What types of files can I decode with the ASN.1 parser?

The parser handles any file using ASN.1/DER encoding: X.509 certificates (.crt, .cer, .pem), certificate signing requests (.csr), RSA private keys (PKCS#1), generic private keys (PKCS#8), certificate chains (.p7b, .p7c), PKCS#12 archives (.p12, .pfx), SNMP protocol data units, CRLs (Certificate Revocation Lists), and OCSP requests/responses. Most cryptographic objects use ASN.1 encoding internally.

What is the difference between DER and PEM format?

DER (Distinguished Encoding Rules) is the binary ASN.1 encoding — compact and machine-readable but not printable. PEM (Privacy Enhanced Mail) was a standard for secure email that adopted DER data encoded as Base64 with a `-----BEGIN X-----` / `-----END X-----` header, making DER safe to embed in text files and email. Today most certificate tools default to PEM because it's copy-pasteable. Both encode exactly the same ASN.1 information; PEM is just DER in a Base64 text wrapper.

Why are some OIDs shown as numbers rather than names?

The tool includes a comprehensive OID registry covering standard cryptographic and PKI identifiers, but there are thousands of proprietary and organization-specific OIDs used in certificates issued by specific CAs, VPN vendors, or enterprise PKI systems. If an OID number is displayed without a resolved name, it's a proprietary OID not listed in public OID registries. You can look up unknown OIDs in databases like oid-info.com using the numeric identifier shown.

OmniToolsKit

ASN.1 Parser

Name: ASN.1 Parser
Rating: 5 (2 reviews)
Author: OmniToolsKit

Parse and decode ASN.1/DER/PEM structures like certificates and keys

DER/BER DecodingHex InputTree ViewOID Lookup

Input

Paste PEM, Base64, or HEX encoded ASN.1 data

Parsed Structure

SEQUENCE[401 bytes @ 0]

SEQUENCE[251 bytes @ 4]

INTEGER[9 bytes @ 7]

00 a1 d0 cd 49 8b 92 f4 88

SEQUENCE[13 bytes @ 18]

OBJECT IDENTIFIER[9 bytes @ 20]

1.2.840.113549.1.1.11

NULL[0 bytes @ 31]

SEQUENCE[17 bytes @ 33]

SET[15 bytes @ 35]

SEQUENCE[13 bytes @ 37]

OBJECT IDENTIFIER[3 bytes @ 39]

2.5.4.3

UTF8String[6 bytes @ 44]

sample

SEQUENCE[30 bytes @ 52]

UTCTime[13 bytes @ 54]

230101000000Z

UTCTime[13 bytes @ 69]

240101000000Z

SEQUENCE[17 bytes @ 84]

SET[15 bytes @ 86]

SEQUENCE[13 bytes @ 88]

OBJECT IDENTIFIER[3 bytes @ 90]

2.5.4.3

UTF8String[6 bytes @ 95]

sample

SEQUENCE[92 bytes @ 103]

SEQUENCE[13 bytes @ 105]

OBJECT IDENTIFIER[9 bytes @ 107]

1.2.840.113549.1.1.1

NULL[0 bytes @ 118]

BIT STRING[75 bytes @ 120]

(0 unused bits) 30 48 02 41 00 bb 16 a2 4b 56 f0 7e 3a c3 38 12 46 c5 6d 09 ef 2e be dc 0b 8a 7e 67 54 ea 6e 95 b9 7e a5 df 27 c1 79 61 7d 97 99 dc 4c fd 9e 6d 13 b7 4c f0 5f 19 d4 5e 85 ea ae d0 d0 5f 50 ed f3 c5 f4 5e 59 02 03 01 00 01

SEQUENCE[13 bytes @ 197]

OBJECT IDENTIFIER[9 bytes @ 199]

1.2.840.113549.1.1.11

NULL[0 bytes @ 210]

BIT STRING[65 bytes @ 212]

(0 unused bits) 69 a4 ce 19 f2 b6 07 f8 2a 42 98 2e 19 e6 b0 fb 16 50 8d a0 82 4f 26 44 37 17 c3 dd 8e 9a 44 e6 92 41 f5 f6 1d c7 b7 42 ec 5d 64 d3 e0 50 6b ba 69 13 9a ac 17 96 fb ab d6 79 6f 41 79 77 91 79

TAG(0x64)[0 bytes @ 257]

TAG(0xe0)[80 bytes @ 259]

TAG(0x6b)[0 bytes @ 261]

TAG(0x69)[19 bytes @ 263]

TAG(0x9a)[0 bytes @ 265]

UTCTime[0 bytes @ 267]

TAG(0xfb)[0 bytes @ 269]

TAG(0xd6)[121 bytes @ 271]

6f 41 79 77 91 79

ASN.1 Reference

Supported Formats

PEM (-----BEGIN...-----END-----)
Base64 encoded DER
Hexadecimal DER bytes

About this tool

Parse, decode, and explore ASN.1 (Abstract Syntax Notation One) data structures in DER and PEM encoding. Navigate X.509 certificate internals, RSA and EC key structures, PKCS#7/12 containers, and SNMP protocol data units with hierarchical tree visualization and OID resolution.

About

ASN.1 Structure Decoding for X.509 Certificates and Cryptographic Keys

ASN.1 (Abstract Syntax Notation One) is the binary serialization language of cryptography. Every TLS certificate, private key, digital signature, and PKCS container uses ASN.1 encoding to structure its data. When you install an HTTPS certificate, your browser parses ASN.1 to extract the public key, subject name, issuer, and validity period. When a VPN client authenticates, it reads ASN.1-encoded certificate chains. Understanding ASN.1 is fundamental to certificate security analysis and PKI troubleshooting.

ASN.1 data is typically encoded in DER (Distinguished Encoding Rules), a binary format, or PEM (Privacy Enhanced Mail), which is DER data Base64-encoded with `-----BEGIN CERTIFICATE-----` header/footer blocks. The ASN.1 structure is a recursive tree of typed data — SEQUENCE (ordered list), SET (unordered list), INTEGER, BIT STRING, OCTET STRING, OBJECT IDENTIFIER (OID), UTF8String, PrintableString, UTCTime, and many other primitive types.

This ASN.1 parser fully decodes any DER or PEM input, presenting the structure as an interactive tree where every node shows its type tag, length, offset in the original byte stream, and decoded value. OIDs are resolved to human-readable names from an embedded registry covering all common cryptographic and PKI algorithm identifiers.

Common Use Cases for ASN.1 Decoding

Inspecting X.509 TLS Certificate Internals

Decode TLS certificates to inspect the full Subject, Issuer, SubjectAltNames, public key algorithm and parameters, signature algorithm, validity dates, and certificate extensions like BasicConstraints and KeyUsage.

Debugging PKCS Key and Container Formats

Navigate PKCS#1 RSA keys, PKCS#8 private key info, PKCS#7 signed data, and PKCS#12 key archives to understand structure and troubleshoot format compatibility issues.

PKI Security Auditing and Certificate Analysis

Audit certificate chains for weak key sizes, deprecated signature algorithms, or misconfigured extensions. Verify that CRL Distribution Points and OCSP URLs are properly encoded.

How to Use

1
Paste DER Hex or PEM Encoded Input
Paste a PEM-encoded certificate (beginning with `-----BEGIN CERTIFICATE-----`), a PEM private key, or raw DER data as hexadecimal. The parser auto-detects the format.
2
Explore the Decoded ASN.1 Tree
The decoded structure renders as an interactive collapsible tree. Each node shows the ASN.1 type tag, byte offset, length, and decoded value. Expand SEQUENCE and SET nodes to navigate nested structures.
3
Resolve OIDs to Human-Readable Names
OBJECT IDENTIFIER values are automatically resolved from a built-in registry — algorithm OIDs like `1.2.840.113549.1.1.11` display as `sha256WithRSAEncryption`, certificate extension OIDs display as their standard names.
4
View Hex Dump and Export
Toggle the hex dump view to see the raw bytes alongside the decoded structure. Export the full decoded structure as JSON for further processing in scripts or security tools.

Features

DER and PEM Auto-Detection
Automatically detects whether input is a PEM-encoded block (Base64 with header/footer) or raw DER hex, eliminating the need to manually strip headers before parsing.
OID Registry Covering 300+ Cryptographic Identifiers
Resolves OIDs for RSA, ECC, DSA, SHA, MD5, TLS cipher suites, X.509 extensions, PKIX policy OIDs, and LDAP attribute types — providing meaningful names instead of raw numeric identifiers.
Byte-Offset Hex Dump Correlation
Shows the exact byte offset and hex values for every ASN.1 element, allowing direct correlation between the tree structure and the underlying raw bytes — essential for debugging encoding issues.
Collapsible Tree Navigation for Deep Structures
Handles deeply nested structures like PKCS#12 archives (which contain nested certificates and keys) with collapsible nodes that allow navigating complex hierarchies without overwhelming the interface.

Frequently Asked Questions

Found this tool useful?

Share your experience and help others discover it.