+.. _features:
+
Features
========
-* BER/CER/DER decoding, DER encoding
+* BER/CER/DER decoding, strict DER validation, DER/CER encoding
* Basic ASN.1 data types (X.208): BOOLEAN, INTEGER, BIT STRING, OCTET
STRING, NULL, OBJECT IDENTIFIER, ENUMERATED, all strings, UTCTime,
GeneralizedTime, CHOICE, ANY, SEQUENCE (OF), SET (OF)
(un)marshall them
* Python 2.7/3.5/3.6 compatibility
* Aimed to be complaint with `X.690-201508 <https://www.itu.int/rec/T-REC-X.690-201508-I/en>`__
+* Streaming decoding and encoding capabilities, allowing working with
+ very small memory footprint
Why yet another library? `pyasn1 <http://snmplabs.com/pyasn1/>`__
had all of this a long time ago. PyDERASN resembles it in many ways. In
structures allow BER encoding for the whole message, except for
``SignedAttributes`` -- you can easily verify your CMS satisfies that
requirement
+* Ability to use mmap-ed files, memoryviews, iterators, 2-pass DER
+ encoding mode and CER encoder dealing with the writer, giving ability
+ to create huge ASN.1 encoded files with very little memory footprint
+* Ability to decode files in event generation mode, without the need to
+ keep all the data and decoded structures (that takes huge quantity of
+ memory in all known ASN.1 libraries) in the memory
+* ``__slots__``, ``copy.copy()`` friendliness
+* Workability with ``pickle``
+* `Cython <https://cython.org/>`__ compatibility
* Extensive and comprehensive
`hypothesis <https://hypothesis.readthedocs.io/en/master/>`__
driven tests coverage. It also has been fuzzed with
- `python-afl <http://jwilk.net/software/python-afl>`__.
+ `python-afl <http://jwilk.net/software/python-afl>`__
* Some kind of strong typing: SEQUENCEs require the exact **type** of
settable values, even when they are inherited (assigning ``Integer``
to the field with the type ``CMSVersion(Integer)`` is not allowed)
automatically set required tags)
* Descriptive errors, like ``pyderasn.DecodeError: UTCTime
(tbsCertificate:validity:notAfter:utcTime) (at 328) invalid UTCTime format``
-* ``__slots__`` friendliness
+* Could be significantly :ref:`faster <performance>` and have lower memory usage
* :ref:`Pretty printer <pprinting>` and
:ref:`command-line decoder <cmdline>`, that could
conveniently replace utilities like either ``dumpasn1`` or
``openssl asn1parse``
-* Could be significantly faster and have lower memory usage.
- For example parsing of CACert.org's CRL (8.48 MiB) on FreeBSD 12.0
- amd64, Intel Core i5-6200U 2.3 GHz machine, Python 3.5.5/2.7.15:
-
- .. list-table::
- :widths: 15 45 20 20
- :header-rows: 1
-
- * - Library
- - Command
- - Time, sec (Py3/Py2)
- - Memory used, MiB (Py3/Py2)
- * - pyasn1 0.4.5
- - ``der_decode(data, asn1Spec=rfc5280.CertificateList())``
- - 1257 / 1302
- - 1327 / 2093
- * - asn1crypto 0.24.0
- - ``asn1crypto.crl.CertificateList.load(data).native``
- - 29.3 / 43.8
- - 983 / 1677
- * - pyderasn 4.9
- - ``CertificateList().decode(data)`` (CertificateList is
- converted ``pyasn1`` scheme definition)
- - 27.6 / 32.5
- - 498 / 488
-There are drawbacks:
+ .. figure:: pprinting.png
+ :alt: Pretty printing example output
-* No old Python versions support
-* See :ref:`limitations <limitations>`
+ An example of pretty printed X.509 certificate with automatically
+ parsed DEFINED BY fields.