The CryptoAPI does not require that the application programmer use ASN.1 notation (language) to encode and decode data. However, it is recommended that a programmer become generally familiar with ASN.1 notation because the C structures used by the CryptoAPI to encode and decode data mirror the appropriate ASN.1 data types.
A very brief overview of ASN.1 is presented in this section. The article A Layman's Guide to a Subset of ASN.1, BER, and DER, by RSA Data Security, Inc., is recommended as additional reading on this subject, and can be found at http://www.rsa.com/rsalabs/pubs/PKCS.
ASN.1 is a flexible, abstraction notation that allows a variety of data types to be defined, from simple types such as integers and bit strings, to structured types such as collections of one or more other types.
The DER is a set of rules that define how the ASN.1 abstractions get serialized into streams of ones and zeros for transmission over the line. The DER describes how to represent or encode values of each ASN.1 data type as a string of eight-bit bytes (also referred to as octets).
In ASN.1, a type is a set of values. For some types, there are a finite number of values, and for other types there are an infinite number. A value of a given ASN.1 type is an element of the type's set. ASN.1 has four kinds of types:
CHOICE
type and the ANY
type.
Types and values can be given names with the ASN.1 assignment operator (::=
), and those names can be used in defining other types and values. Only the first two types will be reviewed in this document. Information on the other types can be found in A Layman's Guide to a Subset of ASN.1, BER, and DER, by RSA Data Security, Inc.
Simple types are the base types, and do not have components. ASN.1 defines several of these simple types. The types that are relevant to the Public Key Cryptography Standards (PKCS) are the following:
Structured types are those consisting of components. ASN.1 defines four structured types, all of which are relevant to PKCS:
The structured types can have optional components, possibly with default values.
An example abstraction that uses ASN.1 notation to define certificate request information, is as follows:
CertificationRequestInfo:
CertificationRequestInfo ::= SEQUENCE {
version Version,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
attributes [0] IMPLICIT Attributes }
Version ::= INTEGER
Attributes ::= SET OF Attribute
In the preceding example, a CertificationRequestInfo object is created and assigned to be a SEQUENCE. This particular sequence includes the following set of values:
Identifier | Type Reference |
---|---|
version | Version |
subject | Name |
subjectPublicKeyInfo | SubjectPublicKeyInfo |
attributes [0] | IMPLICIT Attributes |
Notice that the Version type is assigned as an integer, and the Attributes type is assigned to be a SET OF Attribute types.
Additional information on certification request information can be found in the the RSA Laboratories Technical Note, PKCS #10: Certification Request Syntax Standard, by RSA Data Security, Inc., which can be found at http://www.rsa.com.
The next section describes how the CryptoAPI deals with the ASN.1 CertificationRequestInfo abstraction.