#asn1 #crypto #itu #pkcs

no-std der

Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules (DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690 with full support for heapless no_std targets

10 releases (4 breaking)

Uses new Rust 2021

0.5.1 Nov 17, 2021
0.5.0-pre.1 Oct 14, 2021
0.4.0 Jun 8, 2021
0.3.0 Mar 22, 2021
0.1.0 Dec 22, 2020

#89 in Cryptography

Download history 24823/week @ 2021-08-09 27669/week @ 2021-08-16 31267/week @ 2021-08-23 31430/week @ 2021-08-30 35304/week @ 2021-09-06 38844/week @ 2021-09-13 38417/week @ 2021-09-20 41814/week @ 2021-09-27 43941/week @ 2021-10-04 46287/week @ 2021-10-11 47636/week @ 2021-10-18 42746/week @ 2021-10-25 42326/week @ 2021-11-01 45772/week @ 2021-11-08 50188/week @ 2021-11-15 45124/week @ 2021-11-22

172,513 downloads per month
Used in 243 crates (14 directly)

Apache-2.0 OR MIT

5.5K SLoC

RustCrypto: ASN.1 DER

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust embedded-friendly implementation of the Distinguished Encoding Rules (DER) for Abstract Syntax Notation One (ASN.1) as described in ITU X.690.



This crate provides a no_std-friendly implementation of a subset of ASN.1 DER necessary for decoding/encoding the following cryptography-related formats implemented as crates maintained by the RustCrypto project:

  • pkcs1: RSA Cryptography Specifications
  • pkcs5: Password-Based Cryptography Specification
  • pkcs7: Cryptographic Message Syntax
  • pkcs8: Private-Key Information Syntax Specification
  • sec1: Elliptic Curve Cryptography
  • spki: X.509 Subject Public Key Info

The core implementation avoids any heap usage (with convenience methods that allocate gated under the off-by-default alloc feature).

The DER decoder attempts to ensure that the input document is in canonical form, and will return errors if non-canonical productions are encountered.


  • Rich support for ASN.1 types used by PKCS/PKIX documents
  • Performs DER canonicalization checks at decoding time
  • no_std friendly: supports "heapless" usage or optionally supports the alloc crate if desired
  • No hard dependencies! Self-contained implementation with optional integrations with the following crates, all of which are no_std friendly:
    • const-oid: const-friendly OID implementation
    • crypto-bigint: constant-time bignum library
    • time crate: date/time library

Minimum Supported Rust Version

This crate requires Rust 1.56 at a minimum.

We may change the MSRV in the future, but it will be accompanied by a minor version bump.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.