From e3cc95ab59c49d188ebfad434aea5e37edb3c8f5 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sun, 18 Nov 2018 17:45:50 -0700 Subject: [PATCH] v1.1.1: code layout and organization --- lib/ecdsacsr.js | 635 +++++++++++++++++++++++------------------------- package.json | 2 +- 2 files changed, 308 insertions(+), 329 deletions(-) diff --git a/lib/ecdsacsr.js b/lib/ecdsacsr.js index e16a0ab..ab4dad6 100644 --- a/lib/ecdsacsr.js +++ b/lib/ecdsacsr.js @@ -6,85 +6,218 @@ var crypto = require('crypto'); // prime256v1 (ANSI X9.62 named elliptic curve) var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase(); +var ECDSACSR = {}; +var ECDSA = {}; +var DER = {}; +var PEM = {}; +var ASN1; +var Hex = {}; +var AB = {}; + // -// A dumbed-down, minimal ASN.1 packer +// CSR - the main event // -// Almost every ASN.1 type that's important for CSR -// can be represented generically with only a few rules. -function ASN1(/*type, hexstrings...*/) { - var args = Array.prototype.slice.call(arguments); - var typ = args.shift(); - var str = args.join('').replace(/\s+/g, '').toLowerCase(); - var len = (str.length/2); - var lenlen = 0; - var hex = typ; +ECDSACSR.create = function createEcCsr(keypem, domains) { + var pemblock = PEM.parseBlock(keypem); + var ecpub = PEM.parseEcPubkey(pemblock.der); + var request = ECDSACSR.request(ecpub, domains); + return AB.fromHex(ECDSACSR.sign(keypem, request)); +}; - // We can't have an odd number of hex chars - if (len !== Math.round(len)) { - throw new Error("invalid hex"); +ECDSACSR.request = function createCsrBodyEc(xy, domains) { + var publen = xy.x.byteLength; + var compression = '04'; + var hxy = ''; + // 04 == x+y, 02 == x-only + if (xy.y) { + publen += xy.y.byteLength; + } else { + // Note: I don't intend to support compression - it isn't used by most + // libraries and it requir more dependencies for bigint ops to deflate. + // This is more just a placeholder. It won't work right now anyway + // because compression requires an exta bit stored (odd vs even), which + // I haven't learned yet, and I'm not sure if it's allowed at all + compression = '02'; } + hxy += Hex.fromAB(xy.x); + if (xy.y) { hxy += Hex.fromAB(xy.y); } - // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc) - // The second byte is either the size of the value, or the size of its size + // Sorry for the mess, but it is what it is + return ASN1('30' - // 1. If the second byte is < 0x80 (128) it is considered the size - // 2. If it is > 0x80 then it describes the number of bytes of the size - // ex: 0x82 means the next 2 bytes describe the size of the value - // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file) + // Version (0) + , ASN1.UInt('00') - if (len > 127) { - lenlen += 1; - while (len > 255) { - lenlen += 1; - len = len >> 8; - } - } + // CN / Subject + , ASN1('30' + , ASN1('31' + , ASN1('30' + // object id (commonName) + , ASN1('06', '55 04 03') + , ASN1('0C', Hex.fromString(domains[0]))))) - if (lenlen) { hex += numToHex(0x80 + lenlen); } - return hex + numToHex(str.length/2) + str; -} + // EC P-256 Public Key + , ASN1('30' + , ASN1('30' + // 1.2.840.10045.2.1 ecPublicKey + // (ANSI X9.62 public key type) + , ASN1('06', '2A 86 48 CE 3D 02 01') + // 1.2.840.10045.3.1.7 prime256v1 + // (ANSI X9.62 named elliptic curve) + , ASN1('06', '2A 86 48 CE 3D 03 01 07') + ) + , ASN1.BitStr(compression + hxy)) + + // CSR Extension Subject Alternative Names + , ASN1('A0' + , ASN1('30' + // (extensionRequest (PKCS #9 via CRMF)) + , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') + , ASN1('31' + , ASN1('30' + , ASN1('30' + // (subjectAltName (X.509 extension)) + , ASN1('06', '55 1D 11') + , ASN1('04' + , ASN1('30', domains.map(function (d) { + return ASN1('82', Hex.fromString(d)); + }).join('')))))))) + ); +}; -// The Integer type has some special rules -ASN1.UInt = function UINT() { - var str = Array.prototype.slice.call(arguments).join(''); - var first = parseInt(str.slice(0, 2), 16); +ECDSACSR.sign = function csrEcSig(keypem, request) { + var sig = ECDSA.sign(keypem, AB.fromHex(request)); + var rLen = sig.r.byteLength; + var rc = ''; + var sLen = sig.s.byteLength; + var sc = ''; - // If the first byte is 0x80 or greater, the number is considered negative - // Therefore we add a '00' prefix if the 0x80 bit is set - if (0x80 & first) { str = '00' + str; } + if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } + if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } - return ASN1('02', str); + return ASN1('30' + // The Full CSR Request Body + , request + + // The Signature Type + , ASN1('30' + // 1.2.840.10045.4.3.2 ecdsaWithSHA256 + // (ANSI X9.62 ECDSA algorithm with SHA256) + , ASN1('06', '2A 86 48 CE 3D 04 03 02') + ) + + // The Signature, embedded in a Bit Stream + , ASN1.BitStr( + // As far as I can tell this is a completely separate ASN.1 structure + // that just so happens to be embedded in a Bit String of another ASN.1 + ASN1('30' + , ASN1.UInt(Hex.fromAB(sig.r)) + , ASN1.UInt(Hex.fromAB(sig.s)))) + ); }; -// The Bit String type also has a special rule -ASN1.BitStr = function BITSTR() { - var str = Array.prototype.slice.call(arguments).join(''); - // '00' is a mask of how many bits of the next byte to ignore - return ASN1('03', '00' + str); +// +// ECDSA +// + +// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a +ECDSA.sign = function signEc(keypem, ab) { + // Signer is a stream + var sign = crypto.createSign('SHA256'); + sign.write(new Uint8Array(ab)); + sign.end(); + + // The signature is ASN1 encoded + var sig = sign.sign(keypem); + + // Convert to a JavaScript ArrayBuffer just because + sig = new Uint8Array(sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength)); + + // The first two bytes '30 xx' signify SEQUENCE and LENGTH + // The sequence length byte will be a single byte because the signature is less that 128 bytes (0x80, 1024-bit) + // (this would not be true for P-521, but I'm not supporting that yet) + // The 3rd byte will be '02', signifying INTEGER + // The 4th byte will tell us the length of 'r' (which, on occassion, will be less than the full 255 bytes) + var rIndex = 3; + var rLen = sig[rIndex]; + var rEnd = rIndex + 1 + rLen; + var sIndex = rEnd + 1; + var sLen = sig[sIndex]; + var sEnd = sIndex + 1 + sLen; + var r = sig.slice(rIndex + 1, rEnd); + var s = sig.slice(sIndex + 1, sEnd); // this should be end-of-file + + // ASN1 INTEGER types use the high-order bit to signify a negative number, + // hence a leading '00' is used for numbers that begin with '80' or greater + // which is why r length is sometimes a byte longer than its bit length + if (0 === s[0]) { s = s.slice(1); } + if (0 === r[0]) { r = r.slice(1); } + + return { raw: sig.buffer, r: r.buffer, s: s.buffer }; +}; + +// +// DER +// + +DER.toCSR = function createEcCsrPem(der) { + var pem = PEM._format(AB.toBase64(der)); + return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----'; }; -function fromBase64(b64) { - var buf; - var ab; - if ('undefined' === typeof atob) { - buf = Buffer.from(b64, 'base64'); - return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); +// +// PEM +// + +// Just for error checking +PEM.from = function ensurePem(key) { + if (!key) { throw new Error("no private key given"); } + // whether