Revisiting GUIDs, Octets and Base64

December 2, 2012

After re-reading my earlier post on this subject I decided I could be clearer.

GUIDs are often used in three different formats:

Representation

Example

Canonical form

8c4ac332-975f-4717-ad7b-ba4a4e968fff

Octet String

32c34a8c5f971747ad7bba4a4e968fff

Base64 Encoded

MsNKjF+XF0ete7pKTpaP/w==

Representation

Comment

Used in

Canonical form

This format stems from the way GUIDs (UUIDs) are generated. Each dash separating the various components. In version one of the UUID specification, the first the last component was the MAC address of the computer that generated the GUID.

Most places

Octet String

This shows the GUID in little Endian order. In essence the first three groups had their bytes listed in reversed order and the dashes removed. The last two groups did not get switched.
So the 8c4ac332 became 32c34a8c, the 975f became 5f97
and 4717 became 1747. The last two components remained the same.

ADSI Edit when changing certain attributes like attributeSecurityGUID which is used for assigning permissions to attributes

Base64 Encoded

This is the Base64 encoding of the OctetString and is the most compact of the three forms (Depending on the Padding, GUIDs in BASE64 are 22 to 24 characters in length)

LDIF files for all GUID attributes (at least all of them that I recall)

PowerShell Code Snippets

To Generate a new GUID (with a new random number)

Code:

[system.guid]::newguid()

Output (you out should vary. If it doesn’t call me and we can explore other mathematical improbabilities together, like the winning lottery numbers – actually I don’t play and neither should you):

8c4ac332-975f-4717-ad7b-ba4a4e968fff

To Convert from the canonical form to Octet String (for ADSI Edit for some attributes)

Code (put your GUID inside the parenthesis replacing mine):

[System.String]::Join('',(( new-object system.guid(‘8c4ac332-975f-4717-ad7b-ba4a4e968fff’) ).ToByteArray() | ForEach-Object { $_.ToString(‘x2’) } ) )

Output:

32c34a8c5f971747ad7bba4a4e968fff

To Convert from the canonical form to Base64 Encoded (for use in LDIF files)

Code:

[System.Convert]::ToBase64String((new-Object system.Guid(“8c4ac332-975f-4717-ad7b-ba4a4e968fff”)).ToByteArray())

Output

MsNKjF+XF0ete7pKTpaP/w==

To Convert from Base64 Encoded to Canonical form

Code:

new-Object -TypeName System.Guid -ArgumentList(, ( ([System.Convert]::FromBase64String(“MsNKjF+XF0ete7pKTpaP/w==")) ) )

Output

8c4ac332-975f-4717-ad7b-ba4a4e968fff

FYI – I chose to express all of these in PowerShell as opposed to C# as many readers are not C# developers and I still wanted to give all the ability to do these transforms without the complexity of compiling code or downloading an executable.

Thanks to John Geitzen whose reply to someone else’s question helped me see how to make the correct call to be able to pass the array as a whole parameter to the guid constructor instead of it getting splatted.

Thanks to Poshololic whose comment on this post showed how to do the Guid to Octet conversion in one line. 

http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices