What is ASN.1 DER tag value 0xA0?
Here is an example of a certificate encoded in ASN.1 DER
30 82 01 8F 30 81 F9 **A0** 03 02 01 02 02 01 01 30
0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 0D
31 0B 30 09 06 03 55 04 03 0C 02 43 41 30 20 17
0D 31 33 30 39 31 35 31 35 33 35 30 32 5A 18 0F
32 31 31 33 30 39 32 32 31 35 33 35 30 32 5A 30
0D 31 0B 30 09 06 03 55 04 03 0C 02 43 41 30 81
9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00
03 81 8D 00 30 81 89 02 81 81 00 8D 80 B5 8E 80
8E 94 D1 04 03 6A 45 1A 54 5E 7E EE 6D 0C CB 0B
82 03 F1 7D C9 6F ED 52 02 B2 08 C3 48 D1 24 70
C3 50 C2 1C 40 BC B5 9D F8 E8 A8 41 16 7B 0B 34
1F 27 8D 32 2D 38 BA 18 A5 31 A9 E3 15 20 3D E4
0A DC D8 CD 42 B0 E3 66 53 85 21 7C 90 13 E9 F9
C9 26 5A F3 FF 8C A8 92 25 CD 23 08 69 F4 A2 F8
7B BF CD 45 E8 19 33 F1 AA E0 2B 92 31 22 34 60
27 2E D7 56 04 8B 1B 59 64 77 5F 02 03 01 00 01
30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03
81 81 00 0A 1C ED 77 F4 79 D5 EC 73 51 32 25 09
61 F7 00 C4 64 74 29 86 5B 67 F2 3D A9 39 34 6B
3C A9 92 B8 BF 07 13 0B A0 9B DF 41 E2 8A F6 D3
17 53 E1 BA 7F C0 D0 BC 10 B7 9B 63 4F 06 D0 7B
AC C6 FB CE 95 F7 8A 72 AA 10 EA B0 D1 6D 74 69
5E 20 68 5D 1A 66 28 C5 59 33 43 DB EE DA 00 80
99 5E DD 17 AC 43 36 1E D0 5B 06 0F 8C 6C 82 D3
BB 3E 2B A5 F1 94 FB 53 7B B0 54 22 6F F6 4C 18
1B 72 1C
What does the highlighted tag 0xA0 mean? What type it encodes?
The next value is 0x03 which is the length of the 0xA0 tag.
But the next byte after the length is actually INTEGER type - 0x02.
Who can explain this?
Solution
0xA0 is a Context Specific tag. In your example it contains an integer as you correctly deduced. In ASN.1 you can have 4 encoding of class of the 1-byte tag (more in section 8.1.2.2 of ITU-T X.690):
- Universal (
00xxxxxx) - Application (
01xxxxxx) - Context-specific (
10xxxxxx) - Private (
11xxxxxx)
Personally I've never seen anything other than Universal (i.e sequence, integer, octet string) and context-specific.
You can explore the structure of the certificate by using ASN.1 Editor. I've selected the context specific tag here:
- Is there a free package for reading, manipulating and writing ASN.1 in Java?
- How is choice index encode in UPER when an extension is present
- DER Decode ECDSA Signature in Java
- How to get .pem file from .key and .crt files?
- Obtain RSA exponent and modulus from public key with Python
- Compiling complex (with many references) ASN schema - Certificate Request Format ( RFC4211)
- What is ASN.1 DER tag value 0xA0?
- Encoding of implicit and explicit tags in ASN.1
- ASN.1 & OPTIONAL
- How to decode PKCS#7/ASN.1 using Javascript?
- How to Go asn1 marshal/unmarshal and omit fields?
- Certificate subject X.509
- Go unmarshal asn failing
- Retrieve value stored against an OID from inside SAN in golang
- Retrieve Subject alternative names of X.509 certificate in java
- Is there an ASN.1 specification for X.509 v3 certificates
- What are the key differences between Apache Thrift, Google Protocol Buffers, MessagePack, ASN.1 and Apache Avro?
- What is the semantic difference between SEQUENCE OF and SET OF in ASN.1?
- Can an ASN.1 DER SET have multiple entries of same key?
- Explanation of the UPER encoding of an extensible sequence
- How to add DirName and serial to X509v3 Authority Key Identifier
- What ASN.1 type does the tag 0x0F (decimal 15) correspond to? Is it undefined?
- How does ASN.1 encode an object identifier?
- Which of these "Safe" ECC curves are available in Bouncy Castle?
- Interpretation of Size Constraints " , ...))" for SEQUENCE OF types in ASN.1
- "Unexpected TOK_WITH, expecting ';'" when generating the C++ compatible C source code of a .asn file using the ASN.1 to C compiler
- OpenSSL ECDSA ASN.1 Signature vs WebCrypto ECDSA
- How to convert .crt to .pem
- Why is extnValue in X.509 Extensions always encapsulated in an OCTET_STRING?
- PEM-encoded Elliptic Curve public key conversion iOS