v1.0.0: parse SSH public keys in the browser

2018-12-01 22:13:03 -07:00 · 2018-12-01 22:13:03 -07:00 · 86ee62e0d3
commit 86ee62e0d3
5 changed files with 327 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,65 @@
 # Bluecrypt&trade SSH to JWK (for Browsers)
 A minimal library to parse an SSH public key (`id_rsa.pub`)
 and convert it into a public JWK using Vanilla JS.
 Works for RSA and ECDSA public keys.
 # Features
 &lt; 150 lines of code | 1.0kb gzipped | 2.4kb minified | 3.7kb with comments
 * [x] SSH Public Keys
 * [x] RSA Public Keys
 * [x] EC Public Keys
  * P-256 (prime256v1, secp256r1)
  * P-384 (secp384r1)
 * [x] node.js version
  * [ssh-to-jwk.js](https://git.coolaj86.com/coolaj86/ssh-to-jwk.js)
 ### Need SSH Private Keys?
 SSH private keys (`id_rsa`) are just normal PEM files,
 so you can use Eckles or Rasha, as mentioned above.
 # Web Demo
 <https://coolaj86.com/demos/ssh-to-jwk/>
 ```bash
 git clone https://git.coolaj86.com/coolaj86/bluecrypt-ssh-to-jwk.js
 pushd bluecrypt-ssh-to-jwk.js/
 ```
 ```bash
 open index.html
 ```
 # Usage
 You can also use it as a library:
 ```html
 <script src="https://git.coolaj86.com/coolaj86/bluecrypt-ssh-to-jwk.js/raw/branch/master/ssh-to-jwk.js"></script>
 ```
 ```js
 var pub = 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCE9Uli8bGnD4hOWdeo5KKQJ/P/vOazI4MgqJK54w37emP2JwOAOdMmXuwpxbKng3KZz27mz+nKWIlXJ3rzSGMo= root@localhost';
 var ssh = SSH.parse(pub);
 console.info(ssh.jwk);
 ```
 # Other Tools in the Bluecrypt Suite
 * [Bluecrypt JWK to SSH](https://git.coolaj86.com/coolaj86/jwk-to-ssh.js) (RSA, EC, SSH)
 * [Bluecrypt ASN.1 decoder](https://git.coolaj86.com/coolaj86/asn1-parser.js) (x509, RSA, EC, etc)
 * [Bluecrypt ASN.1 builder](https://git.coolaj86.com/coolaj86/asn1-packer.js) (x509, RSA, EC, etc)
 # Legal
 [ssh-to-jwk.js](https://git.coolaj86.com/coolaj86/ssh-to-jwk.js) |
 MPL-2.0 |
 [Terms of Use](https://therootcompany.com/legal/#terms) |
 [Privacy Policy](https://therootcompany.com/legal/#privacy)
--- a/index.html
+++ b/index.html
@ -0,0 +1,68 @@
 <!DOCTYPE html>
 <html>
 <head>
  <title>SSH Pub Parser - Bluecrypt</title>
  <style>
    textarea {
      width: 42em;
      height: 10em;
    }
  </style>
 </head>
 <body>
  <h1>Bluecrypt SSH Public Key Parser</h1>
  <textarea class="js-input" placeholder="Paste id_rsa.pub (or other SSH public key) here">ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE+VbDTpmYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/RJSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZtYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYNIP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Eamz/nT4I3 root@localhost</textarea>
  <pre><code class="js-hex"> </code></pre>
  <pre><code class="js-jwk"> </code></pre>
  <br>
  <p>Made with <a href="https://git.coolaj86.com/coolaj86/bluecrypt-ssh-to-jwk.js/">ssh-to-jwk.js</a></p>
  <script src="./ssh-to-jwk.js"></script>
  <script>
    'use strict';
    Enc.bufToHex = function toHex(u8) {
      var hex = [];
      var i, h;
      var len = (u8.byteLength || u8.length);
      for (i = 0; i < len; i += 1) {
        h = u8[i].toString(16);
        if (h.length % 2) { h = '0' + h; }
        hex.push(h);
      }
      return hex.join('').toLowerCase();
    };
    var $input = document.querySelector('.js-input');
    function convert() {
      console.log('keyup');
      var ssh;
      try {
        var text = document.querySelector('.js-input').value.trim();
        ssh = SSH.parse(text);
        document.querySelector('.js-hex').innerText = ssh.elements.map(function (hex) {
          return Enc.bufToHex(hex)
            .match(/.{2}/g).join(' ')
            .match(/.{1,24}/g).join(' ')
            .match(/.{1,50}/g).join('\n');
        }).join('\n\n')
        document.querySelector('.js-jwk').innerText = JSON.stringify(ssh.jwk, null, 2);
      } catch(e) {
        ssh = { error: { message: e.message } };
        document.querySelector('.js-hex').innerText = '';
        document.querySelector('.js-jwk').innerText = JSON.stringify(ssh, null, 2);
      }
    }
    $input.addEventListener('keyup', convert);
    convert();
  </script>
 </body>
 </html>
--- a/package.json
+++ b/package.json
@ -0,0 +1,28 @@
 {
  "name": "bluecrypt-ssh-to-jwk",
  "version": "1.0.0",
  "description": "SSH to JWK in < 150 lines of VanillaJS.",
  "homepage": "https://git.coolaj86.com/coolaj86/bluecrypt-ssh-to-jwk.js",
  "main": "ssh-to-jwk.js",
  "scripts": {
    "prepare": "uglifyjs ssh-to-jwk.js > ssh-to-jwk.min.js"
  },
  "directories": {
    "lib": "lib"
  },
  "repository": {
    "type": "git",
    "url": "https://git.coolaj86.com/coolaj86/bluecrypt-ssh-to-jwk.js"
  },
  "keywords": [
    "zero-dependency",
    "SSH-to-JWK",
    "RSA",
    "EC",
    "SSH",
    "JWK",
    "ECDSA"
  ],
  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
  "license": "MPL-2.0"
 }
--- a/ssh-to-jwk.js
+++ b/ssh-to-jwk.js
@ -0,0 +1,165 @@
 ;(function (exports) {
 'use strict';
 if (!exports.Enc) { exports.Enc = {}; }
 if (!exports.SSH) { exports.SSH = {}; }
 var Enc = exports.Enc;
 var SSH = exports.SSH;
 SSH.parse = function (ssh) {
  ssh = SSH.parseBlock(ssh);
  ssh = SSH.parseElements(ssh);
  //delete ssh.bytes;
  return SSH.parsePublicKey(ssh);
 };
 SSH.parseBlock = function (ssh) {
  ssh = ssh.split(/\s+/g);
  return {
    type: ssh[0]
  , bytes: Enc.base64ToBuf(ssh[1])
  , comment: ssh[2]
  };
 };
 SSH.parseElements = function (ssh) {
  var buf = ssh.bytes;
  var fulllen = buf.byteLength || buf.length;
  var offset = (buf.byteOffset || 0);
  var i = 0;
  var index = 0;
  // using dataview to be browser-compatible (I do want _some_ code reuse)
  var dv = new DataView(buf.buffer.slice(offset, offset + fulllen));
  var els = [];
  var el;
  var len;
  while (index < fulllen) {
    i += 1;
    if (i > 15) { throw new Error("15+ elements, probably not a public ssh key"); }
    len = dv.getUint32(index, false);
    index += 4;
    el = buf.slice(index, index + len);
    // remove BigUInt '00' prefix
    if (0x00 === el[0]) {
      el = el.slice(1);
    }
    els.push(el);
    index += len;
  }
  if (fulllen !== index) {
    throw new Error("invalid ssh public key length \n" + els.map(function (b) {
      return Enc.bufToHex(b);
    }).join('\n'));
  }
  ssh.elements = els;
  return ssh;
 };
 SSH.parsePublicKey = function (ssh) {
  var els = ssh.elements;
  var typ = Enc.bufToBin(els[0]);
  var len;
  // RSA keys are all the same
  if (SSH.types.rsa === typ) {
    ssh.jwk = {
      kty: 'RSA'
    , n: Enc.bufToUrlBase64(els[2])
    , e: Enc.bufToUrlBase64(els[1])
    };
    return ssh;
  }
  // EC keys are each different
  if (SSH.types.p256 === typ) {
    len = 32;
    ssh.jwk = { kty: 'EC', crv: 'P-256' };
  } else if (SSH.types.p384 === typ) {
    len = 48;
    ssh.jwk = { kty: 'EC', crv: 'P-384' };
