing this.

^† The code for Windows has been slightly modified to cope with issues using stdin on Windows platforms and error messages. It is the version we use on our own Windows computers. For a copy of the modified source code, please contact us. Links to the original code are given below in Original code.

Original code

Download

The zip file dumpasn1-20210212d.zip (114 kB) contains the Windows executable dumpasn1.exe and a copy of the config file dumpasn1.cfg which is required in the same directory as the EXE.

We suggest you use a C:\Bin directory to store these files on your computer.

Examples of use

A minimal test ASN.1 file minasn.dat.

> dumpasn1 minasn.dat
  0   4: SEQUENCE {
  2   2:   SEQUENCE {
  4   0:     NULL
       :     }
       :   }

0 warnings, 0 errors.

A minimal X.509 certificate smallca.cer

> dumpasn1 smallca.cer
  0 224: SEQUENCE {
  3 154:   SEQUENCE {
  6   1:     INTEGER 1
  9  13:     SEQUENCE {
 11   9:       OBJECT IDENTIFIER sha1WithRSAEncryption (1 2 840 113549 1 1 5)
 22   0:       NULL
       :       }
 24  12:     SEQUENCE {
 26  10:       SET {
 28   8:         SEQUENCE {
 30   3:           OBJECT IDENTIFIER commonName (2 5 4 3)
 35   1:           PrintableString 'A'
       :           }
       :         }
       :       }
 38  30:     SEQUENCE {
 40  13:       UTCTime 19/09/1999 01:08:47 GMT
 55  13:       UTCTime 31/12/2039 23:59:59 GMT
       :       }
 70  12:     SEQUENCE {
 72  10:       SET {
 74   8:         SEQUENCE {
 76   3:           OBJECT IDENTIFIER commonName (2 5 4 3)
 81   1:           PrintableString 'A'
       :           }
       :         }
       :       }
 84  74:     SEQUENCE {
 86  13:       SEQUENCE {
 88   9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
 99   0:         NULL
       :         }
101  57:       BIT STRING, encapsulates {
104  54:         SEQUENCE {
106  49:           INTEGER
       :             02 F9 09 6A 7D 83 55 C2 71 AE F1 6A CB 45 41 BA
       :             B3 22 A2 83 B5 AD DE 70 E3 37 19 A7 C9 BB EE 76
       :             4B E2 FC B8 5C C7 9B E2 3F 27 1F 6F B7 B5 36 80
       :             19
157   1:           INTEGER 3
       :           }
       :         }
       :       }
       :     }
160  13:   SEQUENCE {
162   9:     OBJECT IDENTIFIER sha1WithRSAEncryption (1 2 840 113549 1 1 5)
173   0:     NULL
       :     }
175  50:   BIT STRING
       :     01 9A 9B B2 EC B9 CD FD 66 C6 94 5B 2E D6 96 DC
       :     32 87 68 DA 5E 6F 2E 5D 5A 7F E6 09 2E 60 8F 8C
       :     45 A5 18 7E 06 1C E9 81 AA EA D6 F2 E3 14 7D 25
       :     91
       :   }

Passing a base64-encoded value using the base64 utility.

> echo MAQwAgUA | base64 -d | dumpasn1 -
  0   4: SEQUENCE {
  2   2:   SEQUENCE {
  4   0:     NULL
       :     }
       :   }

A longer example using the base64-encoded value given in RFC7030 section 4.5.2

> echo MEEGCSqGSIb3DQEJBzASBgcqhkjOPQIBMQcGBSuBBAAiMBYGCSqGSIb3DQEJDjEJBgcrBgEBAQEWBggqhkjOPQQDAw== | base64 -d | dumpasn1 -
  0  65: SEQUENCE {
  2   9:   OBJECT IDENTIFIER challengePassword (1 2 840 113549 1 9 7)
 13  18:   SEQUENCE {
 15   7:     OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
 24   7:     SET {
 26   5:       OBJECT IDENTIFIER secp384r1 (1 3 132 0 34)
       :       }
       :     }
 33  22:   SEQUENCE {
 35   9:     OBJECT IDENTIFIER extensionRequest (1 2 840 113549 1 9 14)
 46   9:     SET {
 48   7:       OBJECT IDENTIFIER '1 3 6 1 1 1 1 22'
       :       }
       :     }
 57   8:   OBJECT IDENTIFIER ecdsaWithSHA384 (1 2 840 10045 4 3 3)
       :   }

Some background on ASN.1

Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and especially in cryptography [Wikipedia].

The best explanation of ASN.1 we've found is in A Layman's Guide to a Subset of ASN.1, BER, and DER written in 1993 by Burt Kalinsky of RSA Laboratories ("RSA Data Security, Inc. Public-Key Cryptography Standards (PKCS)").

OSI's method of specifying abstract objects is called ASN.1 (Abstract Syntax Notation One, defined in X.208), and one set of rules for representing such objects as strings of ones and zeros is called the BER (Basic Encoding Rules, defined in X.209). ASN.1 is a flexible notation that allows one to define a variety data types, from simple types such as integers and bit strings to structured types such as sets and sequences, as well as complex types defined in terms of others. BER describes how to represent or encode values of each ASN.1 type as a string of eight-bit octets. There is generally more than one way to BER-encode a given value. Another set of rules, called the Distinguished Encoding Rules (DER), which is a subset of BER, gives a unique encoding to each ASN.1 value.

The format of many files used in security applications like X.509 certificates and CMS signed-data-objects are expressed using ASN.1. They are usually encoded using either the BER or DER encoding rules. DER has the advantage that the encoded bytes-on-the-wire are always unique, which is essential when creating signatures.

There are two versions of ASN.1. The old (1988) version was defined in a single document (X.208) and the newer (1998, 2002) version is defined in a series of documents (X.680, X.681, X.682, and X.683). If you are learning, the old 1988 version is much simpler to understand. When trying to understand the structure of an ASN.1 object, we often seek out the older RFCs first, because the ASN.1 definitions are simpler. Note that the encoded bytes-on-the-wire are identical regardless of which version of ASN.1 is used.

Some more references

Wikipedia, ASN.1, (referenced 2021-07-09)
Telecommunication Standardization Sector (ITU-T), Introduction to ASN.1.
Dubuisson, Olivier, "ASN.1 - Communication Between Heterogeneous Systems", 5 June 2000, download PDF.
[RFC6025] Wallace, C. and C. Gardiner, "ASN.1 Translation", RFC 6025, October 2010.
[RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, June 2010.
[RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure using X.509 (PKIX)", RFC 5912, June 2010.

Contact us

To contact us or comment on this page, please send us a message.

This page first published 1 July 2021. Last updated 24 July 2023.