PEM or DER, convert to Uint8Array + if ('string' === typeof key) { key = AB.utf8ToUint8Array(key); } + + // for consistency + if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); } + + // just as a sanity check + if (key instanceof Array) { + key = Uint8Array.from(key); + if (!key.every(function (el) { + return ('number' === typeof el) && (el >= 0) && (el <= 255); + })) { + throw new Error("key was an array, but not an array of ints between 0 and 255"); + } + } + + // no matter which path we take, we should arrive at a Uint8Array + if (!(key instanceof Uint8Array)) { + throw new Error("typeof key is '" + typeof key + "', not any of the supported types: utf8 string," + + " binary string, node Buffer, Uint8Array, or Array of ints between 0 and 255"); } - buf = atob(b64); - ab = new ArrayBuffer(buf.length); - ab = new Uint8Array(ab); - buf.split('').forEach(function (ch, i) { - ab[i] = ch.charCodeAt(0); - }); - return ab.buffer; -} -function parsePem(pem) { + // if DER, convert to PEM + if ((0x30 === key[0]) && (0x80 & key[1])) { + key = AB.toBase64(key); + } + key = [].map.call(key, function (i) { + return String.fromCharCode(i); + }).join(''); + if ('M' === key[0]) { + key = '-----BEGIN EC PRIVATE KEY-----\n' + key + '-----END EC PRIVATE KEY-----'; + } + if ('-' === key[0]) { + return key; + } else { + throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M')," + + " nor DER format (does not begin with 0x308X)"); + } +}; + +PEM.parseBlock = function parsePem(pem) { var typ; var pub; var crv; - var der = fromBase64(pem.split(/\n/).filter(function (line, i) { + var der = AB.fromBase64(pem.split(/\n/).filter(function (line, i) { if (0 === i) { if (/ PUBLIC /.test(line)) { pub = true; @@ -99,52 +232,30 @@ function parsePem(pem) { }).join('')); if (!typ || 'EC' === typ) { - var hex = toHex(der).toLowerCase(); + var hex = Hex.fromAB(der).toLowerCase(); if (-1 !== hex.indexOf(OBJ_ID_EC)) { typ = 'EC'; crv = 'P-256'; } else { - // TODO more than just P-256 + // TODO support P-384 as well (but probably nothing else) console.warn("unsupported ec curve"); } } return { typ: typ, pub: pub, der: der, crv: crv }; -} +}; -function toHex(ab) { - var hex = []; - var u8 = new Uint8Array(ab); - var size = u8.byteLength; - var i; - var h; - for (i = 0; i < size; i += 1) { - h = u8[i].toString(16); - if (2 === h.length) { - hex.push(h); - } else { - hex.push('0' + h); - } - } - return hex.join(''); -} +PEM._format = function formatAsPem(str) { + var finalString = ''; -function fromHex(hex) { - if ('undefined' !== typeof Buffer) { - return Buffer.from(hex, 'hex'); - } - var ab = new ArrayBuffer(hex.length/2); - var i; - var j; - ab = new Uint8Array(ab); - for (i = 0, j = 0; i < (hex.length/2); i += 1) { - ab[i] = parseInt(hex.slice(j, j+1), 16); - j += 2; + while (str.length > 0) { + finalString += str.substring(0, 64) + '\n'; + str = str.substring(64); } - return ab.buffer; -} + return finalString; +}; -function readEcPubkey(der) { +PEM.parseEcPubkey = function readEcPubkey(der) { // the key is the last 520 bits of both the private key and the public key // he 3 bits prior identify the key as var x, y; @@ -152,11 +263,11 @@ function readEcPubkey(der) { var keylen = 32; var offset = 64; var headerSize = 4; - var header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); + var header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); if ('03420004' !== header) { offset = 32; - header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); + header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); if ('03420002' !== header) { throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")"); } @@ -174,46 +285,88 @@ function readEcPubkey(der) { x: x , y: y || null }; -} +}; -function formatAsPem(str) { - var finalString = ''; +// +// A dumbed-down, minimal ASN.1 packer +// - while (str.length > 0) { - finalString += str.substring(0, 64) + '\n'; - str = str.substring(64); +// Almost every ASN.1 type that's important for CSR +// can be represented generically with only a few rules. +ASN1 = function ASN1(/*type, hexstrings...*/) { + var args = Array.prototype.slice.call(arguments); + var typ = args.shift(); + var str = args.join('').replace(/\s+/g, '').toLowerCase(); + var len = (str.length/2); + var lenlen = 0; + var hex = typ; + + // We can't have an odd number of hex chars + if (len !== Math.round(len)) { + throw new Error("invalid hex"); } - return finalString; -} -function toBase64(der) { - if ('undefined' === typeof btoa) { - return Buffer.from(der).toString('base64'); + // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc) + // The second byte is either the size of the value, or the size of its size + + // 1. If the second byte is < 0x80 (128) it is considered the size + // 2. If it is > 0x80 then it describes the number of bytes of the size + // ex: 0x82 means the next 2 bytes describe the size of the value + // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file) + + if (len > 127) { + lenlen += 1; + while (len > 255) { + lenlen += 1; + len = len >> 8; + } } - var chs = []; - der.forEach(function (b) { - chs.push(String.fromCharCode(b)); - }); - return btoa(chs.join('')); -} - -function csrEcSig(r, s) { - return [ - ASN1('30' - // 1.2.840.10045.4.3.2 ecdsaWithSHA256 - // (ANSI X9.62 ECDSA algorithm with SHA256) - , ASN1('06', '2A 86 48 CE 3D 04 03 02') - ) - , ASN1.BitStr( - ASN1('30' - , ASN1.UInt(toHex(r)) - , ASN1.UInt(toHex(s)) - ) - ) - ].join(''); -} -function strToHex(str) { + if (lenlen) { hex += Hex.fromInt(0x80 + lenlen); } + return hex + Hex.fromInt(str.length/2) + str; +}; + +// The Integer type has some special rules +ASN1.UInt = function UINT() { + var str = Array.prototype.slice.call(arguments).join(''); + var first = parseInt(str.slice(0, 2), 16); + + // If the first byte is 0x80 or greater, the number is considered negative + // Therefore we add a '00' prefix if the 0x80 bit is set + if (0x80 & first) { str = '00' + str; } + + return ASN1('02', str); +}; + +// The Bit String type also has a special rule +ASN1.BitStr = function BITSTR() { + var str = Array.prototype.slice.call(arguments).join(''); + // '00' is a mask of how many bits of the next byte to ignore + return ASN1('03', '00' + str); +}; + +// +// Hex, Base64, Buffer, String +// + +Hex.fromAB = function toHex(ab) { + var hex = []; + var u8 = new Uint8Array(ab); + var size = u8.byteLength; + var i; + var h; + for (i = 0; i < size; i += 1) { + h = u8[i].toString(16); + if (2 === h.length) { + hex.push(h); + } else { + hex.push('0' + h); + } + } + return hex.join(''); +}; + +Hex.fromString = function strToHex(str) { var escstr = encodeURIComponent(str); // replaces any uri escape sequence, such as %0A, // with binary escape, such as 0x0A @@ -225,175 +378,20 @@ function strToHex(str) { if (2 === h.length) { return h; } return '0' + h; }).join(''); -} +}; -function numToHex(d) { +Hex.fromInt = function numToHex(d) { d = d.toString(16); if (d.length % 2) { return '0' + d; } return d; -} - -function fromHex(hex) { - if ('undefined' !