This online ASN.1 viewer decodes DER/BER-encoded structures such as X.509 certificates, CSRs (PKCS#10), private and public keys (PKCS#8, SPKI, PKCS#1, SEC1) and PKCS#7 / CMS envelopes directly in your browser.
Accepts PEM, raw Base64, Hex, or a binary .der / .cer / .crt / .csr / .p7b file upload. No server upload, no signup.
:, spaces, 0x), or binary file upload. Everything runs locally in your browser. ASN.1 (Abstract Syntax Notation One) is a standard notation used to describe the structure of data exchanged between computers. It is the foundation of virtually every cryptographic format you meet in practice: X.509 certificates, CSRs, PKCS#7 / CMS, PKCS#8 private keys, LDAP, SNMP, Kerberos tickets and much more.
ASN.1 defines abstract types such as SEQUENCE, SET, INTEGER, OBJECT IDENTIFIER, UTF8String, BIT STRING and OCTET STRING. These abstract values are serialised using DER/BER and often wrapped in PEM text for transport.
BER (Basic Encoding Rules) is the generic binary encoding of ASN.1 — it allows multiple valid encodings for the same abstract value. DER (Distinguished Encoding Rules) is a strict subset of BER that produces a unique, canonical encoding, which is essential for digital signatures. PEM is a text wrapper that Base64-encodes DER bytes and places them between -----BEGIN ...----- and -----END ...----- markers so they can travel safely through emails, config files and copy-paste workflows.
CERTIFICATE) — full decoding of TBS, subject, issuer, validity, SPKI and extensions (SAN, KU, EKU, BasicConstraints, SKI, AKI).CERTIFICATE REQUEST, PKCS#10) — subject, public key and requested attributes.PRIVATE KEY, PKCS#1 RSA PRIVATE KEY, SEC1 EC PRIVATE KEY.PUBLIC KEY and PKCS#1 RSA PUBLIC KEY.pkcs7-signedData, pkcs7-envelopedData) — content type, certificates and signer counts.X509 CRL) — issuer, update times and revoked entry counts.Any other ASN.1 structure is still fully visible in the raw tree with OIDs resolved to human-readable names.
-----BEGIN/END----- markers), a raw Base64 string, or a hex dump into the input area. The tool auto-detects the format..der, .cer, .crt, .csr or .p7b file.OCTET STRING / BIT STRING wrappers (such as certificate extension values) are automatically re-decoded.extnValue octet strings and SPKI bit strings. Developers, DevOps and security engineers reach for an ASN.1 viewer when debugging TLS handshakes, auditing certificates issued by a private CA, validating CSR contents before sending them to a CA, inspecting S/MIME or code-signing certificates, decoding PKCS#7 bundles returned by CMS APIs, and understanding the exact layout of PKCS#8 private keys produced by openssl genpkey or Java keystores.
It is also a great learning aid: pair the decoded tree with RFC 5280 or RFC 5652 to see how the spec maps to real bytes.
Yes — this tool is built with privacy as a top priority. All ASN.1 parsing runs entirely in your browser using JavaScript. Certificates, CSRs and keys are never uploaded, logged or stored on any server.
Even so, treat private keys as credentials. Never paste a production private key into any third-party tool, including this one. For sensitive debugging prefer short-lived test keys, and rotate anything that may have been exposed.
ASN.1 (Abstract Syntax Notation One) is the formal notation used to describe the structure of X.509 certificates, PKCS and CMS messages, LDAP, SNMP and many other cryptographic formats. An ASN.1 viewer decodes the binary DER/BER encoding into a readable tree of tags, lengths and values so you can inspect certificates, CSRs and keys without installing OpenSSL.
BER (Basic Encoding Rules) is the generic binary encoding of ASN.1. DER (Distinguished Encoding Rules) is a strict subset of BER used for digital signatures and certificates because it produces a unique canonical encoding. PEM is a text format that wraps DER bytes in Base64 between "-----BEGIN ..." and "-----END ..." markers so they can be safely pasted into emails, configuration files or cURL commands.
Paste PEM blocks (one or many), raw Base64 strings, hexadecimal dumps with or without separators, or upload a binary .der/.cer/.crt/.csr/.p7b/.p8/.key file. The tool auto-detects the input format and renders both the raw ASN.1 tree and a high-level summary for certificates, CSRs, keys and PKCS#7 envelopes.
All parsing runs entirely in your browser via JavaScript — nothing is uploaded. That said, private keys are credentials: avoid pasting production private keys into any third-party tool, including this one. For sensitive debugging, use a copy of the key on a workstation you trust and rotate it afterwards if you are unsure.
For inspection workflows, yes — this viewer shows the ASN.1 tree like openssl asn1parse and the decoded certificate fields like openssl x509 -text, but with a friendlier UI and OID resolution. It does not sign, issue or modify certificates; it is read-only.
The summary table shows the common ones: BasicConstraints, KeyUsage, ExtendedKeyUsage, SubjectAltName, IssuerAltName, SubjectKeyIdentifier and AuthorityKeyIdentifier. All other extensions are still fully visible in the raw ASN.1 tree, with their OIDs resolved to human-readable names where possible.
These are ASN.1 tags. SEQUENCE and SET are constructed Universal tags that group child elements. Values like [0], [1], [3] are context-specific tags used for optional or implicit fields (for example [3] wraps the extensions block inside a TBSCertificate). Primitive tags like INTEGER, OBJECT IDENTIFIER, UTF8String and BIT STRING carry leaf values.
X.509 Validity timestamps are encoded as UTCTime or GeneralizedTime, both of which represent absolute UTC moments. The viewer displays them in ISO-8601 UTC form so they are unambiguous regardless of your local timezone.
Combine this ASN.1 viewer with other free utilities from the same suite: