When I started PowerShell PKI module project, I quickly realized that I will have to deal with abstract syntax notation one (ASN.1) with distinguished encoding rules (DER) encoding subset. This is because all transferrable cryptographic objects are encoded in ASN.1 and in DER encoding. X.509 certificates, revocation lists, trust lists, OCSP, etc., etc..
While reading related literature (ASN.1 — Communication Between Heterogeneous Systems by Olivier Dubuisson) and other ad-hoc articles, I looked for a tool that would visualize ASN-encoded data to test and verify my own ASN.1 parser. There are few and almost all of them are too expensive. Eventually I found a free ASN.1 editor written by Liping Dai.
The tool is great, but wanted few changes there. I downloaded sources, opened in Visual Studio and closed. The tool is written by using WinForms and I wasn’t able to understand the codebase. Since I already have my own ASN.1 parser, I decided to make similar tool, but with brand-new codebase and presentation layer. I’m not a WinForms fan, so presentation is delivered by Windows Presentation Framework (WPF) with MVVM pattern.
Interesting: I caught myself thinking that I almost never did something really my own. All my WPF projects are visual copies of other tools. For example, PS Cmdlet Help Editor is a working copy of non-working Cmdlet Help Editor, SSL Verifier is a working copy of non-working Certificate Expiration Verification Tool. Now, ASN.1 editor. However, existing tool is working. I’d say, this is just a code migration.
As a start point, I copied existing tool’s visual behavior, so existing editor users will not have difficulties in working with my own editor. Brand-new codebase means that no code was inherited from original project (actually, I stole few lines from helpers). I think, new codebase provides more extensibility features and is easier to read and maintain. Ok, let’s go, new editor look is similar:
and comparing with previous tool:
Very similar, so existing editor users will not face problems while using my own (if they wish to use new editor).
I reused previous editor tree view icons. However, they might be a subject for copyright, I’m looking for a new icon design. I tried to order a set on fiverr.com, however, I wasn’t satisfied with the result. Although new icons were better, they didn’t fit data type representation.
During UI development I faced a lot of problems and most of them were solved by searching stackoverflow.com web site. For example, TreeView control in WPF do not have horizontal and vertical lines and is very uncomfortable with large tree with various levels. Relatively quickly, I found an answer and used it in the project. In general stackoverflow.com solved all my problems. And it is worth to note that I didn’t asked any question there. Everything got from extensive search of existing topics.
Main features in most are the same:
You can view the selected node branch text dump by right-clicking the designated node and selecting “View Node Text”:
This window provides TreeView textual visualization. It defines four columns:
You can save this information to a file and print, if necessary.
in previous tool, hex data viewer was a separate window. I decided to combine them in the same window. By default, hex viewer is collapsed and can be opened by toggling the button in the toolbar. Hex viewer panel contains two toggle buttons. They are used to hide hex address and ASCII data panes:
When you select node in the Tree View panel, corresponding bytes are highlighted in the hex viewer:
By double-clicking on a node (or selecting from tree node context menu), a node data editor is opened:
You can edit data for any primitive non-constructed type (except, NULL tag). Explicit value presentation depends on data type. For many types, textual value is displayed and allowed for input. However, not for all types there is encoder and decoder, so for certain types you will see raw hex view (and raw hex text should be inserted):
As already said, NULL and constructed types are not editable:
Node content editor applies restrictions for certain data types. For example, if you are editing numeric strict, the code verifies whether all characters in the text are valid for numeric string.
You can save the selected node data into a file by right-clicking the node and selecting "Save selected node as...". Data is saved as a binary copy of the entire selected structure, including tag header and full tag payload.
You can cut, copy and paste existing nodes. You can use either context menu or toolbar. There are three options of paste destination:
When you operate with nodes, internal raw data and hex viewer are updated accordingly.
Data converter window allows you to convert the data between various text encodings:
This window maintains internal data source, so changes here are not reflected in main tree view. When you open data converter, data source from main tree view is copied to data converter window. Alternatively, you can open external file or paste text from clipboard. When you paste text from clipboard, you need to click Validate button, so converter will attempt to decode the pasted data format. Unlike with previous editor, you don’t need to care about source encoding, converter will do it for you. By clicking appropriate radiobutton, the data is converted to a appropriate format:
You can save this view to a file as a text, or as a pure binary copy (converted from pasted text). Also, you can print current view.
The code is smart enough to detect the pasted text format (or opened file content format) and is able to convert, for example, hex view with address and ASCII panes, or base64 with or without header to a raw byte array. In addition, the code correctly handles files saved in UTF-7, UTF-8, Unicode and UTF-32 encoding.
I don’t know. Currently, the editor is available only in my blog (link for download is below). Will I put it to CodePlex and publish regular updates (with bug fixes and improvements)? It is up to you, my dear readers. To be honest, I’m a bit disappointed with all the stuff I’m doing (except PSPKI module). SSL Verifier got zero feedback, PS Cmdlet Help Editor has very little feedback. Even Microsoft (PowerShell team) showed zero interest in help editor.
I’m not whining, I just don’t think that I should put any effort on tools which nobody needs. Plain and simple. So, if you find an interest in the tool and there will be at least a group of followers, then I will work on the tool with public updates, otherwise, all you see here is all you get and nothing else. Any feedback (positive, neutral or negative) please, in comments.
Just to note, there are several things to work on:
The article and download links are permanently moved to: ASN.1 Editor directory.
Very nice tool. I would love to be able to assign names to nodes and generate ASN.1 schema
> I would love to be able to assign names to nodes and generate ASN.1 schema this way wouldn't work, because it is impossible to restore ASN module from sample data. In many most cases, ASN module includes choices, explicit and optional tags and value constraints. It is possible to validate the data against module and (this functionality is provided by commercial editors) create classes based on ASN module.
Nice tool. Very useful for me, because at least it works fine on high DPI. :) Please add this features: Shell Integration (opening from Windows Explorer); Comparison with differences Highlighting; Hash calculation of (multi)selected data; Data representation output (full, not only viewport area!) as picture (.png); // very needed for me :) Thank U very much!!!
Hi, the donwload link is broken.
Do you have it on another location?
I moved article to dedicated page where I publish valid download links to the most recent version: ASN.1 Editor
Thank you so much for your wonderful ANS.1 tool. This is a fantastic and essential tool for really getting in there to work with X509 certificates/requests and combines sevearl disparate tools I had to use previously. Do you offer any consulting services in regards to working with certificates/requests?
Hi,
Thank you for your very great weblog. I want to create Certificate Request Enrollment in CMC Format Programatically. Could you please help me? My program which Creates a CMC Request Format depends on what? Should I implement asn.1 encoder?
Thanks in advance for your help.
No, you don't need with raw ASN encoding. You should use CertEnroll COM interfaces that will do everything in regards to certificate enrollment: http://www.sysadmins.lv/blog-en/introducing-to-certificate-enrollment-apis-summary.aspx
This is a very useful tool, many thanks for sharing it. The included list of OID's and their symbolic names is nice. I am sorry to read that you do not get a lot of feedback. Maybe that is because many people do not realize that a tool like this is available. I hope you will continue to maintain it.
Is it possible somehow to decode data straight from the Binary Converter window? It is somewhat inconvenient to have to save my snippet of encoded data into a file before opening that file in the main Window.
I like the integrated hex viewer. It has a minor problem: on my screen it is slightly too narrow and therefore the last byte gets wrapped onto the next line, making it less readable. There is no possibility to resize the hex window.
Thanks again and keep up the good work!
Hey just wanted to commend you for this effort and say thank you. I looked over the other blog posts on your site and I think you have some good material here. I'll be watching to see what else pops up. Cheers.
the program can not handle 2bytes tag
http://prntscr.com/a57r3d
in this example, the tag 7f20. the program recognizes 20 as the size of the field
Neither, BER or DER supports multibyte tags. Each tag must be encoded in a single byte. It is expected behavior.
are you sure? ITU-T X.690 (8.1.2 Identifier octets)
ps. The second byte (8bit) is identifier
3bytes
Got your point. No, there is no multibyte identifier support.
This program also cannot handle long tag form. When the content has length greater than 127 bytes, it will not handle it properly.
I mean long Indefinite form of length octects (8.1.3.6)
AFAIK, indefinite length is not allowed for DER encoding.
Dear Vadims,
When I am trying to open the ASN1 file. I am getting following error message "the given key is not present in the dictionary".
Do we have the update version.
Thanking You,
Satish S
Satish, the tool doesn't parse ASN.1 definition modules, it desodes binary files (certificates, CSR, CRLs, etc.).
Thank for sharing this wonderfull tool.
I Have Key pair Private Key (secp521r1) and Public Keys as Byte Array ,My requirment is to write this in DER/PEM formate (.Key file)
Could you suggest any way to Encode These Keys in ASN 1 using C#.
Thank you ...
> I Have Key pair Private Key (secp521r1) and Public Keys as Byte Array ,My requirment is to write this in DER/PEM formate (.Key file)
I believe they already are properly encoded. You just need to convert them in base64 and add proper PEM headers and footers.
Post your comment:
Comments: