Search code examples
opensslpemasn.1asn1cryptoopenssl-cms

Openssl Asn1parse does not extract data correctly


Issue in decoding openssl data using asn1parse. After using asn1parse command , out.pem contains does not match with expected output. Both the actual and expected output are shown below. Please help me in this issue.

openssl asn1parse -inform PEM -in base64.pem -out out.pem

cat base64.pem MIIDmQYLKoZIhvcNAQkQASugggOIBIIDhHsKICAgICJpZXRmLXN6dHAtY29udmV5ZWQtaW5mbzpvbmJvYXJkaW5nLWluZm9ybWF0aW9uIjogewogICAgICAgICJib290LWltYWdlIjogewogICAgICAgICAgICAiZG93bmxvYWQtdXJpIjogWwogICAgICAgICAgICAgICAgImh0dHBzOi8vZXhhbXBsZS5jb20vbXktYm9vdC1pbWFnZS5pbWciCiAgICAgICAgICAgIF0sCiAgICAgICAgICAgICJpbWFnZS12ZXJpZmljYXRpb24iOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgImhhc2gtYWxnb3JpdGhtIjogImlldGYtc3p0cC1jb252ZXllZC1pbmZvOnNoYS0yNTYiLAogICAgICAgICAgICAgICAgICAgICJoYXNoLXZhbHVlIjogImYwOmY3OjVlOjM0OjUzOmMwOjExOjcyOmUzOmNmOmUxOmQ5OjNhOmRjOmM3OmJmOmI1OmM2OjdmOjE3OjZmOjdlOjMwOjc1OjBhOjEzOjQyOjE2OjM0OjI0OjljOjJkIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfSwKICAgICAgICAicHJlLWNvbmZpZ3VyYXRpb24tc2NyaXB0IjogIkl5OWlhVzR2WW1GemFBcGxZMmh2SUNKcGJuTnBaR1VnZEdobElIQnlaUzFqYjI1bWFXZDFjbUYwYVc5dUxYTmpjbWx3ZEM0dUxpSUsiLAogICAgICAgICJjb25maWd1cmF0aW9uLWhhbmRsaW5nIjogIm1lcmdlIiwKICAgICAgICAiY29uZmlndXJhdGlvbiI6ICJQSFJ2Y0NCNGJXeHVjejBpYUhSMGNITTZMMlY0WVcxd2JHVXVZMjl0TDJOdmJtWnBaeUkrQ2lBZ1BHRnVlUzE0Yld3dFkyOXVkR1Z1ZEMxdmEyRjVMejRLUEM5MGIzQStDZz09IiwKICAgICAgICAicG9zdC1jb25maWd1cmF0aW9uLXNjcmlwdCI6ICJJeTlpYVc0dlltRnphQXBsWTJodklDSnBibk5wWkdVZ2RHaGxJSEJ2YzNRdFkyOXVabWxuZFhKaGRHbHZiaTF6WTNKcGNIUXVMaTRpQ2c9PSIKICAgIH0KfQ==

0:d=0  hl=2 l=  86 prim: appl [ 7 ]        

88:d=0 hl=2 l= 67 prim: appl [ 9 ]

cat out.pem GVudC1va2F5Lz4KPC90b3A+Cg==", "post-configuration-script": "Iy9iaW4vYmFzaAplY2hvICJpbnNpZGUgdGhlIHBvc3QtY29uZmlndXJhdGlvbi1zY3JpcHQuLi4iCg==" } }

Expected out.pem b'0\x82\x03\x99\x06\x0b*\x86H\x86\xf7\r\x01\t\x10\x01+\xa0\x82\x03\x88\x04\x82\x03\x84{\n "ietf-sztp-conveyed-info:onboarding-information": {\n "boot-image": {\n "download-uri": [\n "https://example.com/my-boot-image.img"\n ],\n "image-verification": [\n {\n "hash-algorithm": "ietf-sztp-conveyed-info:sha-256",\n "hash-value": "d8:56:8d:d2:10:5e:dc:75:4c:c7:87:ae:f1:27:97:65:e0:65:17:6c:04:61:22:fa:3e:82:cf:9d:0f:ae:1a:3d"\n }\n ]\n },\n "pre-configuration-script": "Iy9iaW4vYmFzaAplY2hvICJpbnNpZGUgdGhlIHByZS1jb25maWd1cmF0aW9uLXNjcmlwdC4uLiIK",\n "configuration-handling": "merge",\n "configuration": "PHRvcCB4bWxucz0iaHR0cHM6L2V4YW1wbGUuY29tL2NvbmZpZyI+CiAgPGFueS14bWwtY29udGVudC1va2F5Lz4KPC90b3A+Cg==",\n "post-configuration-script": "Iy9iaW4vYmFzaAplY2hvICJpbnNpZGUgdGhlIHBvc3QtY29uZmlndXJhdGlvbi1zY3JpcHQuLi4iCg=="\n }\n}'


Solution

  • Your input file contains a single, long base64 line. OpenSSL expects base64-formatted input to have its lines wrapped at 64 characters.

    If you are in a *nix environment, you have the fold tool at your disposal to do the line wrapping. You can either create a different version of your input file with the lines wrapped, or you can do it in a single pass using Process Substitution, like this:

    $ openssl asn1parse -in <(fold -w 64 base64.pem)
        0:d=0  hl=4 l= 921 cons: SEQUENCE          
        4:d=1  hl=2 l=  11 prim: OBJECT            :1.2.840.113549.1.9.16.1.43
       17:d=1  hl=4 l= 904 cons: cont [ 0 ]        
       21:d=2  hl=4 l= 900 prim: OCTET STRING      :{
        "ietf-sztp-conveyed-info:onboarding-information": {
            "boot-image": {
                "download-uri": [
                    "https://example.com/my-boot-image.img"
                ],
                "image-verification": [
                    {
                        "hash-algorithm": "ietf-sztp-conveyed-info:sha-256",
                        "hash-value": "f0:f7:5e:34:53:c0:11:72:e3:cf:e1:d9:3a:dc:c7:bf:b5:c6:7f:17:6f:7e:30:75:0a:13:42:16:34:24:9c:2d"
                    }
                ]
            },
            "pre-configuration-script": "Iy9iaW4vYmFzaAplY2hvICJpbnNpZGUgdGhlIHByZS1jb25maWd1cmF0aW9uLXNjcmlwdC4uLiIK",
            "configuration-handling": "merge",
            "configuration": "PHRvcCB4bWxucz0iaHR0cHM6L2V4YW1wbGUuY29tL2NvbmZpZyI+CiAgPGFueS14bWwtY29udGVudC1va2F5Lz4KPC90b3A+Cg==",
            "post-configuration-script": "Iy9iaW4vYmFzaAplY2hvICJpbnNpZGUgdGhlIHBvc3QtY29uZmlndXJhdGlvbi1zY3JpcHQuLi4iCg=="
        }
    }