  } else {
    throw new Error("Unsupported ssh public key type: "
      + Enc.bufToBin(els[0]));
  }
  // els[1] is just a repeat of a subset of els[0]
  var x = els[2].slice(1, 1 + len);
  var y = els[2].slice(1 + len, 1 + len + len);
  // I don't think EC keys use 0x00 padding, but just in case
  if (0x00 === x[0]) { x = x.slice(1); }
  if (0x00 === y[0]) { y = y.slice(1); }
  ssh.jwk.x = Enc.bufToUrlBase64(x);
  ssh.jwk.y = Enc.bufToUrlBase64(y);
  return ssh;
 };
 SSH.types = {
  // 19 '00000013'
  // e c d s a - s h a 2 - n i s t p 2 5 6
  // 65636473612d736861322d6e69737470323536
  // 6e69737470323536
  p256: 'ecdsa-sha2-nistp256'
  // 19 '00000013'
  // e c d s a - s h a 2 - n i s t p 3 8 4
  // 65636473612d736861322d6e69737470333834
  // 6e69737470323536
 , p384: 'ecdsa-sha2-nistp384'
  // 7 '00000007'
  // s s h - r s a
  // 7373682d727361
 , rsa: 'ssh-rsa'
 };
 Enc.base64ToBuf = function (b64) {
  return Enc.binToBuf(atob(b64));
 };
 Enc.binToBuf = function (bin) {
  var arr = bin.split('').map(function (ch) {
    return ch.charCodeAt(0);
  });
  return 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;
 };
 Enc.bufToBase64 = function (u8) {
  var bin = '';
  u8.forEach(function (i) {
    bin += String.fromCharCode(i);
  });
  return btoa(bin);
 };
 Enc.bufToBin = function (buf) {
  var bin = '';
  // cannot use .map() because Uint8Array would return only 0s
  buf.forEach(function (ch) {
    bin += String.fromCharCode(ch);
  });
  return bin;
 };
 Enc.bufToUrlBase64 = function (u8) {
  return Enc.bufToBase64(u8)
    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
 };
 Enc.urlBase64ToBase64 = function urlsafeBase64ToBase64(str) {
  var r = str % 4;
  if (2 === r) {
    str += '==';
  } else if (3 === r) {
    str += '=';
  }
  return str.replace(/-/g, '+').replace(/_/g, '/');
 };
 }('undefined' !== typeof window ? window : module.exports));
--- a/ssh-to-jwk.min.js
+++ b/ssh-to-jwk.min.js
@ -0,0 +1 @@
 (function(exports){"use strict";if(!exports.Enc){exports.Enc={}}if(!exports.SSH){exports.SSH={}}var Enc=exports.Enc;var SSH=exports.SSH;SSH.parse=function(ssh){ssh=SSH.parseBlock(ssh);ssh=SSH.parseElements(ssh);return SSH.parsePublicKey(ssh)};SSH.parseBlock=function(ssh){ssh=ssh.split(/\s+/g);return{type:ssh[0],bytes:Enc.base64ToBuf(ssh[1]),comment:ssh[2]}};SSH.parseElements=function(ssh){var buf=ssh.bytes;var fulllen=buf.byteLength||buf.length;var offset=buf.byteOffset||0;var i=0;var index=0;var dv=new DataView(buf.buffer.slice(offset,offset+fulllen));var els=[];var el;var len;while(index<fulllen){i+=1;if(i>15){throw new Error("15+ elements, probably not a public ssh key")}len=dv.getUint32(index,false);index+=4;el=buf.slice(index,index+len);if(0===el[0]){el=el.slice(1)}els.push(el);index+=len}if(fulllen!==index){throw new Error("invalid ssh public key length \n"+els.map(function(b){return Enc.bufToHex(b)}).join("\n"))}ssh.elements=els;return ssh};SSH.parsePublicKey=function(ssh){var els=ssh.elements;var typ=Enc.bufToBin(els[0]);var len;if(SSH.types.rsa===typ){ssh.jwk={kty:"RSA",n:Enc.bufToUrlBase64(els[2]),e:Enc.bufToUrlBase64(els[1])};return ssh}if(SSH.types.p256===typ){len=32;ssh.jwk={kty:"EC",crv:"P-256"}}else if(SSH.types.p384===typ){len=48;ssh.jwk={kty:"EC",crv:"P-384"}}else{throw new Error("Unsupported ssh public key type: "+Enc.bufToBin(els[0]))}var x=els[2].slice(1,1+len);var y=els[2].slice(1+len,1+len+len);if(0===x[0]){x=x.slice(1)}if(0===y[0]){y=y.slice(1)}ssh.jwk.x=Enc.bufToUrlBase64(x);ssh.jwk.y=Enc.bufToUrlBase64(y);return ssh};SSH.types={p256:"ecdsa-sha2-nistp256",p384:"ecdsa-sha2-nistp384",rsa:"ssh-rsa"};Enc.base64ToBuf=function(b64){return Enc.binToBuf(atob(b64))};Enc.binToBuf=function(bin){var arr=bin.split("").map(function(ch){return ch.charCodeAt(0)});return"undefined"!