rename keyfile name

.gitignore

@@ -0,0 +1,2 @@
+privkey-ec-p256.pem
+csr.pem

README.md

@@ -1,7 +1,7 @@
 ECDSA-CSR.js
 =========
 
-Sponsored by [Root](https://therootcompany.com)
+Sponsored by [Root](https://therootcompany.com), built for [ACME.js](https://git.coolaj86.com/coolaj86/acme.js) and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock-express.js)
 
 A focused, **zero-dependency** library that can do exactly one thing really, really well:
   * Generate a Certificate Signing Requests (CSR), and sign it!
@@ -38,7 +38,8 @@ var edsacsr = require('ecdsa-csr');
 var domains = [ 'example.com', 'www.example.com', 'api.example.com' ];
 
 return ecdsacsr({ key: key, domains: domains }).then(function (csr) {
-  console.log('CSR PEM:', csr);
+  console.log('CSR PEM:');
+  console.log(csr);
 });
 ```
 
@@ -48,7 +49,11 @@ return ecdsacsr({ key: key, domains: domains }).then(function (csr) {
   * PEM may be a plain string or a Buffer*
   * DER must be a Buffer*
 * `domains` must be a list of strings representing domain names
-  * must be plain oldl utf8, not punycode
+  * correctly handles utf-8
+  * you may also use punycoded, if needed
+* `subject` will be `domains[0]` by default
+  * you shouldn't use this unless you need to
+  * you may need to if you need utf-8 for domains, but punycode for the subject
 
 * "Buffer" can be a node Buffer, a JavaScript Uint8Array,
 or a JavaScript Array which contains only numbers between 0 and 255.
@@ -77,12 +82,10 @@ Known Issues
 ------------
 
 I've learned to be careful about talking about the future,
-however, I literally just published this tonight (2018-11-17)
+however, I literally just published this last night (2018-11-17)
 and there are a few things I plan to address but haven't yet:
 
 * JWK not yet supported
-* non-ascii domains, such as 例.中国 not yet supported
-* total domains length over 127 characters not yet supported
 
 New to Crypto?
 --------------

bin/ecdsacsr.js

@@ -1,4 +1,4 @@
-#!/bin/env node
+#!/usr/bin/env node
 'use strict';
 
 var fs = require('fs');
@@ -10,8 +10,8 @@ var domains = process.argv[3].split(/,/);
 var keypem = fs.readFileSync(keyname, 'ascii');
 
 ecdsacsr({ key: keypem, domains: domains }).then(function (csr) {
-  console.error("CN=" + domains[0]);
-  console.error("subjectAltName=" + domains.join(','));
-  console.error();
+  // Using error so that we can redirect stdout to file
+  //console.error("CN=" + domains[0]);
+  //console.error("subjectAltName=" + domains.join(','));
   console.log(csr);
 });

fixtures/privkey-ec-p256.pkcs8.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiYydo27aNGO9DBUW
+eGEPD8oNi1LZDqfxPmQlieLBjVShRANCAAQhPVJYvGxpw+ITlnXqOSikCfz/7zms
+yODIKiSueMN+3pj9icDgDnTJl7sKcWyp4Nymc9u5s/pyliJVyd680hjK
+-----END EC PRIVATE KEY-----

fixtures/privkey-ec-p256.sec1.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIImMnaNu2jRjvQwVFnhhDw/KDYtS2Q6n8T5kJYniwY1UoAoGCCqGSM49
+AwEHoUQDQgAEIT1SWLxsacPiE5Z16jkopAn8/+85rMjgyCokrnjDft6Y/YnA4A50
+yZe7CnFsqeDcpnPbubP6cpYiVcnevNIYyg==
+-----END EC PRIVATE KEY-----

fixtures/privkey-ec-p384.pkcs8.pem

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBeXK4IRZJNNLxTv078
+zPTnPXy+HiRvXSzO+7/ul1e4ZZXqV8TI8THJRhawDoDaR1WhZANiAATbMRTRsoJr
+t6Mosgnyg8acuGqHHKK/j/DfwrZrRI8Lp2xJ33+CU0nyVyq/Sx9/kZtUPiOe7zdL
+qxyfr9N4CPcRk5EQZs6zp3OhWlq6Cf5dAwzIL07hUtsMMUYFlMmUyxs=
+-----END EC PRIVATE KEY-----

fixtures/privkey-ec-p384.sec1.pem

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDBeXK4IRZJNNLxTv078zPTnPXy+HiRvXSzO+7/ul1e4ZZXqV8TI8THJ
+RhawDoDaR1WgBwYFK4EEACKhZANiAATbMRTRsoJrt6Mosgnyg8acuGqHHKK/j/Df
