diff --git a/lib/csr.js b/lib/csr.js index 89609e2..3eb75cd 100644 --- a/lib/csr.js +++ b/lib/csr.js @@ -110,15 +110,12 @@ CSR._sign = function csrEcSig(jwk, request) { CSR._toDer = function encode(opts) { var sty; - var sig; if (/^EC/i.test(opts.kty)) { // 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256) sty = ASN1('30', ASN1('06', '2a8648ce3d040302')); - sig = ASN1.BitStr(ASN1('30', Enc.bufToHex(opts.signature))); } else { // 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1) sty = ASN1('30', ASN1('06', '2a864886f70d01010b'), ASN1('05')); - sig = ASN1.BitStr(Enc.bufToHex(opts.signature)); } return ASN1('30' // The Full CSR Request Body @@ -126,7 +123,7 @@ CSR._toDer = function encode(opts) { // The Signature Type , sty // The Signature - , sig + , ASN1.BitStr(Enc.bufToHex(opts.signature)) ); }; diff --git a/lib/keypairs.js b/lib/keypairs.js index 2e423f9..f81bc14 100644 --- a/lib/keypairs.js +++ b/lib/keypairs.js @@ -219,10 +219,12 @@ Keypairs._sign = function (opts, payload) { ).then(function (signature) { signature = new Uint8Array(signature); // ArrayBuffer -> u8 // This will come back into play for CSRs, but not for JOSE - if ('EC' === opts.jwk.kty && /x509/i.test(opts.format)) { - signature = Keypairs._ecdsaJoseSigToAsn1Sig(signature); + if ('EC' === opts.jwk.kty && /x509|asn1/i.test(opts.format)) { + return Keypairs._ecdsaJoseSigToAsn1Sig(signature); + } else { + // jose/jws/jwt + return signature; } - return signature; }); }); }; @@ -298,7 +300,7 @@ Keypairs._ecdsaJoseSigToAsn1Sig = function (bufsig) { if (len >= 0x80) { head.push(0x81); } head.push(len); - return Uint8Array.from(head.concat([0x02, r.length], r, [0x02, s.byteLength], s)); + return Uint8Array.from(head.concat([0x02, r.length], r, [0x02, s.length], s)); }; function setTime(time) {