Getting reasonable names for ASN.1 identifiers

Question

Getting reasonable names for ASN.1 identifiers

Using the BouncyCastle library (although I think the library doesn't matter), I often come across algorithm identifiers specified as ASN.1 identifiers. For example, a signature algorithm for a certificate may be "1.2.840.113549.1.1.11".

Is there a right way to turn this into some kind of human-readable form that is not related to finding every identifier I can get and manually creating a giant search table?

+4

java asn.1 bouncycastle

Trejkaz Sep 19 '17 at 3:16

source share

3 answers

pepo · Answer 1 · 2017-09-19T07:38:47+0000

IMHO there is no other way than building a mapping table. Each crypto library does this, i.e. Openssl, .NET framework, BouncyCastle, etc.

, ( ) FriendlyName, OID. , Openssl emailAddress, .NET E.

BouncyCastle ( #) (, , ).

Ilya Etingof · Answer 2 · 2017-09-19T10:43:13+0000

- , , , ?

ASN.1 , OID:

sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }

ASN.1 .

, OBJECT IDENTIFIER ASN.1 OID, , :

oid.name

OID :

name = gigantic_oid2name_map[oid]

user7605325 · Answer 3 · 2017-09-19T14:01:11+0000

, org.bouncycastle.operator.DefaultAlgorithmNameFinder. - - ( Bouncy Castle 1.57 - 1.46 ).

:

DefaultAlgorithmNameFinder algFinder = new DefaultAlgorithmNameFinder();
System.out.println(algFinder.getAlgorithmName(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11")));

:

SHA256WITHRSA

javadoc, , OID, .

Also note that (as indicated in @pepo's answer ), humanoid names may differ from different tools. As long as the BouncyCastle returns SHA256WITHRSA, the OID repository site uses sha256WithRSAEncryption.

For other OIDs (e.g. extensions and other fields), I could not find anything in the API, so the only alternative seems to be a large lookup table.

Getting reasonable names for ASN.1 identifiers

More articles: