Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@peculiar/asn1-schema
Advanced tools
@peculiar/asn1-schema is a JavaScript library for working with ASN.1 (Abstract Syntax Notation One) schemas. It provides tools for defining, encoding, and decoding ASN.1 data structures, which are commonly used in cryptographic protocols and data interchange formats.
Defining ASN.1 Schemas
This feature allows you to define ASN.1 schemas using decorators. The code sample demonstrates how to define a simple ASN.1 schema with an integer and a UTF-8 string.
const { AsnProp, AsnPropTypes, AsnType, AsnTypeTypes } = require('@peculiar/asn1-schema');
@AsnType({ type: AsnTypeTypes.Sequence })
class MySchema {
@AsnProp({ type: AsnPropTypes.Integer })
public id = 0;
@AsnProp({ type: AsnPropTypes.Utf8String })
public name = '';
}
const schema = new MySchema();
schema.id = 1;
schema.name = 'Example';
Encoding ASN.1 Data
This feature allows you to encode data according to the defined ASN.1 schema. The code sample shows how to serialize an instance of the schema into an ASN.1 encoded format.
const { AsnConvert } = require('@peculiar/asn1-schema');
const schema = new MySchema();
schema.id = 1;
schema.name = 'Example';
const encoded = AsnConvert.serialize(schema);
console.log(encoded);
Decoding ASN.1 Data
This feature allows you to decode ASN.1 encoded data back into the defined schema. The code sample demonstrates how to parse an ASN.1 encoded byte array into an instance of the schema.
const { AsnConvert } = require('@peculiar/asn1-schema');
const encoded = new Uint8Array([48, 10, 2, 1, 1, 12, 5, 69, 120, 97, 109, 112, 108, 101]);
const decoded = AsnConvert.parse(encoded, MySchema);
console.log(decoded);
asn1js is a JavaScript library for encoding and decoding ASN.1 data structures. It provides a low-level API for working with ASN.1, making it more flexible but also more complex compared to @peculiar/asn1-schema, which offers a higher-level, decorator-based approach.
asn1 is a library for encoding and decoding ASN.1 data structures in JavaScript. It is similar to node-asn1 but provides a more comprehensive set of features for working with ASN.1, though it lacks the decorator-based schema definition found in @peculiar/asn1-schema.
@peculiar/asn1-schema
This package uses ES2015 decorators to simplify working with ASN.1 creation and parsing.
Abstract Syntax Notation One (ASN.1) is a standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. Working with ASN.1 can be complicated as there are many ways to represent the same data and many solutions handcraft, incorrectly, the ASN.1 representation of the data.
asn1-schema
addresses this by using decorators to make both serialization and parsing of ASN.1 possible via a simple class that handles these problems for you.
This is important because validating input data before its use is important to do because all input data is evil.
Installation is handled via npm
:
$ npm install @peculiar/asn1-schema
Node.js:
ASN.1 schema
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL
}
ASN.1 schema declaration in TypeScript project
import { Asn1Prop, Asn1PropTypes, Asn1Serializer } from "@peculiar/asn1-schema";
class Extension {
public static CRITICAL = false;
@AsnProp({ type: Asn1PropTypes.ObjectIdentifier })
public extnID: string = "";
@AsnProp({
type: Asn1PropTypes.Boolean,
defaultValue: Extension.CRITICAL,
})
public critical = Extension.CRITICAL;
@AsnProp({ type: Asn1PropTypes.OctetString })
public extnValue: ArrayBuffer = new ArrayBuffer(0);
}
class BasicConstraints {
@AsnProp({ type: Asn1PropTypes.Boolean, defaultValue: false })
public ca = false;
@AsnProp({ type: Asn1PropTypes.Integer, optional: true })
public pathLenConstraint?: number;
}
Encoding ASN.1 data
const basicConstraints = new BasicConstraints();
basicConstraints.ca = true;
basicConstraints.pathLenConstraint = 1;
const extension = new Extension();
extension.critical = true;
extension.extnID = "2.5.29.19";
extension.extnValue = AsnSerializer.serialize(basicConstraints);
console.log(Buffer.from(AsnSerializer.serialize(extension)).toString("hex")); // 30120603551d130101ff040830060101ff020101
Decoding ASN.1 data
const extension = AsnParser.parse(Buffer.from("30120603551d130101ff040830060101ff020101", "hex"), Extension);
console.log("Extension ID:", extension.extnID); // Extension ID: 2.5.29.19
console.log("Critical:", extension.critical); // Critical: true
const basicConstraints = AsnParser.parse(extension.extnValue, BasicConstraints);
console.log("CA:", basicConstraints.ca); // CA: true
console.log("Path length:", basicConstraints.pathLenConstraint); // Path length: 1
FAQs
Decorators for ASN.1 schemas building
We found that @peculiar/asn1-schema demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.