All geek questions in one place

ASN.1 encoding / decoding

I am currently developing a client-server program, a client in Java / C and a server in C. I have to transfer cryptographic data (for example, the client must transfer data to the server for encryption / decryption, digest calculation, etc.), And the server must return the result to the client.

In this case, I understand the importance of using some kind of transport protocol to efficiently determine data and transmit data.

In this regard, my question is: is ASN.1 a good protocol to use? I know that it is supported by BC (in Java) and OpenSSL in C. So is it a good idea to transfer data between client and server using ASN.1 notation?

Can you also give me some starting points? Also, if you have a better understanding of the existing protocol, please let me know.

Thanks!!

+6
source share
4 answers

Support for BC and OpenSSL is just a small part of ASN.1. In fact, for a long time there was no full implementation of ASN.1, at least for the public. Telecommunications and telephone manufacturers probably have fairly complete ASN.1 implementations. Currently the most advanced ASN.1 implementation available to the public is being developed as part of the OsmoCom project, Harald Welte wrote this on his blog: http://laforge.gnumonks.org/weblog/2011/04/12#20110412-mapv1_available

And, even worse, ASN.1, in particular, the very redundant encoding schemes (at least 3 different ways of encoding strings in ASN.1) have caused several security problems in recent years, due to the problems that it caused when proper handling of x509 certificates. x509 is another broken technology from hell, and IMHO is best avoided. Of course, SSL depends on it, but obtaining a certificate signed by a "trusted" CA does not mean anything; any CA can sign for any domain, and, having seen that your browser trusts by default, I no longer trust my browser.

So, let's briefly describe: ASN.1 is broken and should be avoided in new projects. This widespread use outside the telephone network is also the x509. Therefore, I will not use it. Use JSON, BSON, protocol buffers, Netstrings, or something sensible.

+8
source

ASN.1 is alive and well and is used in many standard protocols, both old and latest, including several standards that are currently being developed (for example, 3GPP and IEEE 802). There are several good and complete ASN.1 commercial tools available in the market. A typical ASN.1 tool includes an ASN.1 compiler that can generate source code from ASN.1 message definitions, as well as an encoding / decoding library for various standard encoding rules. Typically, an application developer will write code that uses data structures generated by the ASN.1 compiler and will call the encoding / decoding functions provided as part of the ASN.1 tool.

If you do not want to receive the commercial ASN.1 tool (for any reason), and if you intend to write your own ASN.1 message definitions (as opposed to implementing the existing standard protocol), you may be able to get one of the available tools available ASN.1 and restrict the use of ASN.1 to the syntax functions that are supported by the tool of your choice.

+3
source

ASN.1 has become something of a niche used for data related to X.509, and nothing else.

Instead, you can look at the Google Protocol Buffers.

+2
source

If you really want to use ASN.1 in Java: I looked at the ASN.1 open source libraries for Java and found only BinaryNotes to be a useful maturity. The tool does not support all ASN.1 specialized functions in the development field (extension points, etc.), but to define your own ASN.1 base grammar and create Java classes that can encode / decode these messages. quite useful with little effort to put into it.

For part C colleagues, ASN.1C was used to compile CODEC from ASN.1 grammar - but I don't know any details.

0
source

Source: https://habr.com/ru/post/887829/

More articles:


All Articles