+wrZrRI8Lp2xJ33+CU0nyVyq/Sx9/kZtUPiOe7zdLqxyfr9N4CPcRk5EQZs6zp3Oh
+Wlq6Cf5dAwzIL07hUtsMMUYFlMmUyxs=
+-----END EC PRIVATE KEY-----

fixtures/pub-ec-p256.spki.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIT1SWLxsacPiE5Z16jkopAn8/+85
+rMjgyCokrnjDft6Y/YnA4A50yZe7CnFsqeDcpnPbubP6cpYiVcnevNIYyg==
+-----END PUBLIC KEY-----

fixtures/pub-ec-p384.spki.pem

@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE2zEU0bKCa7ejKLIJ8oPGnLhqhxyiv4/w
+38K2a0SPC6dsSd9/glNJ8lcqv0sff5GbVD4jnu83S6scn6/TeAj3EZOREGbOs6dz
+oVpaugn+XQMMyC9O4VLbDDFGBZTJlMsb
+-----END PUBLIC KEY-----

lib/ecdsacsr.js

@@ -6,195 +6,26 @@ var crypto = require('crypto');
 // prime256v1 (ANSI X9.62 named elliptic curve)
 var OBJ_ID_EC  = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase();
 
-function fromBase64(b64) {
-  var buf;
-  var ab;
-  if ('undefined' === typeof atob) {
-    buf = Buffer.from(b64, 'base64');
-    return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
-  }
-  buf = atob(b64);
-  ab = new ArrayBuffer(buf.length);
-  ab = new Uint8Array(ab);
-  buf.split('').forEach(function (ch, i) {
-    ab[i] = ch.charCodeAt(0);
-  });
-  return ab.buffer;
-}
+var ECDSACSR = {};
+var ECDSA = {};
+var DER = {};
+var PEM = {};
+var ASN1;
+var Hex = {};
+var AB = {};
 
-function parsePem(pem) {
-  var typ;
-  var pub;
-  var crv;
-  var der = fromBase64(pem.split(/\n/).filter(function (line, i) {
-    if (0 === i) {
-      if (/ PUBLIC /.test(line)) {
-        pub = true;
-      } else if (/ PRIVATE /.test(line)) {
-        pub = false;
-      }
-      if (/ EC/.test(line)) {
-        typ = 'EC';
-      }
-    }
-    return !/---/.test(line);
-  }).join(''));
+//
+// CSR - the main event
+//
 
-  if (!typ || 'EC' === typ) {
-    var hex = toHex(der).toLowerCase();
-    if (-1 !== hex.indexOf(OBJ_ID_EC)) {
-      typ = 'EC';
-      crv = 'P-256';
-    } else {
-      // TODO more than just P-256
-      console.warn("unsupported ec curve");
-    }
-  }
+ECDSACSR.create = function createEcCsr(keypem, domains) {
+  var pemblock = PEM.parseBlock(keypem);
+  var ecpub = PEM.parseEcPubkey(pemblock.der);
+  var request = ECDSACSR.request(ecpub, domains);
+  return AB.fromHex(ECDSACSR.sign(keypem, request));
+};
 
-  return { typ: typ, pub: pub, der: der, crv: crv };
-}
-
-function toHex(ab) {
-  var hex = [];
-  var u8 = new Uint8Array(ab);
-  var size = u8.byteLength;
-  var i;
-  var h;
-  for (i = 0; i < size; i += 1) {
-    h = u8[i].toString(16);
-    if (2 === h.length) {
-      hex.push(h);
-    } else {
-      hex.push('0' + h);
-    }
-  }
-  return hex.join('');
-}
-
-function fromHex(hex) {
-  if ('undefined' !== typeof Buffer) {
-    return Buffer.from(hex, 'hex');
-  }
-  var ab = new ArrayBuffer(hex.length/2);
-  var i;
-  var j;
-  ab = new Uint8Array(ab);
-  for (i = 0, j = 0; i < (hex.length/2); i += 1) {
-    ab[i] = parseInt(hex.slice(j, j+1), 16);
-    j += 2;
-  }
-  return ab.buffer;
-}
-
-function readEcPubkey(der) {
-  // the key is the last 520 bits of both the private key and the public key
-  // he 3 bits prior identify the key as
-  var x, y;
-  var compressed;
-  var keylen = 32;
-  var offset = 64;
-  var headerSize = 4;
-  var header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
-
-  if ('03420004' !== header) {
-    offset = 32;
-    header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
-    if ('03420002' !== header) {
-      throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")");
-    }
-  }
-
-  // The one good thing that came from the b***kchain hysteria: good EC documentation
-  // https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/
-  compressed = ('2' === header[header.byteLength -1]);
-  x = der.slice(der.byteLength - offset, (der.byteLength - offset) + keylen);
-  if (!compressed) {
-    y = der.slice(der.byteLength - keylen, der.byteLength);
-  }
-
-  return {
-    x: x
-  , y: y || null
-  };
-}
-
-function formatAsPem(str) {
-  var finalString = '';
-
-  while (str.length > 0) {
-      finalString += str.substring(0, 64) + '\n';
-      str = str.substring(64);
-  }
-  return finalString;
-}
-
-function toBase64(der) {
-  if ('undefined' === typeof btoa) {
-    return Buffer.from(der).toString('base64');
-  }
-	var chs = [];
-	der.forEach(function (b) {
-		chs.push(String.fromCharCode(b));
-	});
-  return btoa(chs.join(''));
-}
-
-// these are static ASN.1 segments
-// The head specifies that there will be 3 segments and a content length
-// (those segments will be content, signature header, and signature)
-var csrHead = '30 82 {0seq0len}'.replace(/\s+/g, '');
-// The tail specifies the ES256 signature header (and is followed by the signature
-var csrEcFoot =
-  ( '30 0A'
-      // 1.2.840.10045.4.3.2 ecdsaWithSHA256
-      // (ANSI X9.62 ECDSA algorithm with SHA256)
-    + '06 08 2A 86 48 CE 3D 04 03 02'
-  + '03 {len} 00' // bit stream (why??)
-    + '30 {rslen}'  // sequence
-      + '02 {rlen} {r}' // integer r
-      + '02 {slen} {s}' // integer s
-  ).replace(/\s+/g, '');
-var csrDomains = '82 {dlen} {domain.tld}';  // 2+n bytes (type 82?)
-
-function strToHex(str) {
-  return str.split('').map(function (ch) {
-    var h = ch.charCodeAt(0).toString(16);
-    if (2 === h.length) {
-      return h;
-    }
-    return '0' + h;
-  }).join('');
-}
-
-function numToHex(d) {
-  d = d.toString(16);
-  if (d.length % 2) {
-    return '0' + d;
-  }
-  return d;
-}
-
-function fromHex(hex) {
-  if ('undefined' !== typeof Buffer) {
-    return Buffer.from(hex, 'hex');
-  }
-  var ab = new ArrayBuffer(hex.length/2);
-  var i;
-  var j;
-  ab = new Uint8Array(ab);
-  for (i = 0, j = 0; i < (hex.length/2); i += 1) {
-    ab[i] = parseInt(hex.slice(j, j+1), 16);
-    j += 2;
-  }
-  return ab.buffer;
-}
-
-function createCsrBodyEc(domains, xy) {
-  var altnames = domains.map(function (d) {
-    return csrDomains.replace(/{dlen}/, numToHex(d.length)).replace(/{domain\.tld}/, strToHex(d));
-  }).join('').replace(/\s+/g, '');
-  var sublen = domains[0].length;
-  var sanlen = (altnames.length/2);
+ECDSACSR.request = function createCsrBodyEc(xy, domains) {
   var publen = xy.x.byteLength;
   var compression = '04';
   var hxy = '';
@@ -209,79 +40,89 @@ function createCsrBodyEc(domains, xy) {
     // I haven't learned yet, and I'm not sure if it's allowed at all
     compression = '02';
   }
-  hxy += toHex(xy.x);
-  if (xy.y) {
-    hxy += toHex(xy.y);
-  }
+  hxy += Hex.fromAB(xy.x);
+  if (xy.y) { hxy += Hex.fromAB(xy.y); }
 
-  var body = [ '30 81 {+85+n}'                                        // 4 bytes, sequence
-    .replace(/{[^}]+}/, numToHex(
-        3
-      + 13 + sublen
-      + 27 + publen // Length for EC-related P-256 stuff
-      + 30 + sanlen
-    ))
+  // Sorry for the mess, but it is what it is
+  return ASN1('30'
 
-      // #0 Total 3
-    , '02 01 00'                                                      // 3 bytes, int 0
+      // Version (0)
+    , ASN1.UInt('00')
 
-      // Subject
-      // #1 Total 2+11+n
-    , '30 {3.2.0seqlen}'                                              // 2 bytes, sequence
-      .replace(/{[^}]+}/, numToHex(2+2+5+2+sublen))
-      , '31 {4.3.0setlen}'                                            // 2 bytes, set
-        .replace(/{[^}]+}/, numToHex(2+5+2+sublen))
-        , '30 {5.4.0seqlen}'                                          // 2 bytes, sequence
-          .replace(/{[^}]+}/, numToHex(5+2+sublen))
-        , '06 03 55 04 03'                                            // 5 bytes, object id (commonName)
-        , '0C {dlen} {domain.tld}'                                    // 2+n bytes, utf8string
-          .replace(/{dlen}/, numToHex(sublen))
-          .replace(/{domain\.tld}/, strToHex(domains[0]))
+      // CN / Subject
+    , ASN1('30'
+      , ASN1('31'
+        , ASN1('30'
+            // object id (commonName)
+          , ASN1('06', '55 04 03')
+          , ASN1('0C', Hex.fromString(domains[0])))))
 
-      // P-256 Public Key
-      // #2 Total 2+25+xy
-    , '30 {+25+xy}'                                                   // 2 bytes, sequence
-      .replace(/{[^}]+}/, numToHex(2+9+10+3+1+publen))
-      , '30 13'                                                       // 2 bytes, sequence
+      // EC P-256 Public Key
+    , ASN1('30'
+      , ASN1('30'
           // 1.2.840.10045.2.1 ecPublicKey
           // (ANSI X9.62 public key type)
-        , '06 07 2A 86 48 CE 3D 02 01'                                // 9 bytes, object id
+        , ASN1('06', '2A 86 48 CE 3D 02 01')
           // 1.2.840.10045.3.1.7 prime256v1
           // (ANSI X9.62 named elliptic curve)
-        , '06 08 2A 86 48 CE 3D 03 01 07'                             // 10 bytes, object id
-      , '03 {xylen} 00 {xy}'                                          // 3+1+n bytes
-        .replace(/{xylen}/, numToHex(publen+2))
-        .replace(/{xy}/, compression + hxy)
+        , ASN1('06', '2A 86 48 CE 3D 03 01 07')
+        )
+      , ASN1.BitStr(compression + hxy))
 
-      // Altnames
-      // #3 Total 2+28+n
-    , 'A0 {+28}'                                                      // 2 bytes, ?? [4B]
-      .replace(/{[^}]+}/, numToHex(2+11+2+2+2+5+2+2+sanlen))
-      , '30 {+26}'                                                    // 2 bytes, sequence
-        .replace(/{[^}]+}/, numToHex(11+2+2+2+5+2+2+sanlen))
+      // CSR Extension Subject Alternative Names
+    , ASN1('A0'
+      , ASN1('30'
           // (extensionRequest (PKCS #9 via CRMF))
-        , '06 09 2A 86 48 86 F7 0D 01 09 0E'                          // 11 bytes, object id
-          , '31 {+13}'                                                // 2 bytes, set
-            .replace(/{[^}]+}/, numToHex(2+2+5+2+2+sanlen))
-            , '30 {+11}'                                              // 2 bytes, sequence
-              .replace(/{[^}]+}/, numToHex(2+5+2+2+sanlen))
-              , '30 {+9}'                                             // 2 bytes, sequence
-                .replace(/{[^}]+}/, numToHex(5+2+2+sanlen))
-                  // (subjectAltName (X.509 extension))
-                , '06 03 55 1D 11'                                    // 5 bytes, object id
-                , '04 {+2}'                                           // 2 bytes, octet string
-                  .replace(/{[^}]+}/, numToHex(2+sanlen))
-                  , '30 {+n}'                                         // 2 bytes, sequence
-                    .replace(/{[^}]+}/, numToHex(sanlen))
-                    , '{altnames}'                                    // n (elements of sequence)
-                      .replace(/{altnames}/, altnames)
-  ];
-  body = body.join('').replace(/\s+/g, '');
-  return fromHex(body);
-}
+        , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E')
+        , ASN1('31'
+          , ASN1('30'
+            , ASN1('30'
+                // (subjectAltName (X.509 extension))
