Appendix 5: ASN.1 File Structure

  • Article

Applies To: Windows Server 2003 with SP1

Compiling an ASN.1 BLOB requires advanced knowledge about ASN.1 encoding. When developing your own applications, it is highly recommended that you use an encoding function such as CCertEncodeAltName to create the ASN.1 BLOB. See ICertEncodeAltName (https://go.microsoft.com/fwlink/?LinkID=116167).

Manually developing and parsing such ASN.1 data structure(s) is time-consuming and prone to error due to the overall complexity of the data encoding rules.

The following is a sample ASN.1 BLOB that was used to add a server’s GUID and its DNS name to the subject alternative name extension of a certificate. The first line in both boxes is the actual ASN.1 BLOB; the lines following explain per column what the field in the BLOB actually represents. Note that the full ASN.1 BLOB is the following sequence.

30468223636B696E64657230312E6575726F70652E636F72702E6D6963726F736F66742E636F6D A01F06092B0601040182371901A012041063303530353634346161313364326338

The following boxes explain in greater detail the breakdown of the ASN.1.

30468223636B696E64657230312E6575726F70652E636F72702E6D6963726F736F66742E636F6D 
Sequence 
  Total length of ASN.1 string 
    ContextSpecificPrimitiveType 
     Generalname see https://www.ietf.org/rfc/rfc2459.txt for a list of General 
      Lenth of DNS name -----------------------------------------------------| 
        DNS name ------------------------------------------------------------| 
A01F06092B0601040182371901A012041063303530353634346161313364326338 
ContextSpecificConstructedType 
 Generalname see https://www.ietf.org/rfc/rfc2459.txt 
  Length of othername -------------------------------------------| 
    Other name OID-------| 
                          ContextSpecificConstructedType 
                           Generalname see https://www.ietf.org/rfc/rfc2459.txt 
                            Length of datatype and othername 
                              Other name datatype see 
                              https://asn1.elibel.tm.fr/en/resources/tags.htm 
                                Length of othername 
                                  GUID --------------------------|

For more information about ASN.1 encoding, see the MSDN article, Example C Program: Converting Names from Certificates to ASN.1 and Back (https://go.microsoft.com/fwlink/?LinkID=116166).