000014033 - Converting object identifier (OID) between hex BER and dotted decimal form

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014033
Applies ToRSA BSAFE Cert-C
IssueConverting object identifier (OID) between hex BER and dotted decimal form

Converting from the dotted-decimal notation to the BER encoding of an object identifier is described in "A Layman's Guide to a Subset of ASN.1, BER, and DER" (ftp://ftp.rsasecurity.com/pub/pkcs/ascii/layman.asc or ftp://ftp.rsasecurity.com/pub/pkcs/doc/layman.doc), section 5.9:

"BER encoding. Primitive. Contents octets are as follows,
where value1, ..., valuen denote the integer values of the
components in the complete object identifier:

     1.   The first octet has value 40 * value1 + value2.
          (This is unambiguous, since value1 is limited to
          values 0, 1, and 2; value2 is limited to the range
          0 to 39 when value1 is 0 or 1; and, according to
          X.208, n is always at least 2.)

     2.   The following octets, if any, encode value3, ...,
          valuen. Each value is encoded base 128, most
          significant digit first, with as few digits as
          possible, and the most significant bit of each
          octet except the last in the value's encoding set
          to "1."

Example: The first octet of the BER encoding of RSA Data
Security, Inc.'s object identifier is 40 * 1 + 2 = 42 =
2a16. The encoding of 840 = 6 * 128 + 4816 is 86 48 and the
encoding of 113549 = 6 * 1282 + 7716 * 128 + d16 is 86 f7
0d. This leads to the following BER encoding:

06 06 2a 86 48 86 f7 0d"

To convert from the BER-encoded object identifier to the dotted-decimal format string, in Java, you could use netscape.security.util.ObjectIdentifier (or perhaps com.novell.ldap.LDAPAttributeSchema, which is already in Cert-J in certj/prebuilt/openldap/openldap.jar).

Legacy Article IDa44994