ASN.1 Encoding-Decoding

Question

I am currently developing a client-server program, the client in Java/C and server in C. I have to transport cryptographic data(like the client should pass data to Server to encrypt/decrypt, compute digest etc) and the server has to return the result to Client.

In this scenario, I realize the importance of using some transport protocol to identify data and pass data efficiently.

With this regard, my question is: Is ASN.1 a good protocol to use? I know that it is supported by BC(on Java) and OpenSSL on C. So is it a good idea to transport data between the client and server using ASN.1 notation?

Can you also please give me some starting points to this? Also if you have a better idea of an existing protocol please let me know.

Thanks!!

Answer 1

What BC and OpenSSL support is only a very small part of ASN.1. In fact for a long time there was no full ASN.1 implementation available, at least for the public. Telcos and telephone equipment manufactors probably have rather complete ASN.1 implementations. At the moment the most advanced ASN.1 implementation available to the public is developed as part of the OsmoCom project, Harald Welte blogged it: http://laforge.gnumonks.org/weblog/2011/04/12#20110412-mapv1_available

And to make matters worse, ASN.1, in particular it highly redundant encoding schemes (there are at least 3 different ways to encode strings in ASN.1) used to be the cause for several security issues in the last years, due to the problems it caused in properly processing x509 certificates. x509 is another broken technology from hell, and IMHO better avoided. Sure, SSL depends on it, but a getting a certificate signed by a "trusted" CA doesn't mean anything; any CA can sign for any domain, and after looking through, what your browser trusts by default I no longer trusted my browser.

So to make a long story short: ASN.1 is broken and should be avoided in new designs. It's only major widespread use outside of telephone networks is x509 which is broken, too. Thus I'd not use it. Use JSON, BSON, Protocol Buffers, Netstrings or something sane.

Answer 2

ASN.1 is alive and well, and is used within many standard protocols, both old and recent, including several standards that are currently being developed (for example, within 3GPP and IEEE 802). There are a few good and complete commercial ASN.1 tools available on the market. A typical ASN.1 tool includes an ASN.1 compiler that can generate source code from the ASN.1 message definitions, as well as encoding/decoding libraries for the different standard encoding rules. Typically, the application developer will write code that uses the data structures generated by the ASN.1 compiler and will invoke the encode/decode functions provided as part of the ASN.1 tool.

If you don't want to get a commercial ASN.1 tool (for whatever reason), and if you are going to write your own ASN.1 message definitions (as opposed to implenting an existing standard protocol), perhaps you could pick up one of the free ASN.1 tools available and limit your usage of ASN.1 to the syntactic features that are supported by the tool that you have chosen.