ASN.1 DER (Distinguished Encoding Rules)

DER is the canonical subset of BER: the same Tag-Length-Value structure, but with every encoding choice pinned so each value has exactly one byte representation. Length must use the definite, shortest form; SET elements are sorted; booleans use 0xFF for true. DER is what X.509 certificates, PKCS, and most crypto use because the bytes must be reproducible for signing.

wire format

spec: ITU-T X.690

DER = BER constrained so encodings are unique (distinguished). Same TLV layout as BER, with extra rules: definite length only and in the shortest form; the constructed/primitive choice is fixed per type; SET OF members sorted by their encoding; BOOLEAN true is exactly 0xFF; no indefinite lengths. This determinism is required wherever bytes are hashed or signed.

field	size	meaning
Identifier (Tag)	1+ bytes	Same class/constructed/tag-number layout as BER.
Length	1+ bytes	Definite form ONLY, and the shortest possible: short form for < 128, otherwise long form with no leading zero length octets. Indefinite form is forbidden.
Contents (Value)	= Length	Value octets; for constructed types, nested DER TLVs. SET OF contents are ordered by the encodings of the components.

example:

30 06 02 01 05 02 01 03

SEQUENCE { INTEGER 5, INTEGER 3 }: 0x30 (SEQUENCE, constructed) len 0x06 | 02 01 05 (INTEGER 5) | 02 01 03 (INTEGER 3).

see: wire-format/asn1-ber

Every DER encoding is also a valid BER encoding, but not vice-versa.
X.509 certificates, CSRs (PKCS#10), private keys (PKCS#8), and CMS/PKCS#7 are DER-encoded so their signatures cover a single canonical byte string.
PEM is just base64-wrapped DER with '-----BEGIN ...-----' delimiters.

agent: curl -H 'accept: application/json' wire.phall.io/wire-format/asn1-der or /wire-format/asn1-der.json

ASN.1 DER (Distinguished Encoding Rules) — canonical TLV

wire format

provenance

see also