I am doing a work on X.509 v3 certificates and want to know their exact structure. Is there an ASN.1 specification somewhere one could use? The rfc documents only seem to have parts of it specified...
Asked
Active
Viewed 7,742 times
1 Answers
7
X.509 v3 was defined in RFC 2459, with enhancements in RFC 3280 and RFC 5280.
Each of those RFCs has an ASN.1 section:
- https://www.rfc-editor.org/rfc/rfc2459#appendix-A
- https://www.rfc-editor.org/rfc/rfc3280#appendix-A
- https://www.rfc-editor.org/rfc/rfc5280#appendix-A
X.509 is really managed by the ITU, so https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.509-201210-S!!PDF-E&type=items is the most authoritative (see Annex A and Annex J for ASN.1 modules, chapters 7 and 8 for explanations). The newest version of the document requires payment, but the 2012 edition (linked) is free.
-
Guess I just have to do some copy paste from these documents then. Thank you! – flipje Jan 25 '17 at 16:26
-
Um, annex J of that X.509 document appears to only contain convenience copies of needed stuff from external specs, not any of the stuff formally defined in X.509? – SamB Dec 23 '18 at 19:53
-
@SamB Ah, I must have searched for `CommonName ::=` and picked the wrong Annex. Annex A has the ASN.1 module for the rest of the document, with the material accompanied by prose in chapters 7 and 8 (answer updated). – bartonjs Dec 23 '18 at 20:01
-
2Hmm. https://www.itu.int/ITU-T/recommendations/rec.aspx?id=4123&showfl=1 offers zips of the ASN.1 modules (either just the ones from that spec or ALL needed ones), but that's not really suitable for an answer because of the enormous linkrot pottential ... – SamB Dec 23 '18 at 21:58