ASN.1 Encoding-Decoding

java c openssl asn.1 bc
pimmling picture pimmling · May 11, 2011 · Viewed 8.2k times · Source

I am currently developing a client-server program, the client in Java/C and server in C. I have to transport cryptographic data(like the client should pass data to Server to encrypt/decrypt, compute digest etc) and the server has to return the result to Client.

In this scenario, I realize the importance of using some transport protocol to identify data and pass data efficiently.

With this regard, my question is: Is ASN.1 a good protocol to use? I know that it is supported by BC(on Java) and OpenSSL on C. So is it a good idea to transport data between the client and server using ASN.1 notation?

Can you also please give me some starting points to this? Also if you have a better idea of an existing protocol please let me know.

Thanks!!

Answer

datenwolf picture datenwolf · May 11, 2011

What BC and OpenSSL support is only a very small part of ASN.1. In fact for a long time there was no full ASN.1 implementation available, at least for the public. Telcos and telephone equipment manufactors probably have rather complete ASN.1 implementations. At the moment the most advanced ASN.1 implementation available to the public is developed as part of the OsmoCom project, Harald Welte blogged it: http://laforge.gnumonks.org/weblog/2011/04/12#20110412-mapv1_available

And to make matters worse, ASN.1, in particular it highly redundant encoding schemes (there are at least 3 different ways to encode strings in ASN.1) used to be the cause for several security issues in the last years, due to the problems it caused in properly processing x509 certificates. x509 is another broken technology from hell, and IMHO better avoided. Sure, SSL depends on it, but a getting a certificate signed by a "trusted" CA doesn't mean anything; any CA can sign for any domain, and after looking through, what your browser trusts by default I no longer trusted my browser.

So to make a long story short: ASN.1 is broken and should be avoided in new designs. It's only major widespread use outside of telephone networks is x509 which is broken, too. Thus I'd not use it. Use JSON, BSON, Protocol Buffers, Netstrings or something sane.

Related questions

max value of integer

In C, the integer (for 32 bit machine) is 32 bits, and it ranges from -32,768 to +32,767. In Java, the integer(long) is also 32 bits, but ranges from -2,147,483,648 to +2,147,483,647. I do not understand how the range is different in Java, even …

Read More
Is there a Java equivalent or methodology for the typedef keyword in C++?

Coming from a C and C++ background, I found judicious use of typedef to be incredibly helpful. Do you know of a way to achieve similar functionality in Java, whether that be a Java mechanism, pattern, or some other effective …

Read More
Interview question: Check if one string is a rotation of other string

A friend of mine was asked the following question today at interview for the position of software developer: Given two string s1 and s2 how will you check if s1 is a rotated version of s2 ? Example: If s1 = "stackoverflow" …

Read More