synta 0.2.0

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# CMS Cryptography


The `synta.cms` submodule provides Python bindings for the Cryptographic Message Syntax
(RFC 5652) and CMS-KEM (RFC 9629). It exposes parsers and builders for all major CMS
content types.

## Content types

| Class | RFC | Description |
|---|---|---|
| `ContentInfo` | RFC 5652 §3 | Outer CMS envelope; entry point for all content types |
| `SignedData` | RFC 5652 §5 | Encapsulates signed content plus signer information |
| `SignerInfo` | RFC 5652 §5.3 | Per-signer structure within `SignedData` |
| `EnvelopedData` | RFC 5652 §6 | Encrypted content with key transport per recipient |
| `EnvelopedDataBuilder` | RFC 5652 §6 | Fluent builder for `EnvelopedData` |
| `EncryptedData` | RFC 5652 §8 | Symmetric encryption (shared key, no recipient info) |
| `DigestedData` | RFC 5652 §7 | Hash-protected content |
| `AuthenticatedData` | RFC 5652 §9 | MAC-authenticated content |
| `IssuerAndSerialNumber` | RFC 5652 §10.2.4 | Certificate identifier |
| `KEMRecipientInfo` | RFC 9629 §5 | Quantum-safe KEM recipient structure |
| `CMSORIforKEMOtherInfo` | RFC 9629 §5.3 | KDF input structure for KEM-based key derivation |

## Import

```python
from synta.cms import (
    ContentInfo,
    SignedData, SignerInfo,
    EnvelopedData, EnvelopedDataBuilder,
    EncryptedData,
    DigestedData,
    AuthenticatedData,
    IssuerAndSerialNumber,
    KEMRecipientInfo, CMSORIforKEMOtherInfo,
    # OID constants:
    ID_DATA, ID_SIGNED_DATA, ID_ENVELOPED_DATA,
    ID_DIGESTED_DATA, ID_ENCRYPTED_DATA, ID_CT_AUTH_DATA,
    ID_AES128_CBC, ID_AES192_CBC, ID_AES256_CBC,
    ID_RSAES_OAEP, ID_RSA_ENCRYPTION,
    ID_ORI, ID_ORI_KEM,
)
```

## OID constants

### Content-type OIDs (RFC 5652 §14)

| Constant | OID | Name |
|---|---|---|
| `ID_DATA` | `1.2.840.113549.1.7.1` | id-data |
| `ID_SIGNED_DATA` | `1.2.840.113549.1.7.2` | id-signedData |
| `ID_ENVELOPED_DATA` | `1.2.840.113549.1.7.3` | id-envelopedData |
| `ID_DIGESTED_DATA` | `1.2.840.113549.1.7.5` | id-digestedData |
| `ID_ENCRYPTED_DATA` | `1.2.840.113549.1.7.6` | id-encryptedData |
| `ID_CT_AUTH_DATA` | `1.2.840.113549.1.9.16.1.2` | id-ct-authData |

### Content-encryption algorithm OIDs (RFC 3565)

| Constant | OID | Key length |
|---|---|---|
| `ID_AES128_CBC` | `2.16.840.1.101.3.4.1.2` | 16 bytes |
| `ID_AES192_CBC` | `2.16.840.1.101.3.4.1.22` | 24 bytes |
| `ID_AES256_CBC` | `2.16.840.1.101.3.4.1.42` | 32 bytes |

### Key-transport algorithm OIDs (RFC 8017)

| Constant | OID | Notes |
|---|---|---|
| `ID_RSAES_OAEP` | `1.2.840.113549.1.1.7` | RSA-OAEP with SHA-256 (recommended) |
| `ID_RSA_ENCRYPTION` | `1.2.840.113549.1.1.1` | RSA PKCS#1 v1.5 (legacy) |

### CMS-KEM OtherRecipientInfo OIDs (RFC 9629 §6.2)

| Constant | OID | Description |
|---|---|---|
| `ID_ORI` | `1.2.840.113549.1.9.16.13` | Root arc for OtherRecipientInfo alternatives |
| `ID_ORI_KEM` | `1.2.840.113549.1.9.16.13.3` | Identifies a `KEMRecipientInfo` |

## Sections

- [ContentInfo](content-info.md) — outer CMS envelope
- [SignedData](signed-data.md) — signed content types
- [EnvelopedData](enveloped-data.md) — encrypted-to-recipient content
- [EncryptedData](encrypted-data.md) — symmetric encrypted content
- [DigestedData and AuthenticatedData](digested-authenticated.md) — hash and MAC content types
- [CMS-KEM](kem.md) — RFC 9629 quantum-safe KEM recipient types
- [OID Constants](oid-constants.md) — all CMS OID constants