coolaj86
/
keypairs-cli.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
CLI for Keypairs.js. It's magic.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
6 Tags
164 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
AJ ONeal 893bccd8d5
bugfix and tests 		5 years ago
bin bugfix and tests 5 years ago
.gitignore v1.2.0: lots of fun with keypairs 5 years ago
README.md v1.2.1: move cli code into here, add help 5 years ago
package-lock.json bugfix and tests 5 years ago
package.json bugfix and tests 5 years ago
test.js initial commit (wip) 5 years ago
test.sh bugfix and tests 5 years ago

README.md

Keypairs CLI

The most useful and easy-to-use crypto cli on the planet (because openssl is confusing).

  • Universal Standards-based Crypto Support:
    • RSA (2048, 3072, 4096, 8192)
    • EC (NIST ECDSA) P-256 (prime256v1, secp256r1), P-384 (secp384r1)
  • Supported Encodings: PEM, JSON
  • Private Key Formats: PKCS1, SEC1, PKCS8, JWK, OpenSSH
  • Public Key Formats: PKCS1, PKIX (SPKI), SSH
  • Create JWT tokens
  • Sign JWT/JWS claims/tokens/payloads
  • Decode JWTs (without verifying)
  • Verify JWT/JWS tokens/json (by fetching public key)

Install

You must have node.js installed.

npm install --global keypairs-cli

Usage

Guess and check.

The keypairs CLI is pretty fuzzy. If you just type at it, it'll probably work.

That said, the fuzzy behavior is not API-stable and is subject to change, so you should only script to the documented syntax. ;)

Overview

  • Generate: keypairs gen
  • Convert: keypairs ./priv.pem
  • Sign: keypairs sign ./priv.pem https://example.com/ '{"sub":"jon@example.com"}'
  • Verify: keypairs verify 'xxxxx.yyyyy.zzzzz'
  • Decode: keypairs decode 'xxxxx.yyyyy.zzzzz'
  • Debug: prefix any option with debug such as keypairs debug gen pem key.pem jwk pub.json

Generate a New Key

No arguments - generates a universally compatible key of more-than-sufficient entropy.

keypairs gen

Generate an ecdsa key:

keypairs gen ec P-256

Generate an RSA key:

keypairs gen rsa 2048

Parse/Convert an existing key

keypairs ./priv.pem

keypairs '{"kty":"EC",...}'

keypairs ./priv.jwk.json

Syntax: keypairs <in> [priv-out opts...] [pub-out opts...]

keypairs <inkey> [[encoding|scheme] [priv-out]] [[encoding|scheme] [pub-out]] [public|private]

Note: If you specify a private and a public key, and you want to specify the schema/encoding of the public key, you must also specify the scheme and encoding of the public key. Order matters. Private keys come first.

JWK Keypair to PEM-encoded Private and Public keys:

keypairs ./priv.json pem pkcs1 ./priv.pem pem spki ./pub.pem
keypairs ./priv.json pem ./priv.pem ssh ./pub.json
keypairs ./priv.json pkcs8 ./priv.pem spki ./pub.json

PEM Keypair to JSON-encoded JWK (Public Key Only):

keypairs ./priv.pem jwk ./priv.pem public
keypairs ./priv.pem json ./priv.pem public

Generic PEM to JWK:

keypairs priv.pem priv.jwk.json

keypairs priv.pem priv.jwk.json pub.jwk.json

keypairs priv.pem pub.jwk.json public

# fails if the input is public
keypairs priv.pem priv.jwk.json private

Generic JWK to PEM:

keypairs '{"kty":"EC",...}' priv.pem

keypairs priv.json priv.pem

Sign a Token (JWT)

Syntax:

keypairs [key] sign [issuer url] <claims> [exp] [nbf]

Note: The issuer url can be omitted if it's already included among the claims.

Example:

keypairs ./priv.pem sign https://example.com/ '{"sub":"jon@example.com"}' 1h -5m

keypairs '{"kty":"EC",...}' sign https://example.com/ '{"sub":"jon@example.com"}' 1h -5m

Verify a JWT (Token)

Verify a JWT based on its issuer

keypairs verify 'xxx.yyy.zzz'