AJ ONeal
5 years ago
29 changed files with 46 additions and 1630 deletions
@ -1,11 +0,0 @@ |
|||
kind: pipeline |
|||
name: default |
|||
|
|||
pipeline: |
|||
build: |
|||
image: node |
|||
environment: |
|||
RASHA_TEST_LARGE_KEYS: "true" |
|||
commands: |
|||
- npm install --ignore-scripts |
|||
- npm test |
@ -1 +0,0 @@ |
|||
all.* |
@ -1,218 +0,0 @@ |
|||
[Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js) · [![Build Status](https://strong-emu-11.telebit.io/api/badges/coolaj86/rasha.js/status.svg)](https://strong-emu-11.telebit.io/coolaj86/rasha.js) |
|||
========= |
|||
|
|||
Sponsored by [Root](https://therootcompany.com). |
|||
Built for [ACME.js](https://git.coolaj86.com/coolaj86/acme.js) |
|||
and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) |
|||
|
|||
|
|||
|
|||
| ~550 lines of code | 3kb gzipped | 10kb minified | 18kb with comments | |
|||
|
|||
RSA tools. Lightweight. Zero Dependencies. Universal compatibility. |
|||
|
|||
* [x] Fast and Easy RSA Key Generation |
|||
* [x] PEM-to-JWK |
|||
* [x] JWK-to-PEM |
|||
* [x] SSH "pub" format |
|||
* [ ] ECDSA |
|||
* **Need EC or ECDSA tools?** Check out [Eckles.js](https://git.coolaj86.com/coolaj86/eckles.js) |
|||
|
|||
|
|||
## Generate RSA Key |
|||
|
|||
Achieves the *fastest possible key generation* using node's native RSA bindings to OpenSSL, |
|||
then converts to JWK for ease-of-use. |
|||
|
|||
``` |
|||
Rasha.generate({ format: 'jwk' }).then(function (keypair) { |
|||
console.log(keypair.private); |
|||
console.log(keypair.public); |
|||
}); |
|||
``` |
|||
|
|||
**options** |
|||
|
|||
* `format` defaults to `'jwk'` |
|||
* `'pkcs1'` (traditional) |
|||
* `'pkcs8'` <!-- * `'ssh'` --> |
|||
* `modulusLength` defaults to 2048 (must not be lower) |
|||
* generally you shouldn't pick a larger key size - they're slow |
|||
* **2048** is more than sufficient |
|||
* 3072 is way, way overkill and takes a few seconds to generate |
|||
* 4096 can take about a minute to generate and is just plain wasteful |
|||
|
|||
**advanced options** |
|||
|
|||
These options are provided for debugging and should not be used. |
|||
|
|||
* `publicExponent` defaults to 65537 (`0x10001`) |
|||
|
|||
## PEM-to-JWK |
|||
|
|||
* [x] PKCS#1 (traditional) |
|||
* [x] PKCS#8, SPKI/PKIX |
|||
* [x] 2048-bit, 3072-bit, 4096-bit (and ostensibily all others) |
|||
* [x] SSH (RFC4716), (RFC 4716/SSH2) |
|||
|
|||
```js |
|||
var Rasha = require('rasha'); |
|||
var pem = require('fs') |
|||
.readFileSync('./node_modles/rasha/fixtures/privkey-rsa-2048.pkcs1.pem', 'ascii'); |
|||
|
|||
Rasha.import({ pem: pem }).then(function (jwk) { |
|||
console.log(jwk); |
|||
}); |
|||
``` |
|||
|
|||
```js |
|||
{ |
|||
"kty": "RSA", |
|||
"n": "m2ttVBxPlWw06ZmGBWVDl...QlEz7UNNj9RGps_50-CNw", |
|||
"e": "AQAB", |
|||
"d": "Cpfo7Mm9Nu8YMC_xrZ54W...Our1IdDzJ_YfHPt9sHMQQ", |
|||
"p": "ynG-t9HwKCN3MWRYFdnFz...E9S4DsGcAarIuOT2TsTCE", |
|||
"q": "xIkAjgUzB1zaUzJtW2Zgv...38ahSrBFEVnxjpnPh1Q1c", |
|||
"dp": "tzDGjECFOU0ehqtuqhcu...dVGAXJoGOdv5VpaZ7B1QE", |
|||
"dq": "kh5dyDk7YCz7sUFbpsmu...aX9PKa12HFlny6K1daL48", |
|||
"qi": "AlHWbx1gp6Z9pbw_1hlS...lhmIOgRApS0t9VoXtHhFU" |
|||
} |
|||
``` |
|||
|
|||
## JWK-to-PEM |
|||
|
|||
* [x] PKCS#1 (traditional) |
|||
* [x] PKCS#8, SPKI/PKIX |
|||
* [x] 2048-bit, 4096-bit (and ostensibily all others) |
|||
* [x] SSH (RFC4716), (RFC 4716/SSH2) |
|||
|
|||
```js |
|||
var Rasha = require('rasha'); |
|||
var jwk = require('rasha/fixtures/privkey-rsa-2048.jwk.json'); |
|||
|
|||
Rasha.export({ jwk: jwk }).then(function (pem) { |
|||
// PEM in PKCS1 (traditional) format |
|||
console.log(pem); |
|||
}); |
|||
``` |
|||
|
|||
``` |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD |
|||
NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ |
|||
38P8LdAIlb0pqDHxEJ9adWomjuFf.....5cCBahfsiNtNR6WV1/iCSuINYs6uPdA |
|||
Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+ |
|||
atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ== |
|||
-----END RSA PRIVATE KEY----- |
|||
``` |
|||
|
|||
### Advanced Options |
|||
|
|||
`format: 'pkcs8'`: |
|||
|
|||
The default output format `pkcs1` (RSA-specific format) is used for private keys. |
|||
Use `format: 'pkcs8'` to output in PKCS#8 format instead. |
|||
|
|||
```js |
|||
Rasha.export({ jwk: jwk, format: 'pkcs8' }).then(function (pem) { |
|||
// PEM in PKCS#8 format |
|||
console.log(pem); |
|||
}); |
|||
``` |
|||
|
|||
``` |
|||
-----BEGIN PRIVATE KEY----- |
|||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp |
|||
mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo |
|||
6HF5JijfWzK7haHFuRMEsgI4VwIY.....LorV1ovjwKBgAJR1m8dYKemfaW8P9YZ |
|||
Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC |
|||
+nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9 |
|||
Q+Z5YZiDoEQKUtLfVaF7R4RV |
|||
-----END PRIVATE KEY----- |
|||
``` |
|||
|
|||
`format: 'ssh'`: |
|||
|
|||
Although SSH uses PKCS#1 for private keys, it uses ts own special non-ASN1 format |
|||
(affectionately known as rfc4716) for public keys. I got curious and then decided |
|||
to add this format as well. |
|||
|
|||
To get the same format as you |
|||
would get with `ssh-keygen`, pass `ssh` as the format option: |
|||
|
|||
```js |
|||
Rasha.export({ jwk: jwk, format: 'ssh' }).then(function (pub) { |
|||
// Special SSH2 Public Key format (RFC 4716) |
|||
console.log(pub); |
|||
}); |
|||
``` |
|||
|
|||
``` |
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE.....Q02P1Eamz/nT4I3 rsa@localhost |
|||
``` |
|||
|
|||
`public: 'true'`: |
|||
|
|||
If a private key is used as input, a private key will be output. |
|||
|
|||
