Distinguished Encoding Rules
   HOME

TheInfoList



OR:

X.690 is an
ITU-T The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Comm ...
standard specifying several
ASN.1 Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and ...
encoding formats: *
Basic Encoding Rules X.690 is an ITU-T standard specifying several ASN.1 encoding formats: * Basic Encoding Rules (BER) * Canonical Encoding Rules (CER) * Distinguished Encoding Rules (DER) The Basic Encoding Rules (BER) were the original rules laid out by the ASN.1 ...
(BER) *
Canonical Encoding Rules X.690 is an ITU-T standard specifying several Abstract Syntax Notation One, ASN.1 encoding formats: * #BER encoding, Basic Encoding Rules (BER) * #CER encoding, Canonical Encoding Rules (CER) * #DER encoding, Distinguished Encoding Rules (DER) The ...
(CER) *
Distinguished Encoding Rules X.690 is an ITU-T standard specifying several ASN.1 encoding formats: * Basic Encoding Rules (BER) * Canonical Encoding Rules (CER) * Distinguished Encoding Rules (DER) The Basic Encoding Rules (BER) were the original rules laid out by the ASN. ...
(DER) The Basic Encoding Rules (BER) were the original rules laid out by the ASN.1 standard for encoding data into a binary format. The rules, collectively referred to as a ''transfer syntax'' in ASN.1 parlance, specify the exact octets (8-bit bytes) used to encode data. X.680 defines a syntax for declaring data types, for example: booleans, numbers, strings, and compound structures. Each type definition also includes an identifying number. X.680 defines several ''primitive'' data types, for example: BooleanType, IntegerType, OctetStringType. (ASN.1 also provides for ''constructed'' types built from other types.) Types are associated with a ''class''. For example, the primitive types are part of the ''universal'' class. The three other classes (''application'', ''private'', and ''context-specific'') are essentially different scopes to support customization for specific applications. Combined, the ''class'' and ''type'' form a ''tag'', which therefore corresponds to a unique data definition. X.690 includes rules for encoding those tags, data values (content), and the lengths of that encoded data. BER, along with two subsets of BER (the
Canonical Encoding Rules X.690 is an ITU-T standard specifying several Abstract Syntax Notation One, ASN.1 encoding formats: * #BER encoding, Basic Encoding Rules (BER) * #CER encoding, Canonical Encoding Rules (CER) * #DER encoding, Distinguished Encoding Rules (DER) The ...
and the
Distinguished Encoding Rules X.690 is an ITU-T standard specifying several ASN.1 encoding formats: * Basic Encoding Rules (BER) * Canonical Encoding Rules (CER) * Distinguished Encoding Rules (DER) The Basic Encoding Rules (BER) were the original rules laid out by the ASN. ...
), are defined by the
ITU-T The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Comm ...
's X.690 standards document, which is part of the ASN.1 document series.


BER encoding

The format for Basic Encoding Rules specifies a self-describing and self-delimiting format for encoding ASN.1 data structures. Each data element is encoded as a type identifier, a length description, the actual data elements, and, where necessary, an end-of-content marker. These types of encodings are commonly called
type–length–value Within communication protocols, TLV (type-length-value or tag-length-value) is an encoding scheme used for optional informational elements in a certain protocol. A TLV-encoded data stream contains code related to the record type, the record val ...
(TLV) encodings. However, in BER's terminology, it is ''identifier-length-contents''. This format allows a receiver to decode the ASN.1 information from an incomplete stream, without requiring any pre-knowledge of the size, content, or semantic meaning of the data.Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
ITU-T X.690, 07/2002
Data encoding consists of three or four components, in the following order: Note that if a Length is zero, then there are no Contents octets, e.g. the NULL type. The End-of-Contents octets are only used for the indefinite form of Length.


Identifier octets

The BER ''identifier'' octets encode the ASN.1 ''tags''. The list of Universal Class tags can be found at Rec. ITU-T X.680, clause 8, table 1. The following tags are native to ASN.1:


Encoding

The identifier octets encode the ASN.1 tag's class number and type number. It also encodes whether the contents octets represent a constructed or primitive value. The Identifier spans one or more octets. In the initial octet, bit 6 encodes whether the type is primitive or constructed, bit 7–8 encode the tag's class, and bits 1–5 encode the tag's type. The following values are possible: If the tag's type fits in the 5-bits (0-3010), then the Identifier spans just one byte: ''Short Form''. If the tag's type is too large for the 5-bit tag field (> 3010), it has to be encoded in further octets: ''Long Form''. The initial octet encodes the class and primitive/constructed as before, and bits 1–5 are 1. The tag number is encoded in the following octets, where bit 8 of each is 1 if there are more octets, and bits 1–7 encode the tag number. The tag number bits combined, big-endian, encode the tag number. The least number of following octets should be encoded; that is, bits 1–7 should not all be 0 in the first following octet.


Length octets

There are two forms of the length octets: The definite form and the indefinite form.


Definite form

This encodes the number of content octets and is always used if the type is primitive or constructed and data are immediately available. There is a short form and a long form, which can encode different ranges of lengths. Numeric data is encoded as unsigned integers with the least significant bit always first (to the right). The short form consists of a single octet in which bit 8 is 0, and bits 1–7 encode the length (which may be 0) as a number of octets. The long form consists of 1 initial octet followed by 1 or more subsequent octets, containing the length. In the initial octet, bit 8 is 1, and bits 1–7 (excluding the values 0 and 127) encode the number of octets that follow. The following octets encode, as big-endian, the length (which may be 0) as a number of octets.


Indefinite form

This does not encode the length at all, but that the content octets finish at marker octets. This applies to constructed types and is typically used if the content is not immediately available at encoding time. It consists of a single octet, in which bit 8 is 1, and bits 1–7 are 0. Then, two end-of-contents octets must terminate the content octets.


Contents octets

The contents octets encode the element data value. Note that there may be no contents octets (hence, the element has a length of 0) if only the existence of the ASN.1 object, or its emptiness, is to be noted. For example, this is the case for an ASN.1 NULL value.


CER encoding

CER (Canonical Encoding Rules) is a restricted variant of
BER ''Ziziphus mauritiana'', also known as Indian jujube, Indian plum, Chinese date, Chinese apple, ber, and dunks is a tropical fruit tree species belonging to the family Rhamnaceae. It is often confused with the closely related jujube, Chinese j ...
for producing unequivocal transfer syntax for data structures described by
ASN.1 Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and ...
. Whereas BER gives choices as to how data values may be encoded, CER (together with DER) selects just one encoding from those allowed by the basic encoding rules, eliminating the rest of the options. CER is useful when the encodings must be preserved; e.g., in security exchanges.


DER encoding

DER (Distinguished Encoding Rules) is a restricted variant of
BER ''Ziziphus mauritiana'', also known as Indian jujube, Indian plum, Chinese date, Chinese apple, ber, and dunks is a tropical fruit tree species belonging to the family Rhamnaceae. It is often confused with the closely related jujube, Chinese j ...
for producing unequivocal transfer syntax for data structures described by
ASN.1 Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and ...
. Like CER, DER encodings are valid BER encodings. DER is the same thing as BER with all but one sender's options removed. DER is a subset of BER providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, and ensures that a data structure that needs to be digitally signed produces a unique serialized representation. DER can be considered a
canonical form In mathematics and computer science, a canonical, normal, or standard form of a mathematical object is a standard way of presenting that object as a mathematical expression. Often, it is one which provides the simplest representation of an obje ...
of BER. For example, in BER a Boolean value of true can be encoded as any of 255 non-zero byte values, while in DER there is one way to encode a boolean value of true. The most significant DER encoding constraints are: # Length encoding must use the definite form #* Additionally, the shortest possible length encoding must be used # Bitstring, octetstring, and restricted character strings must use the primitive encoding # Elements of a Set are encoded in sorted order, based on their tag value DER is widely used for digital certificates such as
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
.