+              , ASN1('06', '55 1D 11')
+              , ASN1('04'
+                , ASN1('30', domains.map(function (d) {
+                    return ASN1('82', Hex.fromString(d));
+                  }).join(''))))))))
+  );
+};
 
-// https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
-function signEc(keypem, ab) {
+ECDSACSR.sign = function csrEcSig(keypem, request) {
+  var sig = ECDSA.sign(keypem, AB.fromHex(request));
+  var rLen = sig.r.byteLength;
+  var rc = '';
+  var sLen = sig.s.byteLength;
+  var sc = '';
+
+  if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; }
+  if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; }
+
+  return ASN1('30'
+      // The Full CSR Request Body
+    , request
+
+      // The Signature Type
+    , ASN1('30'
+        // 1.2.840.10045.4.3.2 ecdsaWithSHA256
+        // (ANSI X9.62 ECDSA algorithm with SHA256)
+      , ASN1('06', '2A 86 48 CE 3D 04 03 02')
+      )
+
+      // The Signature, embedded in a Bit Stream
+    , ASN1.BitStr(
+        // As far as I can tell this is a completely separate ASN.1 structure
+        // that just so happens to be embedded in a Bit String of another ASN.1
+        ASN1('30'
+        , ASN1.UInt(Hex.fromAB(sig.r))
+        , ASN1.UInt(Hex.fromAB(sig.s))))
+  );
+};
+
+//
+// ECDSA
+//
+
+// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
+ECDSA.sign = function signEc(keypem, ab) {
   // Signer is a stream
   var sign = crypto.createSign('SHA256');
   sign.write(new Uint8Array(ab));
@@ -314,89 +155,26 @@ function signEc(keypem, ab) {
   if (0 === r[0]) { r = r.slice(1); }
 
   return { raw: sig.buffer, r: r.buffer, s: s.buffer };
-}
+};
 
-function createEcCsr(domains, keypem, ecpub) {
-  // TODO get pub from priv
+//
+// DER
+//
 
-  var csrBody = createCsrBodyEc(domains, ecpub);
-  var sig = signEc(keypem, csrBody);
-  var rLen = sig.r.byteLength;
-  var rc = '';
-  var sLen = sig.s.byteLength;
-  var sc = '';
-
-  if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; }
-  if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; }
-
-  var csrSig = csrEcFoot
-    .replace(/{len}/, numToHex(1 + 2 + 2 + 2 + rLen + sLen))
-    .replace(/{rslen}/, numToHex(2 + 2 + rLen + sLen))
-    .replace(/{rlen}/, numToHex(rLen))
-    .replace(/{r}/, rc + toHex(sig.r))
-    .replace(/{slen}/, numToHex(sLen))
-    .replace(/{s}/, sc + toHex(sig.s))
-  ;
-
-  // Note: If we supported P-521 a number of the lengths would change
-  // by one byte and that would be... annoying to update
-  var len = csrBody.byteLength + (csrSig.length/2);
-  /*
-  console.log('sig:', sig.raw.byteLength, toHex(sig.raw));
-  console.log('r:', sig.r.byteLength, toHex(sig.r));
-  console.log('s:', sig.s.byteLength, toHex(sig.s));
-  console.log('csr sig:', csrSig.length / 2, csrSig);
-  console.log('csrBodyLen + csrSigLen', numToHex(len));
-  */
-  var head = csrHead.replace(/{[^}]+}/, numToHex(len));
-  var ab = new Uint8Array(new ArrayBuffer((head.length/2) + len));
-  var i = 0;
-  fromHex(head).forEach(function (b) {
-    ab[i] = b;
-    i += 1;
-  });
-  csrBody.forEach(function (b) {
-    ab[i] = b;
-    i += 1;
-  });
-  fromHex(csrSig).forEach(function (b) {
-    ab[i] = b;
-    i += 1;
-  });
-
-  return ab;
-}
-
-function createEcCsrPem(domains, keypem) {
-  var pemblock = parsePem(keypem);
-  var ecpub = readEcPubkey(pemblock.der);
-  var ab = createEcCsr(domains, keypem, ecpub);
-  var pem = formatAsPem(toBase64(ab));
+DER.toCSR = function createEcCsrPem(der) {
+  var pem = PEM._format(AB.toBase64(der));
   return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----';
-}
+};
 
-// Taken from Unibabel
-// https://git.coolaj86.com/coolaj86/unibabel.js#readme
-// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/
-function utf8ToUint8Array(str) {
-  var escstr = encodeURIComponent(str);
-  // replaces any uri escape sequence, such as %0A,
-  // with binary escape, such as 0x0A
-  var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
-    return String.fromCharCode('0x' + p1);
-  });
-  var buf = new Uint8Array(binstr.length);
-  binstr.split('').forEach(function (ch, i) {
-    buf[i] = ch.charCodeAt(0);
-  });
+//
+// PEM
+//
 
-  return buf;
-}
-
-function ensurePem(key) {
+// Just for error checking
+PEM.from = function ensurePem(key) {
   if (!key) { throw new Error("no private key given"); }
   // whether PEM or DER, convert to Uint8Array
-  if ('string' === typeof key) { key = utf8ToUint8Array(key); }
+  if ('string' === typeof key) { key = AB.utf8ToUint8Array(key); }
 
   // for consistency
   if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); }
@@ -419,7 +197,7 @@ function ensurePem(key) {
 
   // if DER, convert to PEM
   if ((0x30 === key[0]) && (0x80 & key[1])) {
-    key = toBase64(key);
+    key = AB.toBase64(key);
   }
   key = [].map.call(key, function (i) {
     return String.fromCharCode(i);
@@ -433,7 +211,224 @@ function ensurePem(key) {
     throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M'),"
       + " nor DER format (does not begin with 0x308X)");
   }
-}
+};
+
+PEM.parseBlock = function parsePem(pem) {
+  var typ;
+  var pub;
+  var crv;
+  var der = AB.fromBase64(pem.split(/\n/).filter(function (line, i) {
+    if (0 === i) {
+      if (/ PUBLIC /.test(line)) {
+        pub = true;
+      } else if (/ PRIVATE /.test(line)) {
+        pub = false;
+      }
+      if (/ EC/.test(line)) {
+        typ = 'EC';
+      }
+    }
+    return !/---/.test(line);
+  }).join(''));
+
+  if (!typ || 'EC' === typ) {
+    var hex = Hex.fromAB(der).toLowerCase();
+    if (-1 !== hex.indexOf(OBJ_ID_EC)) {
+      typ = 'EC';
+      crv = 'P-256';
+    } else {
+      // TODO support P-384 as well (but probably nothing else)
+      console.warn("unsupported ec curve");
+    }
+  }
+
+  return { typ: typ, pub: pub, der: der, crv: crv };
+};
+
+PEM._format = function formatAsPem(str) {
+  var finalString = '';
+
+  while (str.length > 0) {
+      finalString += str.substring(0, 64) + '\n';
+      str = str.substring(64);
+  }
+  return finalString;
+};
+
+PEM.parseEcPubkey = function readEcPubkey(der) {
+  // the key is the last 520 bits of both the private key and the public key
+  // he 3 bits prior identify the key as
+  var x, y;
+  var compressed;
+  var keylen = 32;
+  var offset = 64;
+  var headerSize = 4;
+  var header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
+
+  if ('03420004' !== header) {
+    offset = 32;
+    header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset));
+    if ('03420002' !== header) {
+      throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")");
+    }
+  }
+
+  // The one good thing that came from the b***kchain hysteria: good EC documentation
+  // https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/
+  compressed = ('2' === header[header.byteLength -1]);
+  x = der.slice(der.byteLength - offset, (der.byteLength - offset) + keylen);
+  if (!compressed) {
+    y = der.slice(der.byteLength - keylen, der.byteLength);
+  }
+
+  return {
+    x: x
+  , y: y || null
+  };
+};
+
+//
+// A dumbed-down, minimal ASN.1 packer
+//
+
+// Almost every ASN.1 type that's important for CSR
+// can be represented generically with only a few rules.
