CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-lapo--asn1js

Generic ASN.1 parser/decoder that can decode any valid ASN.1 DER or BER structures.

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

cli-usage.mddocs/

CLI Usage

Command-line tool for dumping and analyzing ASN.1 structures from files or data URIs with colored output and RFC definition matching.

Capabilities

Command Line Interface

The dumpASN1 command provides a powerful CLI tool for analyzing ASN.1 structures with colored terminal output and automatic definition matching.

# Install and use via npx (recommended)
npx @lapo/asn1js <filename|data-uri>

# If installed globally
dumpASN1 <filename|data-uri>

# Local execution (if you have the source)
./dumpASN1.js <filename|data-uri>

Usage Examples:

# Analyze a certificate file
npx @lapo/asn1js certificate.crt

# Analyze a private key
npx @lapo/asn1js private-key.der

# Analyze from data URI
npx @lapo/asn1js "data:base64,MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA..."

# Analyze PEM file
npx @lapo/asn1js server.pem

# Analyze any binary ASN.1 file
npx @lapo/asn1js structure.asn1

Input Format Support

The CLI tool automatically detects and handles multiple input formats:

  • Binary files: Raw ASN.1 DER/BER encoded files
  • PEM files: Files with -----BEGIN ... -----END armoring
  • Data URIs: data:base64,<base64-data> format for inline data
  • Base64 files: Files containing raw base64 encoded ASN.1 data
# Examples of different file types it can handle
npx @lapo/asn1js certificate.crt     # X.509 certificate
npx @lapo/asn1js private.key         # Private key file
npx @lapo/asn1js public.pem          # PEM-encoded public key
npx @lapo/asn1js csr.der             # Certificate signing request
npx @lapo/asn1js ca-bundle.pem       # Certificate bundle
npx @lapo/asn1js timestamp.tsr       # Timestamp response
npx @lapo/asn1js signed.p7s          # PKCS#7 signed data

Output Features

The CLI tool provides rich formatted output with the following features:

Colored Terminal Output

  • Type names: Highlighted in yellow for easy identification
  • Element names: Definition names in blue when matched against RFC definitions
  • Position markers: Shows byte positions for debugging
  • Content preview: Formatted content display with proper encoding

Structure Analysis

  • Hierarchical display: Indented tree structure showing ASN.1 nesting
  • Position information: Byte offsets for each element (@position+length)
  • Construction indicators: Shows whether elements are constructed or primitive
  • Encapsulation detection: Identifies when OCTET_STRING or BIT_STRING contain nested ASN.1

RFC Definition Matching

  • Automatic matching: Attempts to match structures against known RFC definitions
  • Common structure recognition: Identifies certificates, keys, signatures, etc.
  • Definition names: Shows standardized names for recognized structures
  • Confidence scoring: Indicates how well the structure matches known patterns

Example Output

$ npx @lapo/asn1js certificate.crt

SEQUENCE @0+1234 (constructed)
  SEQUENCE @4+954 (constructed): tbsCertificate
    [0] @8+3 (constructed): version
      INTEGER @10+1: 2
    INTEGER @13+20: serialNumber
      01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67
    SEQUENCE @35+13 (constructed): signature
      OBJECT_IDENTIFIER @37+9: 1.2.840.113549.1.1.11 | sha256WithRSAEncryption
      NULL @48+0
    SEQUENCE @50+156 (constructed): issuer
      SET @52+31 (constructed)
        SEQUENCE @54+29 (constructed)
          OBJECT_IDENTIFIER @56+3: 2.5.4.6 | countryName
          PrintableString @61+2: US
      SET @85+45 (constructed)
        SEQUENCE @87+43 (constructed)
          OBJECT_IDENTIFIER @89+3: 2.5.4.10 | organizationName
          UTF8String @94+36: Example Organization
    ...
  SEQUENCE @960+13 (constructed): signatureAlgorithm  
    OBJECT_IDENTIFIER @962+9: 1.2.840.113549.1.1.11 | sha256WithRSAEncryption
    NULL @973+0
  BIT_STRING @975+257 (encapsulates): signatureValue
    00:A1:B2:C3:D4:E5:F6:07:18:29:3A:4B:5C:6D:7E:8F:90:...

Advanced Usage Patterns

Processing Multiple Files

# Process multiple certificates
find /etc/ssl/certs -name "*.pem" -exec npx @lapo/asn1js {} \;

# Compare two certificates
npx @lapo/asn1js cert1.pem > cert1.dump
npx @lapo/asn1js cert2.pem > cert2.dump
diff cert1.dump cert2.dump

Integration with Other Tools

# Extract certificate from TLS connection and analyze
echo | openssl s_client -connect example.com:443 2>/dev/null | \
  openssl x509 -outform DER | \
  base64 | \
  xargs -I {} npx @lapo/asn1js "data:base64,{}"

# Analyze certificate chain
openssl s_client -connect example.com:443 -showcerts 2>/dev/null | \
  awk '/BEGIN CERT/,/END CERT/' | \
  npx @lapo/asn1js

# Create and analyze a CSR
openssl req -new -key private.key -out request.csr -subj "/CN=example.com"
npx @lapo/asn1js request.csr

Error Handling and Debugging

The CLI tool provides detailed error messages for common issues:

# File not found
$ npx @lapo/asn1js nonexistent.crt
Error: Cannot read file 'nonexistent.crt'

# Invalid ASN.1 structure
$ npx @lapo/asn1js invalid.txt
Error: Invalid ASN.1 structure at position 0

# Corrupted data
$ npx @lapo/asn1js corrupted.der
Error: Container at offset 45 has a length of 1000, which is past the end of the stream

Output Redirection and Processing

# Save analysis to file
npx @lapo/asn1js certificate.crt > analysis.txt

# Extract specific information using grep
npx @lapo/asn1js certificate.crt | grep "OBJECT_IDENTIFIER"

# Count different ASN.1 types
npx @lapo/asn1js certificate.crt | grep -o '\w\+String\|INTEGER\|SEQUENCE\|SET' | sort | uniq -c

# Find all OIDs in a structure
npx @lapo/asn1js certificate.crt | grep "OBJECT_IDENTIFIER" | cut -d: -f2 | cut -d'|' -f1

Performance Considerations

The CLI tool is optimized for:

  • Large files: Efficiently handles large ASN.1 structures (multi-MB certificate bundles)
  • Memory usage: Uses streaming approach to minimize memory footprint
  • Speed: Fast parsing and analysis even for complex nested structures
# Analyze large certificate bundle
npx @lapo/asn1js ca-bundle.pem  # Works efficiently even with 100+ certificates

# Process very large ASN.1 file
npx @lapo/asn1js large-structure.der  # Handles files up to several MB

Integration Examples

Shell Scripts

#!/bin/bash
# Certificate validation script
CERT_FILE="$1"

if [ ! -f "$CERT_FILE" ]; then
  echo "Certificate file not found: $CERT_FILE"
  exit 1
fi

echo "Analyzing certificate: $CERT_FILE"
npx @lapo/asn1js "$CERT_FILE"

# Extract subject name
SUBJECT=$(npx @lapo/asn1js "$CERT_FILE" | grep -A5 "subject" | grep "UTF8String\|PrintableString" | head -1)
echo "Subject: $SUBJECT"

Python Integration

import subprocess
import sys

def analyze_asn1(file_path):
    """Analyze ASN.1 file using @lapo/asn1js CLI tool"""
    try:
        result = subprocess.run(
            ['npx', '@lapo/asn1js', file_path],
            capture_output=True,
            text=True,
            check=True
        )
        return result.stdout
    except subprocess.CalledProcessError as e:
        return f"Error: {e.stderr}"

# Usage
analysis = analyze_asn1('certificate.crt')
print(analysis)

docs

cli-usage.md

core-parsing.md

dom-visualization.md

format-support.md

index.md

stream-processing.md

tile.json