Features¶
BER/CER/DER decoding, strict DER validation, DER/CER encoding
Basic ASN.1 data types (X.208): BOOLEAN, INTEGER, BIT STRING, OCTET STRING, NULL, OBJECT IDENTIFIER, ENUMERATED, all strings, UTCTime, GeneralizedTime, CHOICE, ANY, SEQUENCE (OF), SET (OF)
Size constraints checking
Working with sequences as high level data objects with ability to (un)marshall them
Python 3.5+ compatibility (2.7 dropped in version 9.0)
Aimed to be complaint with X.690-201508
Streaming decoding and encoding capabilities, allowing working with very small memory footprint
Why yet another library? pyasn1
had all of this a long time ago. PyDERASN resembles it in many ways. In
practice it should be relatively easy to convert pyasn1
’s code to
pyderasn
’s one.
Also there is asn1crypto.
Small, simple and trying to be reviewable code. Just a single file
Ability to know exact decoded objects offsets and lengths inside the binary
Automatic decoding of DEFINED BY fields
Ability to know exact decoded field presence, emptiness: for example
SEQUENCE
can lackOPTIONAL SEQUENCE OF
field, but also can have it with no elements insideStrict DER-encoding checks. If whole input binary is parsed, then it must be completely valid DER-encoded structure
Ability to allow BER-encoded data with knowing if any of specified field has either DER or BER encoding (or possibly indefinite-length encoding). For example CMS structures allow BER encoding for the whole message, except for
SignedAttributes
– you can easily verify your CMS satisfies that requirementAbility to use mmap-ed files, memoryviews, iterators, 2-pass DER encoding mode and CER encoder dealing with the writer, giving ability to create huge ASN.1 encoded files with very little memory footprint
Ability to decode files in event generation mode, without the need to keep all the data and decoded structures (that takes huge quantity of memory in all known ASN.1 libraries) in the memory
__slots__
,copy.copy()
friendlinessWorkability with
pickle
Cython compatibility
Extensive and comprehensive hypothesis driven tests coverage. It also has been fuzzed with python-afl
Some kind of strong typing: SEQUENCEs require the exact type of settable values, even when they are inherited (assigning
Integer
to the field with the typeCMSVersion(Integer)
is not allowed)However they do not require exact tags matching: IMPLICIT/EXPLICIT tags will be set automatically in the given sequence (assigning of
CMSVersion()
object to the fieldCMSVersion(expl=...)
will automatically set required tags)Descriptive errors, like
pyderasn.DecodeError: UTCTime (tbsCertificate:validity:notAfter:utcTime) (at 328) invalid UTCTime format
Could be significantly faster and have lower memory usage
Pretty printer and command-line decoder, that could conveniently replace utilities like either
dumpasn1
oropenssl asn1parse