BER, CER and DER compared

The key difference between the BER format and the CER or DER formats is the flexibility provided by the Basic Encoding Rules. BER, as explained above, is the basic set of encoding rules given by ITU-T X.690 for the transfer of ASN.1 data structures. It gives senders clear rules for encoding data structures they want to send, but also leaves senders some encoding choices. As stated in the X.690 standard, "Alternative encodings are permitted by the basic encoding rules as a sender's option. Receivers who claim conformance to the basic encoding rules shall support all alternatives". A receiver must be prepared to accept all legal encodings in order to legitimately claim BER-compliance. By contrast, both CER and DER restrict the available length specifications to a single option. As such, CER and DER are restricted forms of BER and serve to disambiguate the BER standard. CER and DER differ in the set of restrictions that they place on the sender. The basic difference between CER and DER is that DER uses definitive length form and CER uses indefinite length form in some precisely defined cases. That is, DER always has leading length information, while CER uses end-of-contents octets instead of providing the length of the encoded data. Because of this, CER requires less metadata for large encoded values, while DER does it for small ones. In order to facilitate a choice between encoding rules, the X.690 standards document provides the following guidance:


Criticisms of BER encoding

There is a common perception of BER as being "inefficient" compared to alternative encoding rules. It has been argued by some that this perception is primarily due to poor implementations, not necessarily any inherent flaw in the encoding rules. These implementations rely on the flexibility that BER provides to use encoding logic that is easier to implement, but results in a larger encoded data stream than necessary. Whether this inefficiency is reality or perception, it has led to a number of alternative encoding schemes, such as the
Packed Encoding Rules Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, an ...
, which attempt to improve on BER performance and size. Other alternative formatting rules, which still provide the flexibility of BER but use alternative encoding schemes, are also being developed. The most popular of these are XML-based alternatives, such as the
XML Encoding Rules Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and ...
and ASN.1
SOAP Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are use ...
. In addition, there is a standard mapping to convert an XML Schema to an ASN.1 schema, which can then be encoded using BER.ITU-T X.694, ISO/IEC ISO/IEC 8825-5


Usage

Despite its perceived problems, BER is a popular format for transmitting data, particularly in systems with different native data encodings. * The
SNMP Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically ...
and
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
protocols specify ASN.1 with BER as their required encoding scheme. * The
EMV EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for " Europay, Mastercard, and Visa", the three companies that created th ...
standard for credit and debit cards uses BER to encode data onto the card * The digital signature standard PKCS #7 also specifies ASN.1 with BER to encode encrypted messages and their
digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...
or
digital envelope In cryptographic protocols, a key encapsulation mechanism (KEM) is used to secure symmetric key material for transmission using asymmetric (public-key) algorithms. It is commonly used in hybrid cryptosystems. In practice, public key systems are c ...
. * Many telecommunication systems, such as
ISDN Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data, and other network services over the digitalised circuits of the public switched telephone network. Wo ...
, toll-free call routing, and most cellular phone services use ASN.1 with BER to some degree for transmitting control messages over the network. * GSM TAP (Transferred Account Procedures), NRTRDE (Near Real Time Roaming Data Exchange) files are encoded using BER

By comparison, the more definite DER encoding is widely used to transfer digital certificates such as
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
.


See also

* Kerberos (protocol), Kerberos *
Packed Encoding Rules Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, an ...
(PER, X.691) *
Presentation layer In the seven-layer OSI model of computer networking, the presentation layer is layer 6 and serves as the data translator for the network. It is sometimes called the syntax layer. Description Within the service layering semantics of the OSI netw ...
* Structured Data eXchange Format ( SDXF) * Serialization


References

{{reflist


External links

* tp://ftp.rsasecurity.com/pub/pkcs/ascii/layman.asc RSA's 'A Layman's Guide to a Subset of ASN.1, BER, and DER 'br>ITU-T X.690, ISO/IEC 8825-1ITU-T X.892, ISO/IEC 24824-2ITU-T X.694, ISO/IEC ISO/IEC 8825-5PKCS #7jASN1
Open source Java ASN.1 BER/DER coding library by beanit
PHPASN1
PHP ASN.1 BER encoding/decoding library at github, GPL-licensed
ASN1js
JavaScript ASN.1 BER encoding/decoding library at github, GPL-licensed
Peter Gutmann's 'X.509 Style Guide'
ITU-T recommendations ITU-T X Series Recommendations Data serialization formats Encodings ASN.1