Lib.rs

CryptographySynta
#asn-1 #pem #der #x509 #asn1-der

app synta-tools

Command-line tools for inspecting and manipulating ASN.1 DER and PEM files

by Synta Contributors. Owned by Alexander Bokovoy.

11 releases

new 0.2.2 May 9, 2026
0.2.1 May 2, 2026
0.1.12 Apr 30, 2026

#1547 in Cryptography

MIT/Apache

6.5MB
46K SLoC

Rust 25K SLoC // 0.1% comments ASN.1 9K SLoC // 0.4% comments Python 9K SLoC // 0.4% comments Shell 2K SLoC // 0.2% comments RPM Specfile 211 SLoC // 0.0% comments

synta-tools

Table of Contents generated with DocToc

Command-line tools for inspecting and manipulating ASN.1 DER and PEM files.

Installation

cargo install --path .

Or run directly from the workspace:

cargo run -p synta-tools -- <command> [options]

Commands

cert

Inspect X.509 certificates and display human-readable information (similar to openssl x509 -noout -text).

Usage:

synta-tool cert <file> [options]

Options:

  • -v, --verbose - Show detailed information including extensions and signature value
  • -f, --format <FORMAT> - Output format: text (default) or json

Examples:

Inspect a certificate:

synta-tool cert certificate.pem

Show detailed information:

synta-tool cert certificate.pem --verbose

Output as JSON:

synta-tool cert certificate.pem --format json

Sample Output (text format):

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Test CA
        Validity
            Not Before: Jan  1 00:00:00 2023 GMT
            Not After : Jan  1 00:00:00 2024 GMT
        Subject: CN=Test CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                0A:1C:69:EF:...
            X509v3 Authority Key Identifier:
                keyid:0A:1C:69:EF:...
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        66:f3:75:...

Sample Output (JSON format):

{
  "version": 3,
  "serial_number": "01",
  "signature_algorithm": "sha256WithRSAEncryption",
  "issuer": "CN=Test CA",
  "not_before": "Jan  1 00:00:00 2023 GMT",
  "not_after": "Jan  1 00:00:00 2024 GMT",
  "subject": "CN=Test CA",
  "public_key_algorithm": "rsaEncryption",
  "public_key_bits": 2048
}

asn1parse

Parse and display ASN.1 structure similar to openssl asn1parse.

Usage:

synta-tool asn1parse [file] [options]

Omitting file or passing - reads from standard input.

Options:

  • -o, --offset <OFFSET> - Start parsing at byte offset (default: 0)
  • -m, --mode <MODE> - Output mode: text (default), openssl, or hex
  • -I, --inform <INFORM> - Input format: auto (default), pem, der, or hex

Examples:

Parse a PEM or DER file (format auto-detected):

synta-tool asn1parse certificate.pem
synta-tool asn1parse certificate.der

Parse starting at a specific byte offset:

synta-tool asn1parse data.der --offset 4

Parse hex-encoded bytes from stdin (continuous, space-, or colon-separated):

echo "3006020101020102" | synta-tool asn1parse --inform hex
echo "30 06 02 01 01 02 01 02" | synta-tool asn1parse --inform hex
echo "30:06:02:01:01:02:01:02" | synta-tool asn1parse --inform hex

Parse a hexdump with address offsets (hexdump, Wireshark, or xxd output):

# hexdump / Wireshark style (offset + 2+ spaces)
synta-tool asn1parse capture.txt --inform hex

# xxd style (colon after offset, space-separated pairs or 4-char groups)
xxd -g 1 data.bin | synta-tool asn1parse --inform hex
xxd data.bin | synta-tool asn1parse --inform hex

Round-trip: dump raw bytes as hex then re-parse:

synta-tool asn1parse certificate.pem --mode hex | synta-tool asn1parse --inform hex

OpenSSL-compatible output with byte offsets:

synta-tool asn1parse certificate.pem --mode openssl

Output Format:

The default text mode renders an indented tree. String types (UTF8String, PrintableString, IA5String, etc.) and OCTET STRING values that contain printable UTF-8 text show the decoded string followed by the raw content bytes in colon-separated hex:

SEQUENCE {
  SEQUENCE {
    [0] INTEGER 2
    SEQUENCE {
      OID 1.2.840.113549.1.1.11
      NULL
    }
    SEQUENCE {
      SET {
        SEQUENCE {
          OID 2.5.4.3
          UTF8String "Test CA" [54:65:73:74:20:43:41]
        }
      }
    }
  }
}

The openssl mode produces one line per element with byte offsets:

    0:d= 0 hl= 4 l= 853 cons: SEQUENCE
    4:d= 1 hl= 4 l= 573 cons: SEQUENCE
    8:d= 2 hl= 2 l=   3 cons: cont [ 0 ]
   10:d= 3 hl= 2 l=   1 prim: INTEGER           :02

The hex mode emits space-separated uppercase hex pairs, suitable as input to another asn1parse --inform hex invocation.

Future Commands

Additional commands planned:

  • csr - Certificate signing request inspection
  • crl - Certificate revocation list inspection
  • pkcs7 - PKCS#7 message inspection
  • pkcs12 - PKCS#12 keystore inspection
  • verify - Certificate chain verification

Development

Build the tool:

cargo build -p synta-tools

Run tests:

cargo test -p synta-tools

Run the tool in development:

cargo run -p synta-tools -- asn1parse <file>

Dependencies