+ASN1 = function ASN1(/*type, hexstrings...*/) {
+  var args = Array.prototype.slice.call(arguments);
+  var typ = args.shift();
+  var str = args.join('').replace(/\s+/g, '').toLowerCase();
+  var len = (str.length/2);
+  var lenlen = 0;
+  var hex = typ;
+
+  // We can't have an odd number of hex chars
+  if (len !== Math.round(len)) {
+    throw new Error("invalid hex");
+  }
+
+  // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
+  // The second byte is either the size of the value, or the size of its size
+
+  // 1. If the second byte is < 0x80 (128) it is considered the size
+  // 2. If it is > 0x80 then it describes the number of bytes of the size
+  //    ex: 0x82 means the next 2 bytes describe the size of the value
+  // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
+
+  if (len > 127) {
+    lenlen += 1;
+    while (len > 255) {
+      lenlen += 1;
+      len = len >> 8;
+    }
+  }
+
+  if (lenlen) { hex += Hex.fromInt(0x80 + lenlen); }
+  return hex + Hex.fromInt(str.length/2) + str;
+};
+
+// The Integer type has some special rules
+ASN1.UInt = function UINT() {
+  var str = Array.prototype.slice.call(arguments).join('');
+  var first = parseInt(str.slice(0, 2), 16);
+
+  // If the first byte is 0x80 or greater, the number is considered negative
+  // Therefore we add a '00' prefix if the 0x80 bit is set
+  if (0x80 & first) { str = '00' + str; }
+
+  return ASN1('02', str);
+};
+
+// The Bit String type also has a special rule
+ASN1.BitStr = function BITSTR() {
+  var str = Array.prototype.slice.call(arguments).join('');
+  // '00' is a mask of how many bits of the next byte to ignore
+  return ASN1('03', '00' + str);
+};
+
+//
+// Hex, Base64, Buffer, String
+//
+
+Hex.fromAB = function toHex(ab) {
+  var hex = [];
+  var u8 = new Uint8Array(ab);
+  var size = u8.byteLength;
+  var i;
+  var h;
+  for (i = 0; i < size; i += 1) {
+    h = u8[i].toString(16);
+    if (2 === h.length) {
+      hex.push(h);
+    } else {
+      hex.push('0' + h);
+    }
+  }
+  return hex.join('');
+};
+
+Hex.fromString = function strToHex(str) {
+  var escstr = encodeURIComponent(str);
+  // replaces any uri escape sequence, such as %0A,
+  // with binary escape, such as 0x0A
+  var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
+    return String.fromCharCode('0x' + p1);
+  });
+  return binstr.split('').map(function (b) {
+    var h = b.charCodeAt(0).toString(16);
+    if (2 === h.length) { return h; }
+    return '0' + h;
+  }).join('');
+};
+
+Hex.fromInt = function numToHex(d) {
+  d = d.toString(16);
+  if (d.length % 2) {
+    return '0' + d;
+  }
+  return d;
+};
+
+// Taken from Unibabel
+// https://git.coolaj86.com/coolaj86/unibabel.js#readme
+// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/
+AB.utf8ToUint8Array = function (str) {
+  var escstr = encodeURIComponent(str);
+  // replaces any uri escape sequence, such as %0A,
+  // with binary escape, such as 0x0A
+  var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
+    return String.fromCharCode('0x' + p1);
+  });
+  var buf = new Uint8Array(binstr.length);
+  binstr.split('').forEach(function (ch, i) {
+    buf[i] = ch.charCodeAt(0);
+  });
+
+  return buf;
+};
+
+AB.fromHex = function fromHex(hex) {
+  if ('undefined' !== typeof Buffer) {
+    return Buffer.from(hex, 'hex');
+  }
+  var ab = new ArrayBuffer(hex.length/2);
+  var i;
+  var j;
+  ab = new Uint8Array(ab);
+  for (i = 0, j = 0; i < (hex.length/2); i += 1) {
+    ab[i] = parseInt(hex.slice(j, j+1), 16);
+    j += 2;
