1 / 16

RSA Laboratories’ PKCS Series - a Tutorial

RSA Laboratories’ PKCS Series - a Tutorial. An ASN.1 primer Magnus Nyström, October 1999. What is ASN.1. Abstract Syntax Notation 1 Defined by ISO/IEC together with ITU ISO/IEC 8824 and 8825 Abstract syntax suitable for general use when specifying data structures, protocol units, etc.

dasan
Télécharger la présentation

RSA Laboratories’ PKCS Series - a Tutorial

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Laboratories’ PKCS Series - a Tutorial An ASN.1 primer Magnus Nyström, October 1999

  2. What is ASN.1 • Abstract Syntax Notation 1 • Defined by ISO/IEC together with ITU • ISO/IEC 8824 and 8825 • Abstract syntax suitable for general use when specifying data structures, protocol units, etc. • When combined with encoding rules, suitable in protocols and for PDUs (protocol data units)

  3. Abstract Syntax Notation One • A syntax for specifying abstract objects • Helps in design, abstraction is a powerful tool • A flexible notation with a small set of basic data types • More complex types can be defined with the help of the basic ones • When abstract objects are transferred between applications, they are encoded by lower layers • Encoding rules for ASN.1 includes BER, CER, DER and PER,

  4. Abstract Syntax Notation One • ASN.1 has been chosen as the notation for abstract objects in the PKCS series, due to its • flexibility • widespread use in telecommunications • platform-independence • This presentation gives a basic introduction to ASN.1.

  5. ASN.1 Types and Values • A type is a collection of values, e.g. INTEGER • Some types have a finite number of values, others an infinite • There are two basic kinds of types: • primitive • constructed • Constructed types consists of other constructed types or primitive types. SET and SEQUENCE are the simplest constructed types

  6. ASN.1 Types and Values • An important type is the “OBJECT IDENTIFIER’ type • Used to uniquely identify objects, attributes and algorithms • Comparable to DNS names, uniquely identifying a host (or a network • Hierarchical (as DNS names), organizations “own” specific branches in the OID tree • Example: RSA Security’s base OBJECT IDENTIFIER: rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}

  7. ASN.1 Types and Values, II • Example of a constructed type: HockeyCard ::= SEQUENCE { name PrintableString, position PrintableString, dateOfBirth GeneralizedTIme, team PrintableString, previousTeams ListOfTeams }

  8. ASN.1 types and values, III • In the previous slide, PrintableString and GeneralizedTime are primitive types • ListOfTeams is a defined Type, e.g.: ListOfTeams ::= SEQUENCE OF TeamAndYear TeamAndYear ::= SEQUENCE { team PrintableString season NumericString

  9. ASN.1 Types and Values, IV • An example of a value of type “BaseBallCard”: gretzky hockeyCard ::= { name “Wayne Gretzky”, position “Center”, dateOfBirth “196106300430Z”, team “New York Rangers”, previousTeams { {team “S:t Louis”, season “1997”}, {team “Los Angeles Kings”, season “1996”}}}

  10. ASN.1 Types and Values, V • We see how easy it is to create layers of abstraction • Before sending values in a protocol, they have to be encoded

  11. Encoding Rules • Defines how a ASN.1 value shall be encoded into a stream of octets (bytes) • BER - Basic Encoding Rules (not canonical) • DER - Distinguished Encoding Rules (canonical) • PER - Packed Encoding Rules (compact)

  12. Encoding Rules, BER and DER • Each ASN.1 type has a tag, either derived or assigned • When encoding, the tag is followed by the length of its value • A “TLV” encoding (in principle)

  13. Encoding Rules, BER and DER • The HockeyCard example (without teams): 30 27 13 0d 5741 59 4e 45 20 47 52 45 54 5a 4b 59 13 06 43 45 4e 54 45 52 18 0e 31 39 36 31 30 36 33 30 30 34 33 30 30 30 5a …

  14. Encoding Rules, BER and DER • Canonical encoding rules needed in certain circumstances (when decoding and then encoding for verification purposes) • Disadvantage: Length needs to be known in advance (no single-pass processing) • General disadvantage with DER and BER: Not very compact, e.g. BOOLEAN True (1 bit of information: 01 01 FF • Three bytes!

  15. Packed Encoding Rules, PER • Assumes recipient knows the type being sent • Only encodes unknown information • Generally saves 20 - 25 % compared to DER • somewhat less when PER-encoding digital certificates • Not widely used

  16. More Information • “A Layman’s Guide to a Subset of ASN.1, BER and DER”, http://www.rsasecurity.com/rsalabs/pkcs • Other useful sites: • http://www.oss.com/asn1/ • http://asn1.elibel.tm.fr/en/

More Related