Introduction

Before we talked about the excellent data description language ASN.1, many protocol standards are described using ASN.1. For ASN.1, it is not enough to define the description of the data, it also specifies how the message is encoded so that it can be communicated between different machines.

ASN.1 supports a series of encoding rules, such as BER, DER, CER, etc. And X.690 is an ITU-T standard, which contains some rules for encoding ASN.1.

Some people want to ask, then what is ITU-T?

The full name of ITU-T is International Telecommunication Union Telecommunication Standardization Sector, which is the ITU Telecommunication Standardization Sector, which is mainly used to coordinate telecommunication and information and communication technology standards.

X.690 mainly includes three encoding rules: Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER).

Next, let's look at the implementation details of these encoding rules.

BER encoding

The full name of BER is Basic Encoding Rules, which is the earliest encoding rule, using the Tag-Length-Value (TLV) format to encode all information.

In BER, each data element is encoded as a type identifier, a length description, the actual data element, and an optional end-of-content tag, as follows:

type identifier length The actual data end of content tag
Type Length Value Only used in the case of indeterminate length

All encodings are in bytes.

type identifier

The types of ASN.1 are as follows. The following table lists the relationship between the types in ASN.1 and the corresponding decimal:

type name Basic type or composite type Number (decimal)
End-of-Content (EOC) base type 0
BOOLEAN base type 1
INTEGER base type 2
BIT STRING Both are possible 3
OCTET STRING Both are possible 4
NULL base type 5
OBJECT IDENTIFIER base type 6
Object Descriptor Both are possible 7
EXTERNAL Combination type 8
REAL (float) base type 9
ENUMERATED base type 10
EMBEDDED PDV Combination type 11
UTF8String Both are possible 12
RELATIVE-OID base type 13
TIME base type 14
Reserved 15
SEQUENCE and SEQUENCE OF Combination type 16
SET and SET OF Combination type 17
NumericString Both are possible 18
PrintableString Both are possible 19
T61String Both are possible 20
VideotexString Both are possible twenty one
IA5String Both are possible twenty two
UTCTime Both are possible twenty three
GeneralizedTime Both are possible twenty four
GraphicString Both are possible 25
VisibleString Both are possible 26
GeneralString Both are possible 27
UniversalString Both are possible 28
CHARACTER STRING Combination type 29
BMPString Combination type 30
DATE base type 31
TIME-OF-DAY base type 32
DATE-TIME base type 33
DURATION base type 34
OID-IRI base type 35
RELATIVE-OID-IRI base type 36

The above are the types and corresponding values in ASN.1. Next we look at how these types are encoded.

ASN.1 is in bytes, and a byte is 8bits, of which 7-8bits represent Tag class. 2 bits can represent 4 classes, as follows:

class value describe
Universal 0 ASN.1 native type
Application 1 This type is only valid for one specific application
Context-specific 2 This type depends on the context
Private 3

6bit indicates whether this type is a simple type or a combined type, 0 is used for simple type, and 1 is used for combined type.

There are 5 bits left, which can represent 32 different values, but for ASN.1, its type is beyond the range of 32, so these 5 bits are only used to represent the range of values from 0-30. As follows:

If you want to represent values beyond the 30 range, you can use two bytes, as follows:

The 1-5 bits of the previous byte are all represented by 1, the 8th bit of the next byte is represented by 1, and the remaining 7 bits are used to represent the real value.

length

Type encoding is followed by length encoding. There are two formats for length encoding, one is length with a certain length, and the other is length with an indeterminate length.

If the length of the data is predictable, then we can use a definite-length encoding form, and if the length is indeterminate, then an indeterminate-length encoding form can be used.

Let's look at the different types of length encodings:

First of all, if the length is determined and the length is relatively short, then when the 8bit bit is set to 0, the remaining 7 bits can represent the length in the range of 0-127.

If the length exceeds 127, it can be set to 1 in 8bit, and the remaining 7 bits represent the number of bytes to store the length later, and the range of the number of bytes is (1-126).

If it is a non-fixed length, then the 8bits are set to 1, and the remaining 7bits are set to 0.

All bits set to 1 are reserved values.

In the case of non-fixed length, if the content ends, an additional End-of-Contents represented by byte needs to be attached to indicate that the non-fixed-length encoding has ended.

content

Contents is the byte field following the length. The length of Contents can be 0, indicating that there is no Contents content.

Overall, BER encoding is composed of type + length + specific content fields.

CER encoding and DER encoding

The full name of CER is Canonical Encoding Rules, and the full name of DER is Distinguished Encoding Rules. These two codes are derived from BER, and they are all variants of BER.

Why are there two variants? First consider the definition of BER. BER is Basic Encoding Rules, which is a very basic encoding rule. In many cases, no specific encoding implementation rules are provided, so specific implementers need to extend the basic protocol by themselves.

Correspondingly, if an implementer declares that it supports the BER encoding protocol, it means that the implementer needs to support all possible variant encoding rules of BER.

BER provides us with a basic standard that is highly scalable. Although we often refer to scalability in architecture or system applications, in some cases, variability and scalability are not what we want. of. For example, in cryptography, we want the encoding rules to be fixed. In this case, CER and DER encodings are required.

Both CER and DER encodings are extensions of BER. Compared with BER, they only specify a specific encoding rule, so they are more deterministic.

Compared with DER, CER uses an indeterminate-length format, while DER uses a definite-length format. This means that DER always contains the leading length information, while CER uses a byte content terminator to indicate the end of the encoding.

In addition, in DER, Bit string, octet string and restricted string must use the basic type, can not use the composite type.

DER is widely used in digital certificates, such as X.509.

Summarize

The above is the detailed explanation of X.690 and the corresponding BER CER DER encoding. After reading this article, you have learned another language, oh yeah!

For more information, please refer to http://www.flydean.com/47-x690-ber-cer-der/

The most popular interpretation, the most profound dry goods, the most concise tutorials, and many tricks you don't know are waiting for you to discover!

Welcome to pay attention to my official account: "Program those things", understand technology, understand you better!


flydean
890 声望433 粉丝

欢迎访问我的个人网站:www.flydean.com