+  }
+  return ab.buffer;
+};
+
+AB.fromBase64 = function fromBase64(b64) {
+  var buf = Buffer.from(b64, 'base64');
+  return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
+};
+
+AB.toBase64 = function toBase64(der) {
+  return Buffer.from(der).toString('base64');
+};
 
 /*global Promise*/
 module.exports = function (opts) {
@@ -456,8 +451,7 @@ module.exports = function (opts) {
     })) {
       throw new Error("You must pass options.domains as utf8 strings (not punycode)");
     }
-    var key = ensurePem(opts.key);
-
-    return createEcCsrPem(opts.domains, key);
+    var key = PEM.from(opts.key);
+    return DER.toCSR(ECDSACSR.create(key, opts.domains));
   });
 };

package.json

@@ -1,16 +1,16 @@
 {
   "name": "ecdsa-csr",
-  "version": "1.0.0",
+  "version": "1.1.1",
   "description": "A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!",
   "main": "index.js",
   "bin": {
-    "ecdsa-csr": "ecdsacsr.js"
+    "ecdsa-csr": "bin/ecdsacsr.js"
   },
   "directories": {
     "lib": "lib"
   },
   "scripts": {
-    "postinstall": "node lib/telemetry.js install",
+    "postinstall": "node lib/telemetry.js event:install",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "repository": {

test.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# creating privkey
+openssl ecparam -genkey -name prime256v1 -noout -out ./privkey-ec-p256.pem
+
+
+# canonical example
+rm csr.pem
+node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com > csr.pem
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
+
+
+# 100 domains (max allowed by Let's Encrypt)
+rm csr.pem
+node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com,api.example.com,assets.example.com,ftp.example.com,example.org,www.example.org,api.example.org,assets.example.org,ftp.example.org,example.co,www.example.co,api.example.co,assets.example.co,ftp.example.co,example.net,www.example.net,api.example.net,assets.example.net,ftp.example.net,whatever.com,www.whatever.com,api.whatever.com,assets.whatever.com,ftp.whatever.com,whatever.org,www.whatever.org,api.whatever.org,assets.whatever.org,ftp.whatever.org,whatever.net,www.whatever.net,api.whatever.net,assets.whatever.net,ftp.whatever.net,whatever.co,www.whatever.co,api.whatever.co,assets.whatever.co,ftp.whatever.co,sample.com,www.sample.com,api.sample.com,assets.sample.com,ftp.sample.com,sample.org,www.sample.org,api.sample.org,assets.sample.org,ftp.sample.org,sample.net,www.sample.net,api.sample.net,assets.sample.net,ftp.sample.net,sample.co,www.sample.co,api.sample.co,assets.sample.co,ftp.sample.co,foobar.com,www.foobar.com,api.foobar.com,assets.foobar.com,ftp.foobar.com,foobar.org,www.foobar.org,api.foobar.org,assets.foobar.org,ftp.foobar.org,foobar.net,www.foobar.net,api.foobar.net,assets.foobar.net,ftp.foobar.net,foobar.co,www.foobar.co,api.foobar.co,assets.foobar.co,ftp.foobar.co,quux.com,www.quux.com,api.quux.com,assets.quux.com,ftp.quux.com,quux.org,www.quux.org,api.quux.org,assets.quux.org,ftp.quux.org,quux.net,www.quux.net,api.quux.net,assets.quux.net,ftp.quux.net,quux.co,www.quux.co,api.quux.co,assets.quux.co,ftp.quux.co >csr.pem
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
+
+
+# single domain
+rm csr.pem
+node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com > csr.pem
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
+
+# utf8 domain
+rm csr.pem
+node bin/ecdsacsr.js ./privkey-ec-p256.pem 例.中国,example.com > csr.pem
+openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL'
+#openssl req -text -noout -verify -in csr.pem
+