If you'd like to output a public key instead you can pass `public: true`. |
|||
|
|||
or `format: 'spki'`. |
|||
|
|||
```js |
|||
Rasha.export({ jwk: jwk, public: true }).then(function (pem) { |
|||
// PEM in SPKI/PKIX format |
|||
console.log(pem); |
|||
}); |
|||
``` |
|||
|
|||
``` |
|||
-----BEGIN PUBLIC KEY----- |
|||
MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ |
|||
efLukC+xu0LBKylYojT5vTkxaOhx.....TmzCh2ikrwTMja7mUdBJf2bK3By5AB0 |
|||
Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB |
|||
-----END PUBLIC KEY----- |
|||
``` |
|||
|
|||
Testing |
|||
------- |
|||
|
|||
All cases are tested in `test.sh`. |
|||
|
|||
You can compare these keys to the ones that you get from OpenSSL, OpenSSH/ssh-keygen, and WebCrypto: |
|||
|
|||
```bash |
|||
# Generate 2048-bit RSA Keypair |
|||
openssl genrsa -out privkey-rsa-2048.pkcs1.pem 2048 |
|||
|
|||
# Convert PKCS1 (traditional) RSA Keypair to PKCS8 format |
|||
openssl rsa -in privkey-rsa-2048.pkcs1.pem -pubout -out pub-rsa-2048.spki.pem |
|||
|
|||
# Export Public-only RSA Key in PKCS1 (traditional) format |
|||
openssl pkcs8 -topk8 -nocrypt -in privkey-rsa-2048.pkcs1.pem -out privkey-rsa-2048.pkcs8.pem |
|||
|
|||
# Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format |
|||
openssl rsa -in pub-rsa-2048.spki.pem -pubin -RSAPublicKey_out -out pub-rsa-2048.pkcs1.pem |
|||
|
|||
# Convert RSA public key to SSH format |
|||
ssh-keygen -f ./pub-rsa-2048.spki.pem -i -mPKCS8 > ./pub-rsa-2048.ssh.pub |
|||
``` |
|||
|
|||
Goals of this project |
|||
----- |
|||
|
|||
* Focused support for 2048-bit and 4096-bit RSA keypairs (although any size is technically supported) |
|||
* Zero Dependencies |
|||
* VanillaJS |
|||
* Quality Code: Good comments and tests |
|||
* Convert both ways: PEM-to-JWK and JWK-to-PEM (also supports SSH pub files) |
|||
* Browser support as well (TODO) |
|||
* OpenSSL, ssh-keygen, and WebCrypto compatibility |
|||
|
|||
Legal |
|||
----- |
|||
|
|||
[Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js) | |
|||
MPL-2.0 | |
|||
[Terms of Use](https://therootcompany.com/legal/#terms) | |
|||
[Privacy Policy](https://therootcompany.com/legal/#privacy) |
@ -1,63 +0,0 @@ |
|||
ACME <- rsa-compat |
|||
|
|||
unsign csr |
|||
|
|||
greenlock-ecdsa |
|||
greenlock-ec-pem-to-jwk |
|||
greenlock-ec-jwk-to-pem |
|||
greenlock-ec-ssh-to-jwk |
|||
greenlock-ec-jwk-to-ssh |
|||
greenlock-ec-csr |
|||
greenlock-rsa |
|||
greenlock-rsa-pem-to-jwk |
|||
greenlock-rsa-jwk-to-pem |
|||
greenlock-rsa-ssh-to-jwk |
|||
greenlock-rsa-jwk-to-ssh |
|||
greenlock-rsa-csr |
|||
greenlock-x509 |
|||
greenlock-acme |
|||
greenlock-asn1 |
|||
greenlock-encoding |
|||
bluecrypt-ecdsa |
|||
bluecrypt-ec-pem-to-jwk |
|||
bluecrypt-ec-jwk-to-pem |
|||
bluecrypt-ec-ssh-to-jwk |
|||
bluecrypt-ec-jwk-to-ssh |
|||
bluecrypt-ec-csr |
|||
bluecrypt-rsa |
|||
bluecrypt-rsa-pem-to-jwk |
|||
bluecrypt-rsa-jwk-to-pem |
|||
bluecrypt-rsa-ssh-to-jwk |
|||
bluecrypt-rsa-jwk-to-ssh |
|||
bluecrypt-rsa-csr |
|||
bluecrypt-ans1 |
|||
bluecrypt-x509 |
|||
bluecrypt-acme |
|||
bluecrypt-encoding |
|||
keypairs |
|||
asymmetric |
|||
symmetric |
|||
groot-crypto |
|||
broot-crypto |
|||
|
|||
** unified openssl commands ** |
|||
|
|||
https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b |
|||
|
|||
https://connect2id.com/products/nimbus-jose-jwt/examples/jwk-generation |
|||
|
|||
https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b |
|||
|
|||
|
|||
RSAPrivateKey ::= SEQUENCE { |
|||
version Version, |
|||
modulus INTEGER, -- n |
|||
publicExponent INTEGER, -- e |
|||
privateExponent INTEGER, -- d |
|||
prime1 INTEGER, -- p |
|||
prime2 INTEGER, -- q |
|||
exponent1 INTEGER, -- d mod (p-1) |
|||
exponent2 INTEGER, -- d mod (q-1) |
|||
coefficient INTEGER, -- (inverse of q) mod p |
|||
otherPrimeInfos OtherPrimeInfos OPTIONAL |
|||
} |
@ -1,97 +0,0 @@ |
|||
#!/usr/bin/env node
|
|||
'use strict'; |
|||
|
|||
var fs = require('fs'); |
|||
var Rasha = require('../index.js'); |
|||
var PEM = require('../lib/pem.js'); |
|||
var ASN1 = require('../lib/asn1.js'); |
|||
|
|||
var infile = process.argv[2]; |
|||
var format = process.argv[3]; |
|||
var msg = process.argv[4]; |
|||
var sign; |
|||
if ('sign' === format) { |
|||
sign = true; |
|||
format = 'pkcs8'; |
|||
} |
|||
|
|||
if (!infile) { |
|||
infile = 'jwk'; |
|||
} |
|||
|
|||
if (-1 !== [ 'jwk', 'pem', 'json', 'der', 'pkcs1', 'pkcs8', 'spki' ].indexOf(infile)) { |
|||
console.log("Generating new key..."); |
|||
Rasha.generate({ |
|||
format: infile |
|||
, modulusLength: parseInt(format, 10) || 2048 |
|||
, encoding: parseInt(format, 10) ? null : format |
|||
}).then(function (key) { |
|||
if ('der' === infile || 'der' === format) { |
|||
key.private = key.private.toString('binary'); |
|||
key.public = key.public.toString('binary'); |
|||
} |
|||
console.log(key.private); |
|||
console.log(key.public); |
|||
}).catch(function (err) { |
|||
console.error(err); |
|||
process.exit(1); |
|||
}); |
|||
return; |
|||
} |
|||
var key = fs.readFileSync(infile, 'ascii'); |
|||
|
|||
try { |
|||
key = JSON.parse(key); |
|||
} catch(e) { |
|||
// ignore
|
|||
} |
|||
|
|||
if ('string' === typeof key) { |
|||
if ('tpl' === format) { |
|||
var block = PEM.parseBlock(key); |
|||
var asn1 = ASN1.parse(block.der); |
|||
ASN1.tpl(asn1); |
|||
return; |
|||
} |
|||
if (sign) { signMessage(key, msg); return; } |
|||
|
|||
var pub = (-1 !== [ 'public', 'spki', 'pkix' ].indexOf(format)); |
|||
Rasha.import({ pem: key, public: (pub || format) }).then(function (jwk) { |
|||
console.info(JSON.stringify(jwk, null, 2)); |
|||
}).catch(function (err) { |
|||
console.error(err); |
|||
process.exit(1); |
|||
}); |
|||
} else { |
|||
Rasha.export({ jwk: key, format: format }).then(function (pem) { |
|||
if (sign) { signMessage(pem, msg); return; } |
|||
console.info(pem); |
|||
}).catch(function (err) { |
|||
console.error(err); |
|||
process.exit(2); |
|||
}); |
|||
} |
|||
|
|||
function signMessage(pem, name) { |
|||
var msg; |
|||
try { |
|||
msg = fs.readFileSync(name); |
|||
} catch(e) { |
|||
console.warn("[info] input string did not exist as a file, signing the string itself"); |
|||
msg = Buffer.from(name, 'binary'); |
|||
} |
|||
var crypto = require('crypto'); |
|||
var sign = crypto.createSign('SHA256'); |
|||
sign.write(msg) |
|||
sign.end() |
|||
var buf = sign.sign(pem, 'hex'); |
|||
console.log(buf); |
|||
//console.log(buf.toString('base64'));
|
|||
/* |
|||
Rasha.sign({ pem: pem, message: msg, alg: 'SHA256' }).then(function (sig) { |
|||
}).catch(function () { |
|||
console.error(err); |
|||
process.exit(3); |
|||
}); |
|||
*/ |
|||
} |
@ -1,11 +0,0 @@ |
|||
{ |
|||
"kty": "RSA", |
|||
"n": "m2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC-xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6-I70on0_iDZm7-jcqOPgADAmbWHhy67BXkk4yy_YzD4yOGZFXZcNp915_TW5bRd__AKPHUHxJasPiyEFqlNKBR2DSD-LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps_50-CNw", |
|||
"e": "AQAB", |
|||
"d": "Cpfo7Mm9Nu8YMC_xrZ54W9mKHPkCG9rZ93Ds9PNp-RXUgb-ljTbFPZWsYxGNKLllFz8LNosr1pT2ZDMrwNk0Af1iWNvD6gkyXaiQdCyiDPSBsJyNv2LJZon-e85X74nv53UlIkmo9SYxdLz2JaJ-iIWEe8Qh-7llLktrTJV_xr98_tbhgSppz_IeOymq3SEZaQHM8pTU7w7XvCj2pb9r8fN0M0XcgWZIaf3LGEfkhF_WtX67XJ0C6-LbkT51jtlLRNGX6haGdscXS0OWWjKOJzKGuV-NbthEn5rmRtVnjRZ3yaxQ0ud8vC-NONn7yvGUlOur1IdDzJ_YfHPt9sHMQQ", |
|||
"p": "ynG-t9HwKCN3MWRYFdnFzi9-02Qcy3p8B5pu3ary2E70hYn2pHlUG2a9BNE8c5xHQ3Hx43WoWf6s0zOunPV1G28LkU_UYEbAtPv_PxSmzpQp9n9XnYvBLBF8Y3z7gxgLn1vVFNARrQdRtj87qY3aw7E9S4DsGcAarIuOT2TsTCE", |
|||
"q": "xIkAjgUzB1zaUzJtW2Zgvp9cYYr1DmpH30ePZl3c_8397_DZDDo46fnFYjs6uPa03HpmKUnbjwr14QHlfXlntJBEuXxcqLjkdKdJ4ob7xueLTK4suo9V8LSrkLChVxlZQwnFD2E5ll0sVeeDeMJHQw38ahSrBFEVnxjpnPh1Q1c", |
|||
"dp": "tzDGjECFOU0ehqtuqhcuT63a7h8hj19-7MJqoFwY9HQ-ALkfXyYLXeBSGxHbyiIYuodZg6LsfMNgUJ3r3Eyhc_nAVfYPEC_2IdAG4WYmq7iXYF9LQV09qEsKbFykm7QekE3hO7wswo5k-q2tp3ieBYdVGAXJoGOdv5VpaZ7B1QE", |
|||
"dq": "kh5dyDk7YCz7sUFbpsmuAeuPjoH2ghooh2u3xN7iUVmAg-ToKjwbVnG5-7eXiC779rQVwnrD_0yh1AFJ8wjRPqDIR7ObXGHikIxT1VSQWqiJm6AfZzDsL0LUD4YS3iPdhob7-NxLKWzqao_u4lhnDQaX9PKa12HFlny6K1daL48", |
|||
"qi": "AlHWbx1gp6Z9pbw_1hlS7HuXAgWoX7IjbTUelldf4gkriDWLOrj3QCZcO4ZvZvEwJhVlsny9LO8IkbwGJEL6cXraK08ByVS2mwQyflgTgGNnpzixyEUL_mrQLx6y145FHcxfeqNInMhep-0Mxn1D5nlhmIOgRApS0t9VoXtHhFU" |
|||
} |
@ -1,27 +0,0 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD |
|||
NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ |
|||
38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57 |
|||
qAZM6+I70on0/iDZm7+jcqOPgADAmbWHhy67BXkk4yy/YzD4yOGZFXZcNp915/TW |
|||
5bRd//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By |
|||
5AB0Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQABAoIBAAqX6OzJvTbvGDAv |
|||
8a2eeFvZihz5Ahva2fdw7PTzafkV1IG/pY02xT2VrGMRjSi5ZRc/CzaLK9aU9mQz |
|||
K8DZNAH9Yljbw+oJMl2okHQsogz0gbCcjb9iyWaJ/nvOV++J7+d1JSJJqPUmMXS8 |
|||
9iWifoiFhHvEIfu5ZS5La0yVf8a/fP7W4YEqac/yHjspqt0hGWkBzPKU1O8O17wo |
|||
9qW/a/HzdDNF3IFmSGn9yxhH5IRf1rV+u1ydAuvi25E+dY7ZS0TRl+oWhnbHF0tD |
|||
lloyjicyhrlfjW7YRJ+a5kbVZ40Wd8msUNLnfLwvjTjZ+8rxlJTrq9SHQ8yf2Hxz |
|||
7fbBzEECgYEAynG+t9HwKCN3MWRYFdnFzi9+02Qcy3p8B5pu3ary2E70hYn2pHlU |
|||
G2a9BNE8c5xHQ3Hx43WoWf6s0zOunPV1G28LkU/UYEbAtPv/PxSmzpQp9n9XnYvB |
|||
LBF8Y3z7gxgLn1vVFNARrQdRtj87qY3aw7E9S4DsGcAarIuOT2TsTCECgYEAxIkA |
|||
jgUzB1zaUzJtW2Zgvp9cYYr1DmpH30ePZl3c/8397/DZDDo46fnFYjs6uPa03Hpm |
|||
KUnbjwr14QHlfXlntJBEuXxcqLjkdKdJ4ob7xueLTK4suo9V8LSrkLChVxlZQwnF |
|||
D2E5ll0sVeeDeMJHQw38ahSrBFEVnxjpnPh1Q1cCgYEAtzDGjECFOU0ehqtuqhcu |
|||
T63a7h8hj19+7MJqoFwY9HQ+ALkfXyYLXeBSGxHbyiIYuodZg6LsfMNgUJ3r3Eyh |
|||
c/nAVfYPEC/2IdAG4WYmq7iXYF9LQV09qEsKbFykm7QekE3hO7wswo5k+q2tp3ie |
|||
BYdVGAXJoGOdv5VpaZ7B1QECgYEAkh5dyDk7YCz7sUFbpsmuAeuPjoH2ghooh2u3 |
|||
xN7iUVmAg+ToKjwbVnG5+7eXiC779rQVwnrD/0yh1AFJ8wjRPqDIR7ObXGHikIxT |
|||
1VSQWqiJm6AfZzDsL0LUD4YS3iPdhob7+NxLKWzqao/u4lhnDQaX9PKa12HFlny6 |
|||
K1daL48CgYACUdZvHWCnpn2lvD/WGVLse5cCBahfsiNtNR6WV1/iCSuINYs6uPdA |
|||
Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+ |
|||
atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ== |
|||
-----END RSA PRIVATE KEY----- |
@ -1,28 +0,0 @@ |
|||
-----BEGIN PRIVATE KEY----- |
|||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp |
|||
mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo |
|||
6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/R |
|||
JSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZ |
|||
tYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYN |
|||
IP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Ea |
|||
mz/nT4I3AgMBAAECggEACpfo7Mm9Nu8YMC/xrZ54W9mKHPkCG9rZ93Ds9PNp+RXU |
|||
gb+ljTbFPZWsYxGNKLllFz8LNosr1pT2ZDMrwNk0Af1iWNvD6gkyXaiQdCyiDPSB |
|||
sJyNv2LJZon+e85X74nv53UlIkmo9SYxdLz2JaJ+iIWEe8Qh+7llLktrTJV/xr98 |
|||
/tbhgSppz/IeOymq3SEZaQHM8pTU7w7XvCj2pb9r8fN0M0XcgWZIaf3LGEfkhF/W |
|||
tX67XJ0C6+LbkT51jtlLRNGX6haGdscXS0OWWjKOJzKGuV+NbthEn5rmRtVnjRZ3 |
|||
yaxQ0ud8vC+NONn7yvGUlOur1IdDzJ/YfHPt9sHMQQKBgQDKcb630fAoI3cxZFgV |
|||
2cXOL37TZBzLenwHmm7dqvLYTvSFifakeVQbZr0E0TxznEdDcfHjdahZ/qzTM66c |
|||
9XUbbwuRT9RgRsC0+/8/FKbOlCn2f1edi8EsEXxjfPuDGAufW9UU0BGtB1G2Pzup |
|||
jdrDsT1LgOwZwBqsi45PZOxMIQKBgQDEiQCOBTMHXNpTMm1bZmC+n1xhivUOakff |
|||
R49mXdz/zf3v8NkMOjjp+cViOzq49rTcemYpSduPCvXhAeV9eWe0kES5fFyouOR0 |
|||
