# 000014033 - Converting object identifier (OID) between hex BER and dotted decimal form

Document created by RSA Customer Support on Jun 16, 2016Last modified by RSA Customer Support on Apr 21, 2017
Version 2Show Document

### Article Content

 Article Number 000014033 Applies To RSA BSAFE Cert-CRSA BSAFE Cert-J Issue Converting object identifier (OID) between hex BER and dotted decimal form Resolution Converting from the dotted-decimal notation to the BER encoding of an object identifier is described in "A Layman's Guide to a Subset of ASN.1, BER, and DER" (ftp://ftp.rsasecurity.com/pub/pkcs/ascii/layman.asc or ftp://ftp.rsasecurity.com/pub/pkcs/doc/layman.doc), section 5.9: "BER encoding. Primitive. Contents octets are as follows, where value1, ..., valuen denote the integer values of the components in the complete object identifier:      1.   The first octet has value 40 * value1 + value2.           (This is unambiguous, since value1 is limited to           values 0, 1, and 2; value2 is limited to the range           0 to 39 when value1 is 0 or 1; and, according to           X.208, n is always at least 2.)      2.   The following octets, if any, encode value3, ...,           valuen. Each value is encoded base 128, most           significant digit first, with as few digits as           possible, and the most significant bit of each           octet except the last in the value's encoding set           to "1." Example: The first octet of the BER encoding of RSA Data Security, Inc.'s object identifier is 40 * 1 + 2 = 42 = 2a16. The encoding of 840 = 6 * 128 + 4816 is 86 48 and the encoding of 113549 = 6 * 1282 + 7716 * 128 + d16 is 86 f7 0d. This leads to the following BER encoding: 06 06 2a 86 48 86 f7 0d" To convert from the BER-encoded object identifier to the dotted-decimal format string, in Java, you could use netscape.security.util.ObjectIdentifier (or perhaps com.novell.ldap.LDAPAttributeSchema, which is already in Cert-J in certj/prebuilt/openldap/openldap.jar). Legacy Article ID a44994