Distinguished Encoding Rules

Overview #

Distinguished Encoding Rules (DER) is an ASN.1 subset of Basic Encoding Rules, and give exactly one way to represent any ASN.1 value as an Octet String.

Distinguished Encoding Rules is intended for applications in which a unique octet string encoding is needed, as is the case when a digital signature is computed on an ASN.1 value. DER is defined in Section 8.7 of X.509.

Distinguished Encoding Rules adds the following restrictions to the rules given in Basic Encoding Rules:

  • When the length is between 0 and 127, the short form of length must be used
  • When the length is 128 or greater, the long form of length must be used, and the length must be encoded in the minimum number of octets.
  • For simple string types and implicitly tagged types derived from simple string types, the primitive, definite-length method must be employed.
  • For structured types, implicitly tagged types derived from structured types, and explicitly tagged types derived from anything, the constructed, definite-length method must be employed.
  • Other restrictions are defined for particular types (such as BIT STRING, SEQUENCE, SET, and SET OF) as defined within the ASN.1 specifications.

Distinguished Encoding Rules Certificate Format#

DER is a Binary form of ASCII PEM Certificate Format. All types of Certificates & Private Keys can be encoded in DER format.

Distinguished Encoding Rules Certificate Format Characteristics:

  • This format supports storage of single certificate (does NOT include Private Key for the Certificate Chain)
  • They are Binary format files
  • File System extensions are usually: .cer and .der
  • DER is typically used in Java platform

More Information#

There might be more information for this subject on one of the following: