BerValue - Linux


BerValue is a versatile command-line tool for extracting and manipulating BER (Basic Encoding Rules) values from DER (Distinguished Encoding Rules) or BER-encoded data. It enables efficient handling of complex data formats commonly found in cryptography, PKI, and network protocols.


bervalue [options] [input-file] [output-file]


  • -d, –decode: Decode BER-encoded data into plaintext.
  • -e, –encode: Encode plaintext into BER format.
  • -p, –print: Pretty-print the BER value in a human-readable format.
  • -t, –tag: Specify the BER tag of the value to be extracted.
  • -f, –force: Override error checks and continue processing.


Extract and print a certificate’s subjectAltName:

bervalue -d -t 0x0087 mycert.der

Encode a DNS name into a subjectAltName:

bervalue -e -t 0x0087

Convert a PEM certificate to BER format:

openssl x509 -in mycert.pem -outform DER | bervalue -e

Common Issues

  • Ensure the input data is correctly encoded in BER or DER format.
  • Use the -f flag to continue processing if minor errors occur.
  • Specify the BER tag accurately using the -t option.


Combine with OpenSSL:

openssl x509 -nameopt multiline,RFC2253 -in mycert.pem | bervalue -p

Use in scripts:

cert_der_file=$(bervalue -d -t 0x0087 mycert.der)
echo $cert_der_file | openssl x509 -subject -noout

Related Commands

  • OpenSSL: For managing certificates and keys.
  • ASN1Parser: For parsing and manipulating ASN.1 data.
  • DerWalker: For interactive BER/DER data exploration.