lapo-luchini / asn1js Goto Github PK

Hello,

I'm currently using asn1js as a dependency in my React application and I'm using the built in Jest test runner. Whenever I go to to test anything to do with my certificate library I encounter an error as follows:

({"Object.<anonymous>":function(module,exports,require,__dirname,__filename,global,jest){import * as asn1js from "asn1js";
                                                                                                   ^

   SyntaxError: Unexpected token *

My understanding is if this dependency was to also serve a commonJS build then I should be able to test my code with this dependency present.

I have the following certificate request created with openssl:

MIIBAzCBtgIBADAnMQswCQYDVQQGEwJERTEYMBYGA1UEAwwPd3d3LmV4YW1wbGUu
Y29tMCowBQYDK2VwAyEAcllrcQXoRcjBidHaFC3uNnhZtOJPNPQs8H3nfHaA+fug
XDBaBgkqhkiG9w0BCQ4xTTBLMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggrBgEF
BQcDATAnBgNVHREEIDAegg93d3cuZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tMAUG
AytlcANBAIfPNSY30eAFPGQ5D2mHju/zXlwiykw8rq7CngGzAL6WpvGPp/Qaz3yl
mNGRW6uAswvSaH1Zbeus3pSmnFwvqQ4=

I get the error TypeError: Cannot use 'in' operator to search for 'optional' in T when the box 'with definitions' is ticked.

This is not a bug issue but a discussion thread regarding the readability of dumpASN1.js

Remark: If you want to want to execute the dumpASN1.js first run the updateRFC.sh to create the required config files.

In general it is much more readable than the asn1parse from openssl ;)

I'm not sure about the purpose of the dump functionality, but I expect it should be used to get information about the content of the ASN1 data.
Thus I would not include to much technical information. I would remove the following data (or maybe would hide them by default and only show them in a "detailed" mode:

• The pos ans size information "@97+30"
  • The position is already part of the indention and it is related to the byte structure which is not visible at all
  • The size is somehow confusing, too. As the values are formated like "2020-09-02 13:25:26 UTC"
• Constructed and Encapsulated
  • This has not been important in the last 15 years for me. I never missed this information in the UI version.
  • Maybe the could be represented by different colors
• Amount of elements
  • Is already represented as part of the indention
  • Maybe in a darker color?
• More clear separator between value and explanation
  • It's kind of difficult to differentiate between the value and label
  • Example: algorithm OBJECT_IDENTIFIER @315+3: 1.3.101.112|curveEd25519|EdDSA 25519 signature algorithm
  • I would prefer something like: algorithm OBJECT_IDENTIFIER: 1.3.101.112 (curveEd25519 | EdDSA 25519 signature algorithm)
  • The label could be in a darker color, too

I'm trying to decode this hex string "0202FFFF". It must be INTEGER: -1, but I've got an error.

I just stumbled upon the valid DER-encoded file which hangs asn1js decoder: cnnv4_cb3.der.zip.

I'm not sure what exactly happens, but this file causes asn1js to enter an infinite loop.

I checked the validity of this file and even parsed it using openssl asn1parse -inform DER: parsed.txt.

I'm trying to use this to locate the 1.2.840.113549.1.1.1 (RSA encryption hash)... If I only use the asn1.js, what is the best way to find the OID?

I don't think going in and comparing the hexDump or parseOctetString is the way to go...?

parsed.sub[0].stream.hexDump(4,15)
"06 09 2A 86 48 86 F7 0D 01 07 02 "
parsed.sub[0].stream.parseOctetString(4,15)
"(11 byte)
06092A864886F70D010702"

Is there any documentation for this library?

Ciao Lapo,

Just noticed that your lapo.it domain registration expired. ... just in case it was not intended.

Kind regards
Dan

Hi there,

Are you able to add support for displaying the integer values for enumerations on the ASN1 tree viewer.

It is commented out at the moment but replicating what you do for integers would work nicely.

    case 0x0A: // ENUMERATED
        return this.stream.parseInteger(content, content + len);

Thanks

Calum

RFC 3548 - defines additional alphabet for url and file safe encoding where - substitutes + and _ substitutes /. This is minor change that improves site usability much!

My APDU response include some special UTF characters like (ş,ü,ğ), but when I try
ASN1.decode(Hex.decode("apduhexstring")).sub[0].content();
The parsed value remains string which has UTF characters.
The parseOctetString has the following snippet that only extracts ASCII characters in asn1.js file:

if (this.isASCII(start, end)) return stringCut(this.parseStringISO(start, end), maxLength);

in isASCII it controls only ASCII character range
Stream.prototype.isASCII = function (start, end) { ... if (c < 32 || c > 176) return false;
Can we get the UTF strings from ASN1 decoded values?

Thanks.

I'm using your tool on a daily base. Many thanks for your efforts.

As most of my tools support dark mode, the asn1js page doesn't integrate well.
Thus I have create a dark mode version of your page in my fork (https://github.com/olibu/asn1js/tree/feature/darkmode)

If you like, I would send you a pull request.

I tried to keep the changes of the original files as small as possible.

I'm trying to decode HEX string via your Web application

30820122300D06092A864886F70D01010105000382010F003082010A0282010100B77D41B8B39F2CD2881F44E22878E1D5F621D8D591F73B790AA61BFB7B0E8C2CE4F
43A8C6F5D97273DE644E86D1C24E6F01F129C31D97DBD4238D3DDE218BF1FEB59C26A1571F46325D47964DA5EB7ADDC9D32DF3402A1DF5F0921A52E51B8CA4A8FA139
F17136065270A7B5BBA155A4DBB871D79768C90445D25FBA72A76FD690625914F18E9411538B8EF97736B387EC36B83E3689F935C45F64D56B5A794F3764C017815DD
C6A85AA1FDE6371D05C2196CA6771A7D836CEB534609B312EF58E25846BA9B028C7E246BF0965543837C8A30447D2D985F704B5B05A36C851570BDC91E21930405D82
BE0847CE4F1020B28F5C6F72CFE61D5D2C6A90435ED9F10203010001

My HEX string has new lines. When I click on Decode button I've got wrong decoded message

but must be

Taking this relatively straightforward password-protected message from openssl cms:

MIHYBgkqhkiG9w0BBwOggcowgccCAQMxgYOjgYACAQCgGwYJKoZIhvcNAQUMMA4E
CGG3gz/siGhzAgIIADAsBgsqhkiG9w0BCRADCTAdBglghkgBZQMEASoEEDbLqeP8
73zphgHJgA6f3ZUEMPp59XJmIxS+/q8gDtWlN4O6fau6KzHfzytpw31/mSErsnEl
6OySZvERFzJhRIbmFzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCqMLOussRf
WJ4gE7JLtyI3gBDT03wv8+XfRnIPR5Cqelui

The site totally misinterprets it, trying to parse each element of the PasswordRecipientInfo (which is mis-identified as a generic RecipientInfo) as its own recipient:

In the output of the PKCS #7 BER example, there are 2 "Inizio contenuto" for the OCTET STRING at offset 52. My understanding is that the 1st one should be omitted because that line is for the whole string, and without the ending "Fine contenuto" (which is omitted) the starting "Inizio contenuto" looks confusing.

The length should be 0x0d instead of 0x0c.

Hi,

The type of keyword returns a string. The check at the bottom of oids.js does an identity check as well as an equality check. Subsequently this check is not handled appropriately and therefore segmentation faults.

The below git diff patches this problem.

Thanks.

Calum

diff --git a/oids.js b/oids.js
index bf10bf9..2eb4777 100644
--- a/oids.js
+++ b/oids.js
@@ -2318,4 +2318,4 @@ var oids = {
"2.16.840.1.114171.500.9": { "d": "Wells Fargo EV policy", "c": "Wells Fargo WellsSecure Public Root Certificate Authority" },
"END": ""
};
-if (typeof module !== undefined) { module.exports = oids; }
+if (typeof module !== "undefined") { module.exports = oids; }

When trying to decode:

045601036b6579044d00000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000001100

With openssl asn1parse:

    0:d=0  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:01036B6579044D0000...001100

In an EC Subject Public Key Info PEM:

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEU7FK0bi1qUymF77fmVfsUWQzwsWVacE9huKsKRIj7tku/QG7peRfmrvMOLbezIqpnRADROwTXQEgCx2rUjee/Q==
-----END PUBLIC KEY-----

which is for a 256 bit EC, the 520 bit string:

04 53 B1 4A D1 B8
B5 A9 4C A6 17 BE DF 99  57 EC 51 64 33 C2 C5 95
69 C1 3D 86 E2 AC 29 12  23 EE D9 2E FD 01 BB A5
E4 5F 9A BB CC 38 B6 DE  CC 8A A9 9D 10 03 44 EC
13 5D 01 20 0B 1D AB 52  37 9E FD

is made up of a one byte prefix:
04 == EC_POINT_FORM_UNCOMPRESSED
followed by two raw 256 bit EC points.

It would be nice if that, while not ASN.1, was decoded.

(really helpful tool)

As you can see in this example of TR-34 Rebind Token, TBSCertList recognized the following fields:

• signature
• issuer
• thisUpdate

This is wrong, according to RFC 5280 there is an optional version field which is present in the data:

(link with example)

After decoding some data the address bar contains a link with the ASN1 data encoded in base64.
When this link is loaded the input becomes the base64 form and the original input is lost.

example: when you decode PEM data with armoring the link should contain all the input data so that when the link is opened, the armoring/formatting/encoding of the input is preserved.

This isn't an issue per say, but I was wondering if anyone has converted this to C#

Propose to add new functionality.
Add feature allows to convert ASN structure in Javascript object using given schema.

Extension = {
    type: "SEQUENCE",
    value: {
        typeId: {type: "OBJECT ITDENTIFIER"},
        value: {type: "ANY"}
    }
}

var asn = ANS1.decode(data);
var o = asn.toObject(Extension);

// structure of 'o'
{
    typeId: "1.2.3.4.5.6",
    value: [18, 3, 1, 1, 0]
}

          Oh, and feel free to attach more CMP examples.

I know little about CMP myself, so I only tested what I found around.

Originally posted by @lapo-luchini in #68 (comment)

I'll get one for you

It is stated in the documentation that bundling with a standard JS bundler is straightforward, however I find it hard to make Rollup work. Could you show an example of such a configuration with any major bundler? Thanks for the efforts!

while running the test code return fail

These dependencies were not found:

• int10 in ./node_modules/@lapo/asn1js/asn1.js
• oids in ./node_modules/@lapo/asn1js/asn1.js

Hi,
I'm trying to use your library for converting TAP files and have the result as JSON.using the example below I can convert the file however I can't find anyway to convert the whole object into JSON. Is there anyway to convert the result to JSON?
Below is my sample code (nodeJS):

"use strict";
var fs = require("fs");

var ASN1 = require("@lapo/asn1js");

var data = fs.readFileSync("/sampleTAP");
//console.log(data);

var obj = ASN1.decode(data, 0);
console.log(obj);
//console.log(obj.sub[0].sub[0]);

and below is what I see in the logs:

ASN1 {
  stream: Stream {
    enc: <Buffer 61 83 01 31 e4 64 81 8b 5f 81 44 05 44 4e 4b 54 44 5f 81 36 05 32 53 50 35 30 5f 6d 05 32 38 39 33 30 7f 6c 19 50 0e 32 30 32 30 30 35 31 35 32 33 35 ... 78263 more bytes>,
    pos: 8
  },
  header: 4,
  length: 5,
  tag: ASN1Tag { tagClass: 1, tagConstructed: false, tagNumber: 196 },
  tagLen: 3,
  sub: null
}

When I put a time with fractional seconds in a GeneralizedTime, asn1js says "Unrecognized time".

The error message is :
TypeError: cannot use 'in' operator to search for "optional" in "T"

The PKCS#10 is :
MIIBbDCB1gIBADAUMRIwEAYDVQQDEwlqc2NlcC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIvoY+6r/fUTSgRPIG8ZHfzS25FP9SqiDs4hv5rlStHjSIt7kaSiK7dbhoezww/6nIZFN1IfmCAYAU6kJwIT6DtVJd1Rp01G5D2g62e4EismLIUN9LlLHFaLw402fVCAWX04DexZlO0Ub7WuEKPWves84+jWqviGg2hUQeq2pb1RAgMBAAGgGTAXBgkqhkiG9w0BCQcxChMIcGFzc3dvcmQwDQYJKoZIhvcNAQEFBQADgYEAPARlIQlioAHG+k2LUIggNy+B6kPwiEvfVsuCioKwpOFir5G2lXozZTUVCUVpgLp5KxH+L4sxFLcUsKvCyvBy27x/0LS/Me+VUV5RBVRGKfb+Zj/TiatrNTXT+IHwwesQ8lC+ZM0Z07YJMa1Tz9ogoUsdae8KGWNOPZLTBJkuU5w=

On http://ldh.org/asn1.html, it is parsed as :
U.P.SEQUENCE {
   U.P.SEQUENCE {
      U.P.INTEGER 0x00 (0 decimal)
      U.P.SEQUENCE {
         U.P.SET {
            U.P.SEQUENCE {
               U.P.OBJECTIDENTIFIER 2.5.4.3 (commonName)
               U.P.PrintableString 'jscep.org'
            }
         }
      }
      U.P.SEQUENCE {
         U.P.SEQUENCE {
            U.P.OBJECTIDENTIFIER 1.2.840.113549.1.1.1 (RSA (PKCS #1 v1.5) key transport algorithm)
            U.P.NULL 
         }
         U.P.BITSTRING         # 00308189028181008be863eeabfdf5134a044f206f191dfcd2db914ff52aa20ece21bf9ae54ad1e3488b7b91a4a22bb75b8687b3c30ffa9c864537521f982018014ea4270213e83b5525dd51a74d46e43da0eb67b8122b262c850df4b94b1c568bc38d367d5080597d380dec5994ed146fb5ae10a3d6bdeb3ce3e8d6aaf88683685441eab6a5bd510203010001
            U.P.SEQUENCE {
               U.P.INTEGER 0x008be863eeabfdf5134a044f206f191dfcd2db914ff52aa20ece21bf9ae54ad1e3488b7b91a4a22bb75b8687b3c30ffa9c864537521f982018014ea4270213e83b5525dd51a74d46e43da0eb67b8122b262c850df4b94b1c568bc38d367d5080597d380dec5994ed146fb5ae10a3d6bdeb3ce3e8d6aaf88683685441eab6a5bd51
               U.P.INTEGER 0x010001 (65537 decimal)
            } : 0 unused bit(s); 
      }
      [C.P.0] {
         U.P.SEQUENCE {
            U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.7 (Challenge Password attribute for use in signatures)
            U.P.SET {
               U.P.PrintableString 'password'
            }
         }
      }
   }
   U.P.SEQUENCE {
      U.P.OBJECTIDENTIFIER 1.2.840.113549.1.1.5 (RSA (PKCS #1 v1.5) with SHA-1 signature)
      U.P.NULL 
   }
   U.P.BITSTRING         # 003c0465210962a001c6fa4d8b508820372f81ea43f0884bdf56cb828a82b0a4e162af91b6957a3365351509456980ba792b11fe2f8b3114b714b0abc2caf072dbbc7fd0b4bf31ef95515e5105544629f6fe663fd389ab6b3535d3f881f0c1eb10f250be64cd19d3b60931ad53cfda20a14b1d69ef0a19634e3d92d304992e539c
3c0465210962a001c6fa4d8b508820372f81ea43f0884bdf56cb828a82b0a4e162af91b6957a3365351509456980ba792b11fe2f8b3114b714b0abc2caf072dbbc7fd0b4bf31ef95515e5105544629f6fe663fd389ab6b3535d3f881f0c1eb10f250be64cd19d3b60931ad53cfda20a14b1d69ef0a19634e3d92d304992e539c : 0 unused bit(s); 
}

It would be nice to compare two inputs side by side.

Hi!

i already have the certificate and a a signed hash. Is there anyway i can generate a .p7s file?

Cheers

It is my understanding that you have to supply the ASN message definition somewhere in order to encode/decode the bytestreams. Am I missing something?

Great library by the way

Does this decode large files? I have few files which are around 5-7MB but the tool decodes only part of it. How do I get this to decode the entire file

"17 0D 31 37 30 39 30 34 30 39 30 33 30 35 5A" is parsed correctly as "UTCTime 2017-09-04 09:03:05 UTC"
"17 0D 31 38 30 39 30 34 30 39 30 33 30 35 5A" however is interpreted as "UTCTime 3709-04-09 03:05 UTC"

The bug is somewhere in the reTime regex, it interpretes the first 4 bytes as the year (and still adds 2000 to it)

Please add a definition for CMP messages according RFC 4210. If you don't have time to do so, I'd like to help but I can't find an example where the other definitions are stored.

Hello
Thank you for a very useful tool.
To read highlighted elements in the hex dump, I have to move the mouse off the structure to remove the highlight.
Could you change the colour of the highlighted text from Teal to something that contrasts better with the background?

https://imgur.com/a/qdClFob

Thank you

Keith

Please also print GeneralString values as you would do with OIDs, BOOLEANS, etc.

LK"I

Hi,
Great work!
Is there any plan to add this library to npm?

Harel

Times (both UTC and Generalized) with an offset that includes minutes print wrong.
18 15 31 39 38 35 31 31 30 36 32 31 30 36 32 37 2E 33 2D 31 32 33 34 is the literal string 19851106210627.3-1234 but prints as 1985-11-06 21:06:27.3 UTC-1234:34 Those unique digits help to see what seems to be going on. My regex-fu isn't good enough to suggest a correction, but using the format that omits the offset minutes looks closer to correct: 18 13 31 39 38 35 31 31 30 36 32 31 30 36 32 37 2E 33 2D 31 32 (literal string 19851106210627.3-12) prints 1985-11-06 21:06:27.3 UTC-12 Maybe the regex matches both hours and minutes as the hours section and then rematches the minutes as minutes? This guess is based on the code that prints this:

When folowing this link (containing %20) the script does not work in Firefox.

If I replace the %20 with + it doesn't work either

The only solution seems to be replacing the %20 in the textbox on the resulting page with a space.

Definition

When an octet string's first word starts with '04', the parent octet string becomes the same value to its child.

Example

BCAEHuTjt+01DMJNA05DbZocsVux4yjTcGL7guhGGKsKPA==

Screenshots

Is there any dump functionality? Like clicking a node and save it to file? I don't see it but I guess it's trivial to add.

Here:

Same issue as openssl/openssl#10029 and kaikramer/keystore-explorer#246

=> userPrincipalName.

The example certificate is invalid, most importantly due to the fact that the length of one of the fields is 0x80 bytes long. Though valid BER, this is invalid DER as it suggests:

1. When the length is between 0 and 127, the short form of length must be used.
2. When the length is 128 or greater, the long form of length must be used, and the length must be encoded in the minimum number of octets.
3. For simple string types and implicitly tagged types derived from simple string types, the primitive, definite-length method must be employed.
4. For structured types, implicitly tagged types derived from structured types, and explicitly tagged types derived from anything, the constructed, definite-length method must be employed.

I suggest you update the example certificate to be valid DER and I would recommend having both a DER and BER example button to have the ability to show either of them.

Hello!!!
I'm trying to parse file with 2,5 Mb size. My browser (chrome) has been broken after that. I think the main reason is the bad choice of array type. You are using simple array and each byte is like Number (8 bytes). It should be better to use Uint8Array. It takes less memory then simple Array.

Maybe I'm wrong, but I'm trying to Decode this Hex "0303078000". It must new BIT STRING type. But Decoder gives me BIT STRING with OPTIONAL [0] element. BIT STRING from Hex "0303078001" is right.

when I try to decode data

21060101ff0101ff

https://lapo.it/asn1js/#21060101FF010100

The interesting:

• BOOLEAN true
  • BOOLEAN true
  • BOOLEAN false

That's because I (incorrectly) have constructed encoding, not primitive, which should be for universal boolean.

