提交 04f0a6ba 编写于 作者: D Dr. Stephen Henson

Update docs

上级 eb43641d
...@@ -16,6 +16,8 @@ B<openssl> B<asn1parse> ...@@ -16,6 +16,8 @@ B<openssl> B<asn1parse>
[B<-i>] [B<-i>]
[B<-oid filename>] [B<-oid filename>]
[B<-strparse offset>] [B<-strparse offset>]
[B<-genstr string>]
[B<-genconf file>]
=head1 DESCRIPTION =head1 DESCRIPTION
...@@ -67,6 +69,14 @@ file is described in the NOTES section below. ...@@ -67,6 +69,14 @@ file is described in the NOTES section below.
parse the contents octets of the ASN.1 object starting at B<offset>. This parse the contents octets of the ASN.1 object starting at B<offset>. This
option can be used multiple times to "drill down" into a nested structure. option can be used multiple times to "drill down" into a nested structure.
=item B<-genstr string>, B<-genconf file>
generate encoded data based on B<string>, B<file> or both using
ASN1_generate_nconf() format. If B<file> only is present then the string
is obtained from the default section using the name B<asn1>. The encoded
data is passed through the ASN1 parser and printed out as though it came
from a file, the contents can thus be examined and written to a file
using the B<out> option.
=back =back
...@@ -121,6 +131,38 @@ by white space. The final column is the rest of the line and is the ...@@ -121,6 +131,38 @@ by white space. The final column is the rest of the line and is the
C<1.2.3.4 shortName A long name> C<1.2.3.4 shortName A long name>
=head1 EXAMPLES
Parse a file:
openssl asn1parse -in file.pem
Parse a DER file:
openssl asn1parse -inform DER -in file.der
Generate a simple UTF8String:
openssl asn1parse -genstr 'UTF8:Hello World'
Generate and write out a UTF8String, don't print parsed output:
openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
Generate using a config file:
openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
Example config file:
asn1=SEQUENCE:seq_sect
[seq_sect]
field1=BOOL:TRUE
field2=EXP:0, UTF8:some random string
=head1 BUGS =head1 BUGS
There should be options to change the format of input lines. The output of some There should be options to change the format of input lines. The output of some
......
...@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to ...@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to
use is defined by the extension code itself: check out the certificate use is defined by the extension code itself: check out the certificate
policies extension for an example. policies extension for an example.
In addition it is also possible to use the word DER to include arbitrary There are two ways to encode arbitrary extensions.
data in any extension.
The first way is to use the word ASN1 followed by the extension content
using the same syntax as ASN1_generate_nconf(). For example:
1.2.3.4=critical,ASN1:UTF8String:Some random data
1.2.3.4=ASN1:SEQUENCE:seq_sect
[seq_sect]
field1 = UTF8:field1
field2 = UTF8:field2
It is also possible to use the word DER to include arbitrary data in any
extension.
1.2.3.4=critical,DER:01:02:03:04 1.2.3.4=critical,DER:01:02:03:04
1.2.3.4=DER:01020304 1.2.3.4=DER:01020304
...@@ -336,16 +350,21 @@ Subject Alternative Name. ...@@ -336,16 +350,21 @@ Subject Alternative Name.
The subject alternative name extension allows various literal values to be The subject alternative name extension allows various literal values to be
included in the configuration file. These include "email" (an email address) included in the configuration file. These include "email" (an email address)
"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
registered ID: OBJECT IDENTIFIER) and IP (and IP address). registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
Also the email option include a special 'copy' value. This will automatically Also the email option include a special 'copy' value. This will automatically
include and email addresses contained in the certificate subject name in include and email addresses contained in the certificate subject name in
the extension. the extension.
otherName can include arbitrary data associated with an OID: the value
should be the OID followed by a semicolon and the content in standard
ASN1_generate_nconf() format.
Examples: Examples:
subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
subjectAltName=email:my@other.address,RID:1.2.3.4 subjectAltName=email:my@other.address,RID:1.2.3.4
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
Issuer Alternative Name. Issuer Alternative Name.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册