== typeof Buffer) { - return Buffer.from(hex, 'hex'); - } - var ab = new ArrayBuffer(hex.length/2); - var i; - var j; - ab = new Uint8Array(ab); - for (i = 0, j = 0; i < (hex.length/2); i += 1) { - ab[i] = parseInt(hex.slice(j, j+1), 16); - j += 2; - } - return ab.buffer; -} - -function createCsrBodyEc(domains, xy) { - var publen = xy.x.byteLength; - var compression = '04'; - var hxy = ''; - // 04 == x+y, 02 == x-only - if (xy.y) { - publen += xy.y.byteLength; - } else { - // Note: I don't intend to support compression - it isn't used by most - // libraries and it requir more dependencies for bigint ops to deflate. - // This is more just a placeholder. It won't work right now anyway - // because compression requires an exta bit stored (odd vs even), which - // I haven't learned yet, and I'm not sure if it's allowed at all - compression = '02'; - } - hxy += toHex(xy.x); - if (xy.y) { - hxy += toHex(xy.y); - } - - var version = ASN1.UInt('00'); - var subject = ASN1('30' - , ASN1('31' - , ASN1('30' - // object id (commonName) - , ASN1('06', '55 04 03') - , ASN1('0C', strToHex(domains[0]))))); - var pubkey = ASN1('30' - , ASN1('30' - // 1.2.840.10045.2.1 ecPublicKey - // (ANSI X9.62 public key type) - , ASN1('06', '2A 86 48 CE 3D 02 01') - // 1.2.840.10045.3.1.7 prime256v1 - // (ANSI X9.62 named elliptic curve) - , ASN1('06', '2A 86 48 CE 3D 03 01 07') - ) - , ASN1.BitStr(compression + hxy)); - var altnames = ASN1('A0' - , ASN1('30' - // (extensionRequest (PKCS #9 via CRMF)) - , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') - , ASN1('31' - , ASN1('30' - , ASN1('30' - // (subjectAltName (X.509 extension)) - , ASN1('06', '55 1D 11') - , ASN1('04' - , ASN1('30', domains.map(function (d) { - return ASN1('82', strToHex(d)); - }).join('')))))))); - var body = ASN1('30' - - // #0 Total 3 - , version - - // Subject - // #1 Total 2+11+n - , subject - - // P-256 Public Key - // #2 Total 2+25+xy - , pubkey - - // Altnames - // #3 Total 2+28+n - , altnames - ); - - return body; -} - -// https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a -function signEc(keypem, ab) { - // Signer is a stream - var sign = crypto.createSign('SHA256'); - sign.write(new Uint8Array(ab)); - sign.end(); - - // The signature is ASN1 encoded - var sig = sign.sign(keypem); - - // Convert to a JavaScript ArrayBuffer just because - sig = new Uint8Array(sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength)); - - // The first two bytes '30 xx' signify SEQUENCE and LENGTH - // The sequence length byte will be a single byte because the signature is less that 128 bytes (0x80, 1024-bit) - // (this would not be true for P-521, but I'm not supporting that yet) - // The 3rd byte will be '02', signifying INTEGER - // The 4th byte will tell us the length of 'r' (which, on occassion, will be less than the full 255 bytes) - var rIndex = 3; - var rLen = sig[rIndex]; - var rEnd = rIndex + 1 + rLen; - var sIndex = rEnd + 1; - var sLen = sig[sIndex]; - var sEnd = sIndex + 1 + sLen; - var r = sig.slice(rIndex + 1, rEnd); - var s = sig.slice(sIndex + 1, sEnd); // this should be end-of-file - - // ASN1 INTEGER types use the high-order bit to signify a negative number, - // hence a leading '00' is used for numbers that begin with '80' or greater - // which is why r length is sometimes a byte longer than its bit length - if (0 === s[0]) { s = s.slice(1); } - if (0 === r[0]) { r = r.slice(1); } - - return { raw: sig.buffer, r: r.buffer, s: s.buffer }; -} - -function createEcCsr(domains, keypem, ecpub) { - // TODO get pub from priv - - var csrBody = createCsrBodyEc(domains, ecpub); - var sig = signEc(keypem, fromHex(csrBody)); - var rLen = sig.r.byteLength; - var rc = ''; - var sLen = sig.s.byteLength; - var sc = ''; - - if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } - if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } - - var csrSig = csrEcSig(sig.r, sig.s); - - /* - console.log('sig:', sig.raw.byteLength, toHex(sig.raw)); - console.log('r:', sig.r.byteLength, toHex(sig.r)); - console.log('s:', sig.s.byteLength, toHex(sig.s)); - console.log('csr sig:', csrSig.length / 2, csrSig); - console.log('csrBodyLen + csrSigLen', numToHex(len)); - */ - return fromHex(ASN1('30', csrBody, csrSig)); -} - -function createEcCsrPem(domains, keypem) { - var pemblock = parsePem(keypem); - var ecpub = readEcPubkey(pemblock.der); - var ab = createEcCsr(domains, keypem, ecpub); - var pem = formatAsPem(toBase64(ab)); - return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----'; -} +}; // Taken from Unibabel // https://git.coolaj86.com/coolaj86/unibabel.js#readme // https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/ -function utf8ToUint8Array(str) { +AB.utf8ToUint8Array = function (str) { var escstr = encodeURIComponent(str); // replaces any uri escape sequence, such as %0A, // with binary escape, such as 0x0A @@ -406,49 +404,31 @@ function utf8ToUint8Array(str) { }); return buf; -} - -function ensurePem(key) { - if (!key) { throw new Error("no private key given"); } - // whether PEM or DER, convert to Uint8Array - if ('string' === typeof key) { key = utf8ToUint8Array(key); } - - // for consistency - if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); } +}; - // just as a sanity check - if (key instanceof Array) { - key = Uint8Array.from(key); - if (!key.every(function (el) { - return ('number' === typeof el) && (el >= 0) && (el <= 255); - })) { - throw new Error("key was an array, but not an array of ints between 0 and 255"); - } +AB.fromHex = function fromHex(hex) { + if ('undefined' !== typeof Buffer) { + return Buffer.from(hex, 'hex'); } - - // no matter which path we take, we should arrive at a Uint8Array - if (!(key instanceof Uint8Array)) { - throw new Error("typeof key is '" + typeof key + "', not any of the supported types: utf8 string," - + " binary string, node Buffer, Uint8Array, or Array of ints between 0 and 255"); + var ab = new ArrayBuffer(hex.length/2); + var i; + var j; + ab = new Uint8Array(ab); + for (i = 0, j = 0; i < (hex.length/2); i += 1) { + ab[i] = parseInt(hex.slice(j, j+1), 16); + j += 2; } + return ab.buffer; +}; - // if DER, convert to PEM - if ((0x30 === key[0]) && (0x80 & key[1])) { - key = toBase64(key); - } - key = [].map.call(key, function (i) { - return String.fromCharCode(i); - }).join(''); - if ('M' === key[0]) { - key = '-----BEGIN EC PRIVATE KEY-----\n' + key + '-----END EC PRIVATE KEY-----'; - } - if ('-' === key[0]) { - return key; - } else { - throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M')," - + " nor DER format (does not begin with 0x308X)"); - } -} +AB.fromBase64 = function fromBase64(b64) { + var buf = Buffer.from(b64, 'base64'); + return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); +}; + +AB.toBase64 = function toBase64(der) { + return Buffer.from(der).toString('base64'); +}; /*global Promise*/ module.exports = function (opts) { @@ -471,8 +451,7 @@ module.exports = function (opts) { })) { throw new Error("You must pass options.domains as utf8 strings (not punycode)"); } - var key = ensurePem(opts.key); - - return createEcCsrPem(opts.domains, key); + var key = PEM.from(opts.key); + return DER.toCSR(ECDSACSR.create(key, opts.domains)); }); }; diff --git a/package.json b/package.json index 1548df2..1101539 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ecdsa-csr", - "version": "1.1.0", + "version": "1.1.1", "description": "A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!", "main": "index.js", "bin": {