EDIT: with integer, it's even more fun https://lapo.it/asn1js/#22060101FF010100

-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgIDBt/DMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEzMDYxMTIx
MzczNVoXDTE0MDcxNTAwMzk0M1owgcgxKTAnBgNVBAUTIGJsdi1OUFFSUTNHQ3Bp
bTNNbFlRbUoxSC1oV05QR3pwMRMwEQYDVQQLEwpHVDYyNTUyMDIzMTEwLwYDVQQL
EyhTZWUgd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzIChjKTEzMS8wLQYD
VQQLEyZEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKTEiMCAG
A1UEAxMZd3d3Lm5leHN0ZXByZWFsZXN0YXRlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAM0+y05oeW+l6D8jJfYoxjl+5mdmEi3fGE72Pq6sdaSd
pDBTeMTjLbiGZLmOTcDyTOa3+SwooMksqe1FO1MtJ0wIKRgZ+uiWOQOw2W/BvhWc
B8OqYdZEGaYtpo6SeAZdHkCeg5OBn30l244ROSEgzrYsvUos/2oAHr6iJT5OoXjF
tVw9Qr+1Rn2S1Af3DYLjBaA51wGyQorTC982+WJzzsBz0SsExF7U2IjQfZyHSwMi
yuLHiV9RPLCmD1vnkJfKpd5qeWTMPD1Ej2KtPYyq4+27JAlvERcghz4YrR+4Pu26
HxETyfxg0x2tSoPIlnnKsGRZrUplRaD4JGwEelpCzPkCAwEAAaOCAcYwggHCMB8G
A1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoIZd3d3Lm5l
eHN0ZXByZWFsZXN0YXRlLmNvbYIVbmV4c3RlcHJlYWxlc3RhdGUuY29tMEEGA1Ud
HwQ6MDgwNqA0oDKGMGh0dHA6Ly9ndHNzbGR2LWNybC5nZW90cnVzdC5jb20vY3Js
cy9ndHNzbGR2LmNybDAdBgNVHQ4EFgQUoBJd1iWTHPvcztGFCbOqnW61W/0wDAYD
VR0TAQH/BAIwADB1BggrBgEFBQcBAQRpMGcwLAYIKwYBBQUHMAGGIGh0dHA6Ly9n
dHNzbGR2LW9jc3AuZ2VvdHJ1c3QuY29tMDcGCCsGAQUFBzAChitodHRwOi8vZ3Rz
c2xkdi1haWEuZ2VvdHJ1c3QuY29tL2d0c3NsZHYuY3J0MEwGA1UdIARFMEMwQQYK
YIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNv
bS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IBAQBPSsDaCfiUujQ4szRg
X37U+56tacJ+hBEVRjvSA+o0pPYm4ex/mNj5V12KgynC9OmsucrnL0/KqBpgnTqq
r/XJBIgTAKQIqgnHacHwyjXWNRbDMtUEmD+mgko2wt2xxAnZJ1ob+QfmsWNLgaVY
KFEkfOpTaX+CeojEGgQambVZsvB9+KBc9WB+eCQIAKOYPRm75POMiRKzLNs8KxDB
JVSQTY9KnWCx65y1pw1gec6dxRLz9RAKumAxGtD4aIJ/bRyPJsm/D1N+FLdO4Jb3
ap58y6xECTH3ZdPzA3UCTTdJ7HJAWD8L3eltyv8EzFzv+Ekn50qH10jyVX0baLMJ
1y9k
-----END CERTIFICATE-----

In https://github.com/lapo-luchini/asn1js/blob/master/asn1.js row 172 you create a string containing the length of an Integer

s = "(" + len + " bit)\n";

I think this message is a little bit misleading, as every Integer in ASN.1 is a signed number. To make this more clear, I think the following message would be more correct:

s = "(" + (len+1) + " bit incl. sign)\n";

I had a go at adding support for the ASN.1 definitions in https://www.ietf.org/rfc/rfc3412.txt but ran into an issue as it looks like the parser code depends on the RFC having an OID, while the SNMP RFC only has ASN.1 definitions without OIDs specified so running the parser against it results in no types coming out.

Thoughts on the best way to handle this kind of thing?