Introduction to BER Encoding

Christopher Mevissen

What is it?

• Basic Encoding Rules
• An encoding for ASN.1 structures
• Allows ASN.1 structures to be represented in bytes which can be transmitted over a network or stored on a disk.
• Binary encoding (vs textual encoding like JSON/XML)
• Not the only encoding for ASN.1 (XER)
• Standardized in X.690

DER vs BER

• Distinguished Encoding Rules
• A subset of BER. Anything that is valid DER is also valid BER
• Length encoding must use the definite form
• Bitstring, octetstring, and restricted character strings must use the primitive encoding
• Elements of a Set are encoded in sorted order, based on their tag value

ASN.1

• Abstract Syntax Notation One
• A way of describing data
• Primitive and Composite types
• Independent of any programming language
• Standardized in X.680

Who?

• ITU-T - Telecommunication Standardization Sector of ITU ( International Telecommunication Union)
• Coordinates standards for telecommunications.
• The standardization work of ITU dates back to 1865
• ITU-T Standards

Where is ASN.1 used?

• Cell Phones
• LDAP
• X509 Certificate (also PEM)
• Get cash from ATM
• FedEx package tracking

Other areas ASN.1 is used

Aviation
Banking
Biometrics
Directory and LDAP
Electronic cards and tags
Energy
Graphics and file transfer
Health and genetics
Intelligent networks
Mobile telephony and wireless networks
Security authentication and cryptography
Teleconferencing and videoconferencing
Transportation

TLV

• Type
• Length
• Value

Type - Class

• [00]000000 - First two bits represent the class
• 00 - Universal - The type is native to ASN.1
• 01 - Application - The type is only valid for one specific application
• 10 - Context-Specific - Items within a sequence or choice
• 11 - Private - Defined in private specifications

Type - Constructed

• 00[0]00000
• 0 - Primitive - Integer, Boolean, String
• 1 - Constructed - Sequence, Set

Type - Tag

• 000[00000]
• Identifies the actual type
• The previous 3 bits describe the type

Type - Native Types (1/2)

EOC (End-of-Content)
BOOLEAN - (00001)
INTEGER - (00010)
BIT STRING - (00011)
OCTET STRING
NULL
OBJECT IDENTIFIER
Object Descriptor
EXTERNAL
REAL (float)
ENUMERATED
EMBEDDED PDV
UTF8String
RELATIVE-OID

Type - Native Types (2/2)

SEQUENCE and SEQUENCE OF
SET and SET OF
NumericString
PrintableString
T61String
VideotexString
IA5String
UTCTime
GeneralizedTime
GraphicString
VisibleString
GeneralString
UniversalString
CHARACTER STRING
BMPString
(use long-form)

Length

• Short Form - [0]XXXXXXX (0 - 127 bytes)
• Long Form - [1]XXXXXXX (128 - 5 e+151 bytes)
• Indefinite Form - [1]0000000

Value

• Take the next x bytes and decode based on type

OID

• Object Identifier
• 1.2.840.113549.1.1.1 = rsaEncryption
• iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) rsaEncryption(1)
• First byte determines first two digits
• Subsequent bytes that start with 0 are converted to integers
• Bytes that start with 1 and concatenated until a most-significant bit is 0 then converted to integer
• OIDs can be looked up here

References

• A Layman's Guide to a Subset of ASN.1, BER, and DER - http://luca.ntop.org/Teaching/Appunti/asn1.html
• BER Info - http://en.wikipedia.org/wiki/X.690
• Variable Length Quantity - http://en.wikipedia.org/wiki/Variable-length_quantity
• ITU-T Standards - http://www.itu.int/ITU-T/recommendations/index.aspx?ser=X
• Slideshow software - http://meyerweb.com/eric/tools/s5/