p0nihvvG54tMriy6j1XwtKuQsKFXGVlDCcUPYTmWXSxV54N4wkdDDfxqFKsEURWf |
|||
GOmc+HVDVwKBgQC3MMaMQIU5TR6Gq26qFy5PrdruHyGPX37swmqgXBj0dD4AuR9f |
|||
Jgtd4FIbEdvKIhi6h1mDoux8w2BQnevcTKFz+cBV9g8QL/Yh0AbhZiaruJdgX0tB |
|||
XT2oSwpsXKSbtB6QTeE7vCzCjmT6ra2neJ4Fh1UYBcmgY52/lWlpnsHVAQKBgQCS |
|||
Hl3IOTtgLPuxQVumya4B64+OgfaCGiiHa7fE3uJRWYCD5OgqPBtWcbn7t5eILvv2 |
|||
tBXCesP/TKHUAUnzCNE+oMhHs5tcYeKQjFPVVJBaqImboB9nMOwvQtQPhhLeI92G |
|||
hvv43EspbOpqj+7iWGcNBpf08prXYcWWfLorV1ovjwKBgAJR1m8dYKemfaW8P9YZ |
|||
Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC |
|||
+nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9 |
|||
Q+Z5YZiDoEQKUtLfVaF7R4RV |
|||
-----END PRIVATE KEY----- |
@ -1,5 +0,0 @@ |
|||
{ |
|||
"kty": "RSA", |
|||
"n": "m2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC-xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6-I70on0_iDZm7-jcqOPgADAmbWHhy67BXkk4yy_YzD4yOGZFXZcNp915_TW5bRd__AKPHUHxJasPiyEFqlNKBR2DSD-LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps_50-CNw", |
|||
"e": "AQAB" |
|||
} |
@ -1,8 +0,0 @@ |
|||
-----BEGIN RSA PUBLIC KEY----- |
|||
MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ |
|||
efLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8 |
|||
LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM |
|||
6+I70on0/iDZm7+jcqOPgADAmbWHhy67BXkk4yy/YzD4yOGZFXZcNp915/TW5bRd |
|||
//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0 |
|||
Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB |
|||
-----END RSA PUBLIC KEY----- |
@ -1,9 +0,0 @@ |
|||
-----BEGIN PUBLIC KEY----- |
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVD |
|||
lfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo |
|||
31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP |
|||
7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6+I70on0/iDZm7+jcqOPgADAmbWHhy67 |
|||
BXkk4yy/YzD4yOGZFXZcNp915/TW5bRd//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5 |
|||
eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps/50+C |
|||
NwIDAQAB |
|||
-----END PUBLIC KEY----- |
@ -1 +0,0 @@ |
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE+VbDTpmYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/RJSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZtYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYNIP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Eamz/nT4I3 rsa@localhost |
@ -1,2 +0,0 @@ |
|||
'use strict'; |
|||
module.exports = require('./lib/rasha.js'); |
@ -1,235 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
//
|
|||
// A dumbed-down, minimal ASN.1 parser / packer combo
|
|||
//
|
|||
// Note: generally I like to write congruent code
|
|||
// (i.e. output can be used as input and vice-versa)
|
|||
// However, this seemed to be more readable and easier
|
|||
// to use written as-is, asymmetrically.
