extracting raw ASN.1 parts from X.509 certificate

Question

I'd like to extract raw hex ASN.1 data from X.509 certificate. I know, that I can do this by using DER format and hexdumping it.

I'm interested in particular parts like "subject", "issuer" and their raw hex ASN1 data.

score 10 · Answer 1 · answered Jul 14 '12 at 10:50

10

Determine offset of interesting part by using (number in first column):

openssl x509 -in crt.pem -outform der | openssl asn1parse -inform der -i

For example, if "subject" entry is at offset 119. Dump raw data of that substructure:

openssl x509 -in crt.pem -outform der | openssl asn1parse -inform der -i -strparse 119 -noout -out subject.raw

Now print raw hex data:

cat subject.raw | od --address-radix=n --format=x1 | tr -d ' \n'

answered Jul 14 '12 at 10:50

mighq

for portability: long options in `od` command could be replaced by short variants `-tx1 -An` (see man page). – mighq May 14 '15 at 07:50

1 Answers1