synta 0.1.8

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

# PKCS#8 Private Key Structures


`synta.pkcs8` provides `OneAsymmetricKey` (also exported as `PrivateKeyInfo`) for parsing
DER-encoded private key envelopes produced by OpenSSL and other PKI tools (RFC 5958 / PKCS#8).

```python
import synta.pkcs8 as pkcs8
```

## OneAsymmetricKey

```python
class OneAsymmetricKey:
    @staticmethod
    def from_der(data: bytes) -> OneAsymmetricKey: ...
    def to_der(self) -> bytes: ...

    version: int                          # 0 = v1 (PrivateKeyInfo), 1 = v2 (RFC 5958)
    private_key_algorithm: ObjectIdentifier  # the private-key algorithm OID
    private_key: bytes                    # raw key material (OCTET STRING value)
    attributes_der: bytes | None          # raw DER of [0] IMPLICIT attributes bag
    public_key_der: bytes | None          # raw DER of [1] IMPLICIT public key BIT STRING
    alg_parameters_der: bytes | None      # algorithm parameters DER, or None

PrivateKeyInfo = OneAsymmetricKey  # RFC 5958 / PKCS#8 alias
```

## Usage

```python
import synta.pkcs8 as pkcs8

# Parse a PKCS#8 key from DER bytes
with open("key.der", "rb") as f:
    key = pkcs8.OneAsymmetricKey.from_der(f.read())

print(f"version: {key.version}")
print(f"algorithm: {key.private_key_algorithm}")
print(f"key bytes: {key.private_key.hex()}")

# Algorithm parameters (e.g. curve OID for EC keys)
if key.alg_parameters_der:
    import synta.pkixalgs as pa
    ec_params = pa.ECParameters.from_der(key.alg_parameters_der)
    if ec_params.arm == "namedCurve":
        print(f"curve: {ec_params.named_curve_oid}")

# Check for optional public key component (v2 / RFC 5958)
if key.public_key_der:
    print(f"public key DER: {len(key.public_key_der)} bytes")

# Use the PrivateKeyInfo alias
key2 = pkcs8.PrivateKeyInfo.from_der(key_der)
```

For cryptographic operations (signing, decryption, key generation), use
[`synta.PrivateKey`](../pki/keys.md) which wraps an OpenSSL key. `OneAsymmetricKey` is
a pure ASN.1 parser that does not invoke any cryptographic backend.

See also [PKCS#9 OIDs](../oids/pkcs9.md) for `id-friendlyName` and `id-localKeyId` bag attributes
used in PKCS#12 archives, and [PKCS Loaders](../pki/pkcs-loaders.md) for extracting raw
PKCS#8 DER bytes from PKCS#12 archives via `load_pkcs12_keys`.