tessl/pypi-asn1crypto
Fast ASN.1 parser and serializer with definitions for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8, PKCS#12, PKCS#5, X.509 and TSP
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-asn1crypto@1.5.0index.mddocs/
ASN1Crypto
A fast, pure Python library for parsing and serializing ASN.1 structures with comprehensive support for cryptographic standards. ASN1Crypto provides a pythonic API for handling X.509 certificates, private keys, CRLs, OCSP, CMS, PKCS standards, and other cryptographic ASN.1 structures without requiring any C extensions.
Package Information
- Package Name: asn1crypto
- Language: Python
- Installation:
pip install asn1crypto - License: MIT
- Python Support: 2.6, 2.7, 3.2-3.10, PyPy
Core Imports
import asn1cryptoFor specific functionality:
from asn1crypto import core, x509, keys, cms, pemCommon pattern for loading encoded data:
from asn1crypto.x509 import Certificate
from asn1crypto.keys import PrivateKeyInfoBasic Usage
import asn1crypto.x509
import asn1crypto.keys
import asn1crypto.pem
# Load a PEM-encoded certificate
with open('cert.pem', 'rb') as f:
cert_pem = f.read()
# Convert PEM to DER
if asn1crypto.pem.detect(cert_pem):
_, _, cert_der = asn1crypto.pem.unarmor(cert_pem)
else:
cert_der = cert_pem
# Parse the certificate
cert = asn1crypto.x509.Certificate.load(cert_der)
# Access certificate information
print(f"Subject: {cert.subject.human_friendly}")
print(f"Issuer: {cert.issuer.human_friendly}")
print(f"Serial Number: {cert.serial_number}")
print(f"Valid From: {cert.not_valid_before}")
print(f"Valid Until: {cert.not_valid_after}")
# Load and parse a private key
with open('key.pem', 'rb') as f:
key_pem = f.read()
_, _, key_der = asn1crypto.pem.unarmor(key_pem)
private_key = asn1crypto.keys.PrivateKeyInfo.load(key_der)
print(f"Key Algorithm: {private_key.algorithm}")
print(f"Key Size: {private_key.bit_size}")Architecture
ASN1Crypto follows a layered architecture built around the ASN.1 standard:
- Core Layer: Universal ASN.1 types (
Sequence,OctetString,Integer, etc.) providing the foundation for all ASN.1 structures - Algorithm Layer: Cryptographic algorithm identifiers and parameters for various standards (RSA, DSA, ECDSA, etc.)
- Key Layer: Public and private key structures supporting multiple algorithms and encodings
- Certificate Layer: X.509 certificate structures with comprehensive extension support
- Message Layer: High-level cryptographic message formats (CMS, PKCS#7, PKCS#12, TSP)
- Utility Layer: PEM encoding/decoding, parsing utilities, and cross-platform compatibility helpers
This design enables efficient parsing through lazy loading, delayed parsing, and preservation of original encoded data for performance optimization, especially with large cryptographic structures.
Capabilities
Core ASN.1 Types and Parsing
Universal ASN.1 data types and low-level parsing functionality. Includes primitive types (Boolean, Integer, OctetString), container types (Sequence, Set, Choice), string types, and time types. Provides the foundation for all higher-level cryptographic structures.
class Asn1Value:
@classmethod
def load(cls, encoded_data, strict=False): ...
def dump(self, force=False): ...
@property
def native(self): ...
def load(encoded_data, strict=False): ...Cryptographic Algorithms
Algorithm identifier structures and parameters for cryptographic operations. Covers digest algorithms (MD5, SHA family), signature algorithms (RSA, DSA, ECDSA), encryption algorithms, key derivation functions, and MAC algorithms with their associated parameters.
class AlgorithmIdentifier(core.Sequence): ...
class DigestAlgorithm(core.Choice): ...
class SignedDigestAlgorithm(core.Choice): ...
class EncryptionAlgorithm(core.Choice): ...Keys and X.509 Certificates
Public and private key structures for RSA, DSA, and elliptic curve algorithms, along with comprehensive X.509 certificate support. Includes certificate parsing, validation helpers, distinguished names, and extensive certificate extension support.
class Certificate(core.Sequence): ...
class PublicKeyInfo(core.Sequence): ...
class PrivateKeyInfo(core.Sequence): ...
class Name(core.Sequence): ...Certificate Infrastructure
Certificate revocation lists (CRLs), Online Certificate Status Protocol (OCSP) structures, and Certificate Signing Requests (CSRs). Essential components for PKI certificate lifecycle management and validation.
class CertificateList(core.Sequence): ...
class OCSPRequest(core.Sequence): ...
class OCSPResponse(core.Sequence): ...
class CertificationRequest(core.Sequence): ...Cryptographic Message Formats
High-level cryptographic message formats including CMS/PKCS#7 (signed data, enveloped data, etc.), PKCS#12 key/certificate storage, Time Stamp Protocol (TSP), and PDF signature structures for comprehensive cryptographic messaging support.
class ContentInfo(core.Sequence): ...
class SignedData(core.Sequence): ...
class EnvelopedData(core.Sequence): ...
class Pfx(core.Sequence): ...
class TimeStampReq(core.Sequence): ...Utilities and Helpers
PEM encoding/decoding, low-level parsing utilities, cross-platform compatibility helpers, and version information. Includes functions for integer/byte conversion, network address handling, and timezone support.
def detect(byte_string): ...
def armor(type_name, der_bytes, headers=None): ...
def unarmor(pem_bytes, multiple=False): ...
def parse(contents, strict=False): ...Common Patterns
Loading and Parsing Data
All ASN.1 structures follow a consistent loading pattern:
from asn1crypto.x509 import Certificate
# Load from DER-encoded bytes
cert = Certificate.load(der_bytes)
# Access parsed data via .native property
cert_data = cert.native
# Access original encoded data via .dump()
original_der = cert.dump()PEM Handling
Standard pattern for handling PEM-encoded data:
from asn1crypto import pem
# Detect PEM format
if pem.detect(data):
type_name, headers, der_bytes = pem.unarmor(data)
else:
der_bytes = data
# Convert DER back to PEM
pem_bytes = pem.armor('CERTIFICATE', der_bytes)Error Handling
The library uses specific exception types for different error conditions:
ValueError: Invalid ASN.1 structure or encodingTypeError: Incorrect parameter typesOSError: File I/O related errors (when applicable)
Type Definitions
class Asn1Value:
"""Base class for all ASN.1 values"""
def __init__(self, value=None, default=None): ...
@classmethod
def load(cls, encoded_data, strict=False): ...
def copy(self): ...
def retag(self, tagging, tag=None): ...
def untag(self): ...
def debug(self, nest_level=1): ...
def dump(self, force=False): ...
def cast(self, other_class): ...
@property
def native(self): ...
@property
def parsed(self): ...