You can decode DER/BER files using command line abilities and get the
same picture as above by executing::
- % python -m pyderasn --schema tests.test_crts:Certificate path/to/file
+ $ python -m pyderasn --schema tests.test_crts:Certificate path/to/file
If there is no schema for you file, then you can try parsing it without,
but of course IMPLICIT tags will often make it impossible. But result is
good enough for the certificate above::
- % python -m pyderasn path/to/file
+ $ python -m pyderasn path/to/file
0 [1,3,1604] . >: SEQUENCE OF
4 [1,3,1453] . . >: SEQUENCE OF
8 [0,0, 5] . . . . >: [0] ANY
then you can pass it to pretty printer to see human readable OIDs::
- % python -m pyderasn --oids tests.test_crts:some_oids path/to/file
+ $ python -m pyderasn --oids tests.test_crts:some_oids path/to/file
[...]
37 [1,1, 11] . . . . . . >: SET OF
39 [1,1, 9] . . . . . . . . >: SEQUENCE OF
unique path inside the whole ASN.1 tree. You can print it out with
``--print-decode-path`` option::
- % python -m pyderasn --schema path.to:Certificate --print-decode-path path/to/file
+ $ python -m pyderasn --schema path.to:Certificate --print-decode-path path/to/file
0 [1,3,1604] Certificate SEQUENCE []
4 [1,3,1453] . tbsCertificate: TBSCertificate SEQUENCE [tbsCertificate]
10-2 [1,1, 1] . . version: [0] EXPLICIT Version INTEGER v3 OPTIONAL [tbsCertificate:version]
Now you can print only the specified tree, for example signature algorithm::
- % python -m pyderasn --schema path.to:Certificate --decode-path-only tbsCertificate:signature path/to/file
+ $ python -m pyderasn --schema path.to:Certificate --decode-path-only tbsCertificate:signature path/to/file
18 [1,1, 13] AlgorithmIdentifier SEQUENCE
20 [1,1, 9] . algorithm: OBJECT IDENTIFIER 1.2.840.113549.1.1.5
31 [0,0, 2] . parameters: [UNIV 5] ANY OPTIONAL
If you have bad DER/BER, then errors will show you where error occurred::
- % python -m pyderasn --schema tests.test_crts:Certificate path/to/bad/file
+ $ python -m pyderasn --schema tests.test_crts:Certificate path/to/bad/file
Traceback (most recent call last):
[...]
pyderasn.DecodeError: UTCTime (tbsCertificate:validity:notAfter:utcTime) (at 328) invalid UTCTime format
::
- % python -m pyderasn path/to/bad/file
+ $ python -m pyderasn path/to/bad/file
[...]
pyderasn.DecodeError: UTCTime (0:SequenceOf:4:SequenceOf:1:UTCTime) (at 328) invalid UTCTime format
Preferable way is to :ref:`download <download>` tarball with the
signature from `official website <http://pyderasn.cypherpunks.ru/>`__::
- % wget http://pyderasn.cypherpunks.ru/pyderasn-3.13.tar.xz
- % wget http://pyderasn.cypherpunks.ru/pyderasn-3.13.tar.xz.sig
- % gpg --verify pyderasn-3.13.tar.xz.sig pyderasn-3.13.tar.xz
- % xz -d < pyderasn-3.13.tar.xz | tar xf -
- % cd pyderasn-3.13
- % python setup.py install
+ $ wget http://pyderasn.cypherpunks.ru/pyderasn-3.13.tar.xz
+ $ wget http://pyderasn.cypherpunks.ru/pyderasn-3.13.tar.xz.sig
+ $ gpg --verify pyderasn-3.13.tar.xz.sig pyderasn-3.13.tar.xz
+ $ xz -d < pyderasn-3.13.tar.xz | tar xf -
+ $ cd pyderasn-3.13
+ $ python setup.py install
# or copy pyderasn.py (+six.py, possibly termcolor.py) to your PYTHONPATH
PyDERASN depends on `six <https://pypi.org/project/six/>`__ package
You could use PIP (**no** authentication is performed!)::
- % pip install pyderasn
+ $ pip install pyderasn
You have to verify downloaded tarballs integrity and authenticity to be
sure that you retrieved trusted and untampered software. `GNU Privacy
2ED6 C846 3051 02DF 5B4E 0383 04A9 33D1 BA20 327A
uid PyDERASN releases <pyderasn@cypherpunks.ru>
- % gpg --auto-key-locate dane --locate-keys pyderasn at cypherpunks dot ru
- % gpg --auto-key-locate wkd --locate-keys pyderasn at cypherpunks dot ru
+ $ gpg --auto-key-locate dane --locate-keys pyderasn at cypherpunks dot ru
+ $ gpg --auto-key-locate wkd --locate-keys pyderasn at cypherpunks dot ru
.. literalinclude:: ../PUBKEY.asc