==typeof Uint8Array?new Uint8Array(arr):arr};Enc.bufToBase64=function(u8){var bin="";u8.forEach(function(i){bin+=String.fromCharCode(i)});return btoa(bin)};Enc.bufToBin=function(buf){var bin="";buf.forEach(function(ch){bin+=String.fromCharCode(ch)});return bin};Enc.bufToUrlBase64=function(u8){return Enc.bufToBase64(u8).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")};Enc.urlBase64ToBase64=function urlsafeBase64ToBase64(str){var r=str%4;if(2===r){str+="=="}else if(3===r){str+="="}return str.replace(/-/g,"+").replace(/_/g,"/")}})("undefined"!==typeof window?window:module.exports);
		`@ -0,0 +1 @@`
							(function(exports){"use strict";if(!exports.Enc){exports.Enc={}}if(!exports.SSH){exports.SSH={}}var Enc=exports.Enc;var SSH=exports.SSH;SSH.parse=function(ssh){ssh=SSH.parseBlock(ssh);ssh=SSH.parseElements(ssh);return SSH.parsePublicKey(ssh)};SSH.parseBlock=function(ssh){ssh=ssh.split(/\s+/g);return{type:ssh[0],bytes:Enc.base64ToBuf(ssh[1]),comment:ssh[2]}};SSH.parseElements=function(ssh){var buf=ssh.bytes;var fulllen=buf.byteLength\|\|buf.length;var offset=buf.byteOffset\|\|0;var i=0;var index=0;var dv=new DataView(buf.buffer.slice(offset,offset+fulllen));var els=[];var el;var len;while(index<fulllen){i+=1;if(i>15){throw new Error("15+ elements, probably not a public ssh key")}len=dv.getUint32(index,false);index+=4;el=buf.slice(index,index+len);if(0===el[0]){el=el.slice(1)}els.push(el);index+=len}if(fulllen!==index){throw new Error("invalid ssh public key length \n"+els.map(function(b){return Enc.bufToHex(b)}).join("\n"))}ssh.elements=els;return ssh};SSH.parsePublicKey=function(ssh){var els=ssh.elements;var typ=Enc.bufToBin(els[0]);var len;if(SSH.types.rsa===typ){ssh.jwk={kty:"RSA",n:Enc.bufToUrlBase64(els[2]),e:Enc.bufToUrlBase64(els[1])};return ssh}if(SSH.types.p256===typ){len=32;ssh.jwk={kty:"EC",crv:"P-256"}}else if(SSH.types.p384===typ){len=48;ssh.jwk={kty:"EC",crv:"P-384"}}else{throw new Error("Unsupported ssh public key type: "+Enc.bufToBin(els[0]))}var x=els[2].slice(1,1+len);var y=els[2].slice(1+len,1+len+len);if(0===x[0]){x=x.slice(1)}if(0===y[0]){y=y.slice(1)}ssh.jwk.x=Enc.bufToUrlBase64(x);ssh.jwk.y=Enc.bufToUrlBase64(y);return ssh};SSH.types={p256:"ecdsa-sha2-nistp256",p384:"ecdsa-sha2-nistp384",rsa:"ssh-rsa"};Enc.base64ToBuf=function(b64){return Enc.binToBuf(atob(b64))};Enc.binToBuf=function(bin){var arr=bin.split("").map(function(ch){return ch.charCodeAt(0)});return"undefined"!==typeof Uint8Array?new Uint8Array(arr):arr};Enc.bufToBase64=function(u8){var bin="";u8.forEach(function(i){bin+=String.fromCharCode(i)});return btoa(bin)};Enc.bufToBin=function(buf){var bin="";buf.forEach(function(ch){bin+=String.fromCharCode(ch)});return bin};Enc.bufToUrlBase64=function(u8){return Enc.bufToBase64(u8).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")};Enc.urlBase64ToBase64=function urlsafeBase64ToBase64(str){var r=str%4;if(2===r){str+="=="}else if(3===r){str+="="}return str.replace(/-/g,"+").replace(/_/g,"/")}})("undefined"!==typeof window?window:module.exports);