Distinguished Encoding Rules

The Distinguished Encoding Rules (DER) are a subset of BER; they eliminate some of the flexibility provided by BER, however, they also guarantee that there is one and only one way to encode a message. That is, if we were to encode, decode, re-encode, re-decode, and re-re-encode, all three encodings must be the same. DER is commonly used in security-related applications such as X.509 digital certificates.

DER uses the definite length form encoding.

Example

Encoding Types

The restrictions imposed by DER on BER are listed below:

• The length field must be encoded in the minimum number of octets.
• For BOOLEAN types, in DER, FALSE is always encoded as 00 and TRUE is always encoded as FF.
• For BIT STRING types:
  • Unused bits in last octet are set to 0.
  • Trailing 0s are not encoded for a named bit list.
  • If no bits are on, set length to 1 and use one octet of 00.
• For BIT STRING and OCTET STRING types, DER does not allow the constructed form (breaking a string into multiple TLVs) or the indefinite length form.
• For REAL types, base 10 uses the NR3 form:
  • No spaces.
  • No plus sign in mantissa or exponent.
  • The period is used as decimal separator.
  • Mantissa must not begin nor end with 0s.
  • Mantissa is followed by ".E".
  • Exponent cannot begin with 0.
• REAL base 2:
  • Mantissa is 0 or an odd number.
  • Mantissa and exponent must be encoded in the minimum number of octets.
  • Scale factor F = 0.
• For time types:
  • There are no meaningless trailing zeroes.
  • No decimal point is allowed if there is no fractional part in UTCTime.
  • Always use Z form.
  • Always use decimal point in GeneralizedTime.
• SEQUENCE or SET
  • Never encode a default value.
• For SET types:
  • Elements are sorted into tag order.
• For SET OF types:
  • Elements are sorted into ascending order of encoding.

Related Topics

• Basic Encoding Rules
• Canonical Encoding Rules
• ASN.1 Tags

---