💯 RSA tools. Lightweight. Zero Dependencies. Great tests. Universal compatibility.
rsa
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
AJ ONeal 1c67c47131 v1.3.0: integrate node v6 support (rsa-compat backport) 4 meses atrás
bin v1.2.2: remove telemetry and stray logs, lint some 6 meses atrás
fixtures update tests 10 meses atrás
lib v1.3.0: integrate node v6 support (rsa-compat backport) 4 meses atrás
.drone.yml Fixed the env var for testing extended bit lengths. 9 meses atrás
.gitignore v1.2.5: remove junk vim swap file 5 meses atrás
README.md Merge branch 'master' of ssh://git.coolaj86.com:22042/coolaj86/rasha.js 7 meses atrás
index.js v1.3.0: integrate node v6 support (rsa-compat backport) 4 meses atrás
package.json v1.3.0: integrate node v6 support (rsa-compat backport) 4 meses atrás
test.sh v1.3.0: integrate node v6 support (rsa-compat backport) 4 meses atrás

README.md

Rasha.js

A Root Project. Built for ACME.js and Greenlock.js

| ~550 lines of code | 3kb gzipped | 10kb minified | 18kb with comments |

RSA tools. Lightweight. Zero Dependencies. Universal compatibility.

  • Fast and Easy RSA Key Generation
  • PEM-to-JWK
  • JWK-to-PEM
  • JWK thumbprint
  • SSH “pub” format
  • ECDSA
    • Need EC or ECDSA tools? Check out Eckles.js

Generate RSA Key

Achieves the fastest possible key generation using node’s native RSA bindings to OpenSSL, then converts to JWK for ease-of-use.

Rasha.generate({ format: 'jwk' }).then(function (keypair) {
  console.log(keypair.private);
  console.log(keypair.public);
});

options

  • format defaults to 'jwk'
    • 'pkcs1' (traditional)
    • 'pkcs8'
  • modulusLength defaults to 2048 (must not be lower)
    • generally you shouldn’t pick a larger key size - they’re slow
    • 2048 is more than sufficient
    • 3072 is way, way overkill and takes a few seconds to generate
    • 4096 can take about a minute to generate and is just plain wasteful

advanced options

These options are provided for debugging and should not be used.

  • publicExponent defaults to 65537 (0x10001)

PEM-to-JWK

  • PKCS#1 (traditional)
  • PKCS#8, SPKI/PKIX
  • 2048-bit, 3072-bit, 4096-bit (and ostensibily all others)
  • SSH (RFC4716), (RFC 4716/SSH2)
var Rasha = require('rasha');
var pem = require('fs')
  .readFileSync('./node_modles/rasha/fixtures/privkey-rsa-2048.pkcs1.pem', 'ascii');

Rasha.import({ pem: pem }).then(function (jwk) {
  console.log(jwk);
});
{
  "kty": "RSA",
  "n": "m2ttVBxPlWw06ZmGBWVDl...QlEz7UNNj9RGps_50-CNw",
  "e": "AQAB",
  "d": "Cpfo7Mm9Nu8YMC_xrZ54W...Our1IdDzJ_YfHPt9sHMQQ",
  "p": "ynG-t9HwKCN3MWRYFdnFz...E9S4DsGcAarIuOT2TsTCE",
  "q": "xIkAjgUzB1zaUzJtW2Zgv...38ahSrBFEVnxjpnPh1Q1c",
  "dp": "tzDGjECFOU0ehqtuqhcu...dVGAXJoGOdv5VpaZ7B1QE",
  "dq": "kh5dyDk7YCz7sUFbpsmu...aX9PKa12HFlny6K1daL48",
  "qi": "AlHWbx1gp6Z9pbw_1hlS...lhmIOgRApS0t9VoXtHhFU"
}

JWK-to-PEM

  • PKCS#1 (traditional)
  • PKCS#8, SPKI/PKIX
  • 2048-bit, 4096-bit (and ostensibily all others)
  • SSH (RFC4716), (RFC 4716/SSH2)
var Rasha = require('rasha');
var jwk = require('rasha/fixtures/privkey-rsa-2048.jwk.json');

Rasha.export({ jwk: jwk }).then(function (pem) {
  // PEM in PKCS1 (traditional) format
  console.log(pem);
});
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD
NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ
38P8LdAIlb0pqDHxEJ9adWomjuFf.....5cCBahfsiNtNR6WV1/iCSuINYs6uPdA
Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+
atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ==
-----END RSA PRIVATE KEY-----

Advanced Options

format: 'pkcs8':

The default output format pkcs1 (RSA-specific format) is used for private keys. Use format: 'pkcs8' to output in PKCS#8 format instead.

Rasha.export({ jwk: jwk, format: 'pkcs8' }).then(function (pem) {
  // PEM in PKCS#8 format
  console.log(pem);
});
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp
mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo
6HF5JijfWzK7haHFuRMEsgI4VwIY.....LorV1ovjwKBgAJR1m8dYKemfaW8P9YZ
Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC
+nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9
Q+Z5YZiDoEQKUtLfVaF7R4RV
-----END PRIVATE KEY-----

format: 'ssh':

Although SSH uses PKCS#1 for private keys, it uses ts own special non-ASN1 format (affectionately known as rfc4716) for public keys. I got curious and then decided to add this format as well.

To get the same format as you would get with ssh-keygen, pass ssh as the format option:

Rasha.export({ jwk: jwk, format: 'ssh' }).then(function (pub) {
  // Special SSH2 Public Key format (RFC 4716)
  console.log(pub);
});
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE.....Q02P1Eamz/nT4I3 rsa@localhost

public: 'true':

If a private key is used as input, a private key will be output.

If you’d like to output a public key instead you can pass public: true.

or format: 'spki'.

Rasha.export({ jwk: jwk, public: true }).then(function (pem) {
  // PEM in SPKI/PKIX format
  console.log(pem);
});
-----BEGIN PUBLIC KEY-----
MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ
efLukC+xu0LBKylYojT5vTkxaOhx.....TmzCh2ikrwTMja7mUdBJf2bK3By5AB0
Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB
-----END PUBLIC KEY-----

JWK Thumbprint

Rasha.thumbprint({ jwk: jwk }).then(function (thumbprint) {
  console.log(thumbprint);
});

Testing

All cases are tested in test.sh.

You can compare these keys to the ones that you get from OpenSSL, OpenSSH/ssh-keygen, and WebCrypto:

# Generate 2048-bit RSA Keypair
openssl genrsa -out privkey-rsa-2048.pkcs1.pem 2048

# Convert PKCS1 (traditional) RSA Keypair to PKCS8 format
openssl rsa -in privkey-rsa-2048.pkcs1.pem -pubout -out pub-rsa-2048.spki.pem

# Export Public-only RSA Key in PKCS1 (traditional) format
openssl pkcs8 -topk8 -nocrypt -in privkey-rsa-2048.pkcs1.pem -out privkey-rsa-2048.pkcs8.pem

# Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format
openssl rsa -in pub-rsa-2048.spki.pem -pubin -RSAPublicKey_out -out pub-rsa-2048.pkcs1.pem

# Convert RSA public key to SSH format
ssh-keygen -f ./pub-rsa-2048.spki.pem -i -mPKCS8 > ./pub-rsa-2048.ssh.pub

Goals of this project

  • Focused support for 2048-bit and 4096-bit RSA keypairs (although any size is technically supported)
  • Zero Dependencies
  • VanillaJS
  • Quality Code: Good comments and tests
  • Convert both ways: PEM-to-JWK and JWK-to-PEM (also supports SSH pub files)
  • Browser support as well (TODO)
  • OpenSSL, ssh-keygen, and WebCrypto compatibility

Rasha.js | MPL-2.0 | Terms of Use | Privacy Policy