@pmevzek I think that ASN.1 JavaScript decoder will be the most helpful as I try to step up to DER from simpler ASN.1.

It definitely makes it more obvious what different things are used for.

@pmevzek I did poke at asn1parse before going down the manual decode path.

I think that it wasn't showing me what I wanted to know.

I believe that learning how to manually decode ASN.1 was a good exercise for me. It's another tool to put in the toolbelt.

After having decided the #TLS certificate, I’m much more sure that ASN.1 is simply encoding / serializing pieces of information.

Similarly, DER, BER, etc specify what is encoded in what order and using what ASN.1 types for things.

Said another way, ASN.1 is how to do something and DER is what to do it to.

Sort of a policies vs procedure type thing.

I managed to finish decoding the ASN.1 of my servers #TLS certificate this evening.

I did have a few identifiers that stumped me. But I continued decoding as if they used the same type / length / value format as most other identifiers and they worked.

After the fact I found some documentation confirming that I decided the identifiers correctly.

Now I need to decode all of the OIDs and make sure that I have them correct and that I have them in my .oid #DNS zone.

Object IDs (OIDs) have some crazy encoding in ASN.1. This particularly true for OID nodes that are > 127.

06 09 2a 86 48 86 f7 0d 01 01 0b

decodes to

1.2.840.113549.1.1.11

% oidlookup 1.2.840.113549.1.1.11
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) sha256WithRSAEncryption(11)}

@fluepke @jiska @leyrer Engineers? I doubt that.

To my understanding, ASN.1 is the ITU-T's attempt to solve the coding of data structures once and for all and to take every obscure special case into account.

The result is a monster of complexity that has given us every conceivable security hole for decades because no one ever has been able to write a secure parser library for it.