What is ASN.1 DER tag value 0xA0?
Here is an example of a certificate encoded in ASN.1 DER
30 82 01 8F 30 81 F9 **A0** 03 02 01 02 02 01 01 30
0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 0D
31 0B 30 09 06 03 55 04 03 0C 02 43 41 30 20 17
0D 31 33 30 39 31 35 31 35 33 35 30 32 5A 18 0F
32 31 31 33 30 39 32 32 31 35 33 35 30 32 5A 30
0D 31 0B 30 09 06 03 55 04 03 0C 02 43 41 30 81
9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00
03 81 8D 00 30 81 89 02 81 81 00 8D 80 B5 8E 80
8E 94 D1 04 03 6A 45 1A 54 5E 7E EE 6D 0C CB 0B
82 03 F1 7D C9 6F ED 52 02 B2 08 C3 48 D1 24 70
C3 50 C2 1C 40 BC B5 9D F8 E8 A8 41 16 7B 0B 34
1F 27 8D 32 2D 38 BA 18 A5 31 A9 E3 15 20 3D E4
0A DC D8 CD 42 B0 E3 66 53 85 21 7C 90 13 E9 F9
C9 26 5A F3 FF 8C A8 92 25 CD 23 08 69 F4 A2 F8
7B BF CD 45 E8 19 33 F1 AA E0 2B 92 31 22 34 60
27 2E D7 56 04 8B 1B 59 64 77 5F 02 03 01 00 01
30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03
81 81 00 0A 1C ED 77 F4 79 D5 EC 73 51 32 25 09
61 F7 00 C4 64 74 29 86 5B 67 F2 3D A9 39 34 6B
3C A9 92 B8 BF 07 13 0B A0 9B DF 41 E2 8A F6 D3
17 53 E1 BA 7F C0 D0 BC 10 B7 9B 63 4F 06 D0 7B
AC C6 FB CE 95 F7 8A 72 AA 10 EA B0 D1 6D 74 69
5E 20 68 5D 1A 66 28 C5 59 33 43 DB EE DA 00 80
99 5E DD 17 AC 43 36 1E D0 5B 06 0F 8C 6C 82 D3
BB 3E 2B A5 F1 94 FB 53 7B B0 54 22 6F F6 4C 18
1B 72 1C
What does the highlighted tag 0xA0 mean? What type it encodes?
The next value is 0x03 which is the length of the 0xA0 tag.
But the next byte after the length is actually INTEGER type - 0x02.
Who can explain this?
Solution
0xA0 is a Context Specific tag. In your example it contains an integer as you correctly deduced. In ASN.1 you can have 4 encoding of class of the 1-byte tag (more in section 8.1.2.2 of ITU-T X.690):
- Universal (
00xxxxxx) - Application (
01xxxxxx) - Context-specific (
10xxxxxx) - Private (
11xxxxxx)
Personally I've never seen anything other than Universal (i.e sequence, integer, octet string) and context-specific.
You can explore the structure of the certificate by using ASN.1 Editor. I've selected the context specific tag here:
- what does it mean "compile asn.1"?
- How to generate CSR manually in java
- How can someone define a data type, and then use it in other file that's included in the same file, right after the data type definition
- X.509 Certificate Generation with Ed25519 in ASP.NET: parameters ANY NULL Issue
- What are the key differences between Apache Thrift, Google Protocol Buffers, MessagePack, ASN.1 and Apache Avro?
- Single value constraints in PER encoding
- Is there a free package for reading, manipulating and writing ASN.1 in Java?
- How is choice index encode in UPER when an extension is present
- DER Decode ECDSA Signature in Java
- How to get .pem file from .key and .crt files?
- Obtain RSA exponent and modulus from public key with Python
- Compiling complex (with many references) ASN schema - Certificate Request Format ( RFC4211)
- What is ASN.1 DER tag value 0xA0?
- Encoding of implicit and explicit tags in ASN.1
- ASN.1 & OPTIONAL
- How to decode PKCS#7/ASN.1 using Javascript?
- How to Go asn1 marshal/unmarshal and omit fields?
- Certificate subject X.509
- Go unmarshal asn failing
- Retrieve value stored against an OID from inside SAN in golang
- Retrieve Subject alternative names of X.509 certificate in java
- Is there an ASN.1 specification for X.509 v3 certificates
- What is the semantic difference between SEQUENCE OF and SET OF in ASN.1?
- Can an ASN.1 DER SET have multiple entries of same key?
- Explanation of the UPER encoding of an extensible sequence
- How to add DirName and serial to X509v3 Authority Key Identifier
- What ASN.1 type does the tag 0x0F (decimal 15) correspond to? Is it undefined?
- How does ASN.1 encode an object identifier?
- Which of these "Safe" ECC curves are available in Bouncy Castle?
- Interpretation of Size Constraints " , ...))" for SEQUENCE OF types in ASN.1