2

I'm currently learning working with certificates and now I'm curious, if it is possible to get the ASN.1 notation of a loaded certificate from a X509Certificate2-instance.

I have found the Export-Method and it works fine, however I have not seen a possibilty to change the encoding of the output format - it's only in the DER-format.

Is there a possibility to export/convert a loaded certificate as an ASCII ASN.1 certificate, something like in the example below:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=XY....
 ...

Or is there a converter to convert DER to plain text?

poupou
  • 43,413
  • 6
  • 77
  • 174
HCL
  • 36,053
  • 27
  • 163
  • 213

2 Answers2

2

Depending on whether you need to do this within .Net, you may be interested in this answer (openssl asn1parse, using the DER file you've exported).

If you need to do this within .Net, you should be able to use BouncyCastle.

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
2

I wrote a Gtk# tool (in C#) to do this a few years ago. The full source code is available from https://github.com/mono/mono-tools/tree/master/asn1view

You likely need only common/PrettyPrinter.cs and common/ASN1Decoder.cs unless you want pretty names for OIDs.

EDIT: The above is a bit lower-level than X.509 certificates - but it will work for X.509 CRL and other structures you know (or not) that can be embedded into the certificates/crl.

poupou
  • 43,413
  • 6
  • 77
  • 174
  • +1 Great! Thank you! Do you have a code block that defines already some common used OIDs for the OidCache-class? – HCL Oct 30 '11 at 09:49
  • No, it was fully on demand, i.e. retrieved/cached as required. OTOH you could build a pre-cache from running that code on several certificates and ship this as default. – poupou Oct 30 '11 at 13:56