Implementing ASN.1 types in Python
Abstract Syntax Notation One
is a well established and heavily used technology for storing and
exchanging structured data between programs and systems.
Many Internet, encryption and telephony protocols define their operations
in ASN.1 terms.
The pyasn1 library makes it easier for programmers and network engineers
to develop, debug and experiment with ASN.1-based protocols using Python
programming language as a tool.
ASN.1 is a set of
ITU standards concered with provisioning instrumentation for developing
data exchange protocols in a robust, clear and interoperabable way for
various IT systems and applications. Most of the efforts are targeting the
- Data structures: the standard introduces a collection of basic data types
(similar to integers, bits, strings, arrays and records in a programming
language) that can be used for defining complex, possibly nested data
structures representing domain-specific data units.
- Serialization protocols: domain-specific data units expressed in ASN.1
types could be converted into a series of octets for storage or transmission
over the wire and then recovered back into their structured form on the
receiving end. This process is immune to various hardware and software
- Data description language: could be used to describe particular set of
domain-specific data structures and their relationships. Such a description
could be passed to an ASN.1 compiler for automated generation of program
code that represents ASN.1 data structures in language-native environment
and handles data serialization issues.
The algorithms implemented in the pyasn1 library are
largely based on the information read in the book
ASN.1 - Communication between heterogeneous systems
by Olivier Dubuisson. Another relevant resource is
A Layman's Guide to a Subset of ASN.1, BER, and DER by Burton S. Kaliski.
It's advised to refer to these books for more in-depth knowledge on the
subject of ASN.1.
As of this writing, pyasn1 library implements most of the standard ASN.1 data
structures in a rather detailed and feature-rich manner. Another highly
important capability of the library is its data serialization facilities.
There's a tool called
which is an ASN.1 grammar parser paired to code generator capable of
generating pyasn1 code. So this is an alternative (or at least a good start)
to manual implementation of pyasn1 classes from ASN.1 specification.
The pyasn1 library was designed to follow the pre-1995 ASN.1 specification
(also known as X.208). Later, post 1995, revision (X.680) introduced
significant changes most of which have not yet been supported by pyasn1.
Although pyasn1 software is almost a decade old and used in many production
environments, it still may have bugs and non-implemented pieces. Anyone
who happens to run into such defect is welcome to complain to
pyasn1 mailing list
or better yet fix the issue and send
me the patch.
Typically, pyasn1 is used for building arbitrary protocol support into
various applications. This involves manual translation of ASN.1 data
structures into their pyasn1 implementations. To save time and effort,
data structures for some of the popular protocols are pre-programmed
and kept for further re-use in form of the
pyasn1-modules package. For instance, many structures for PKI (X.509,
PKCS#*, CRMF, OCSP), LDAP and SNMP are present.
Applications authors are advised to import and use relevant modules
from that package whenever needed protocol structures are already
there. New protocol modules contributions are welcome.
Both pyasn1 and pyasn1-modules libraries can be used out-of-the-box
with Python versions 2.4 through 3.3. In other words, pyasn1 is Py3K
compliant since release 0.1.1.
And finally, the latest pyasn1 package revision is freely available for
Need help? Try PyASN1 mailing lists or report to current maintainer.