Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
asn1js is a pure JavaScript library implementing this standard. ASN.1 is the basis of all X.509 related data structures and numerous other protocols used on the web
asn1js is an npm package that provides tools for parsing and manipulating ASN.1 (Abstract Syntax Notation One) data. ASN.1 is a standard and notation that is used in telecommunications and computer networking for representing, encoding, transmitting, and decoding data.
Parsing ASN.1 encoded data
This feature allows you to parse ASN.1 encoded data. The code sample demonstrates how to use asn1js to parse a buffer containing ASN.1 encoded data.
const asn1js = require('asn1js');
const ArrayBuffer = require('pvutils').ArrayBuffer;
const buffer = new ArrayBuffer( /* some ASN.1 encoded buffer */ );
const asn1 = asn1js.fromBER(buffer);
console.log(asn1.result);
Creating ASN.1 structures
This feature enables the creation of ASN.1 structures such as integers. The code sample shows how to create an ASN.1 Integer object.
const asn1js = require('asn1js');
const Integer = asn1js.Integer;
const asn1Integer = new Integer({ value: 123 });
console.log(asn1Integer);
The 'asn1' package offers ASN.1 parsing and encoding functionalities similar to asn1js. It has a slightly different API and may be preferred in cases where integration with other Node.js specific libraries is required.
Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking. ASN1js is a pure JavaScript library implementing this standard. ASN.1 is the basis of all X.509 related data structures and numerous other protocols used on the web.
ASN1.js V2 (ES2015 version) is incompatible with ASN1.js V1 code.
ASN1js is the first library for BER encoding/decoding in Javascript designed for browser use. BER is the basic encoding rules for ASN.1 that all others are based on, DER is the encoding rules used by PKI applications - it is a subset of BER. The ASN1js library was tested against freely available ASN.1:2008 test suite, with some limitations related to JavaScript language.
var sequence = new asn1js.Sequence();
sequence.valueBlock.value.push(new asn1js.Integer({ value: 1 }));
var sequence_buffer = sequence.toBER(false); // Encode current sequence to BER (in ArrayBuffer)
var current_size = sequence_buffer.byteLength;
var integer_data = new ArrayBuffer(8);
var integer_view = new Uint8Array(integer_data);
integer_view[0] = 0x01;
integer_view[1] = 0x01;
integer_view[2] = 0x01;
integer_view[3] = 0x01;
integer_view[4] = 0x01;
integer_view[5] = 0x01;
integer_view[6] = 0x01;
integer_view[7] = 0x01;
sequence.valueBlock.value.push(new asn1js.Integer({
isHexOnly: true,
valueHex: integer_data,
})); // Put too long for decoding Integer value
sequence_buffer = sequence.toBER();
current_size = sequence_buffer.byteLength;
var sequence2 = new asn1js.Sequence({
value: [
new asn1js.Integer({ value: 1 }),
new asn1js.Integer({
isHexOnly: true,
valueHex: integer_data
}),
]
});
var asn1_schema = new asn1js.Sequence({
name: "block1",
value: [
new asn1js.Null({
name: "block2"
}),
new asn1js.Integer({
name: "block3",
optional: true // This block is absent inside data, but it's "optional". Hence verification against the schema will be passed.
})
]
});
var variant1 = org.pkijs.verifySchema(encoded_sequence, asn1_schema); // Verify schema together with decoding of raw data
var variant1_verified = variant1.verified;
var variant1_result = variant1.result; // Verified decoded data with all block names inside
var primitive_octetstring = new asn1js.OctetString({ valueHex: encoded_sequence }); // Create a primitively encoded OctetString where internal data is an encoded Sequence
var asn1_schema_internal = new asn1js.OctetString({
name: "outer_block",
primitiveSchema: new asn1js.Sequence({
name: "block1",
value: [
new asn1js.Null({
name: "block2"
})
]
})
});
var variant6 = org.pkijs.compareSchema(primitive_octetstring, primitive_octetstring, asn1_schema_internal);
var variant6_verified = variant4.verified;
var variant6_block1_tag_num = variant6.result.block1.idBlock.tagNumber;
var variant6_block2_tag_num = variant6.result.block2.idBlock.tagNumber;
More examples could be found in "examples" directory or inside PKIjs library.
There are several commercial products, enterprise solutions as well as open source project based on versions of ASN1js. You should, however, do your own code and security review before utilization in a production application before utilizing any open source library to ensure it will meet your needs.
Copyright (c) 2014, GMO GlobalSign Copyright (c) 2015-2022, Peculiar Ventures All rights reserved.
Author 2014-2018, Yury Strozhevsky.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
asn1js is a pure JavaScript library implementing this standard. ASN.1 is the basis of all X.509 related data structures and numerous other protocols used on the web
The npm package asn1js receives a total of 2,399,070 weekly downloads. As such, asn1js popularity was classified as popular.
We found that asn1js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.