|
|||
// (I also generally prefer to export objects rather
|
|||
// functions but, yet again, asthetics one in this case)
|
|||
|
|||
var Enc = require('./encoding.js'); |
|||
|
|||
//
|
|||
// Packer
|
|||
//
|
|||
|
|||
// Almost every ASN.1 type that's important for CSR
|
|||
// can be represented generically with only a few rules.
|
|||
var ASN1 = module.exports = function ASN1(/*type, hexstrings...*/) { |
|||
var args = Array.prototype.slice.call(arguments); |
|||
var typ = args.shift(); |
|||
var str = args.join('').replace(/\s+/g, '').toLowerCase(); |
|||
var len = (str.length/2); |
|||
var lenlen = 0; |
|||
var hex = typ; |
|||
|
|||
// We can't have an odd number of hex chars
|
|||
if (len !== Math.round(len)) { |
|||
throw new Error("invalid hex"); |
|||
} |
|||
|
|||
// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
|
|||
// The second byte is either the size of the value, or the size of its size
|
|||
|
|||
// 1. If the second byte is < 0x80 (128) it is considered the size
|
|||
// 2. If it is > 0x80 then it describes the number of bytes of the size
|
|||
// ex: 0x82 means the next 2 bytes describe the size of the value
|
|||
// 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
|
|||
|
|||
if (len > 127) { |
|||
lenlen += 1; |
|||
while (len > 255) { |
|||
lenlen += 1; |
|||
len = len >> 8; |
|||
} |
|||
} |
|||
|
|||
if (lenlen) { hex += Enc.numToHex(0x80 + lenlen); } |
|||
return hex + Enc.numToHex(str.length/2) + str; |
|||
}; |
|||
|
|||
// The Integer type has some special rules
|
|||
ASN1.UInt = function UINT() { |
|||
var str = Array.prototype.slice.call(arguments).join(''); |
|||
var first = parseInt(str.slice(0, 2), 16); |
|||
|
|||
// If the first byte is 0x80 or greater, the number is considered negative
|
|||
// Therefore we add a '00' prefix if the 0x80 bit is set
|
|||
if (0x80 & first) { str = '00' + str; } |
|||
|
|||
return ASN1('02', str); |
|||
}; |
|||
|
|||
// The Bit String type also has a special rule
|
|||
ASN1.BitStr = function BITSTR() { |
|||
var str = Array.prototype.slice.call(arguments).join(''); |
|||
// '00' is a mask of how many bits of the next byte to ignore
|
|||
return ASN1('03', '00' + str); |
|||
}; |
|||
|
|||
|
|||
//
|
|||
// Parser
|
|||
//
|
|||
|
|||
ASN1.ELOOP = "uASN1.js Error: iterated over 15+ elements (probably a malformed file)"; |
|||
ASN1.EDEEP = "uASN1.js Error: element nested 20+ layers deep (probably a malformed file)"; |
|||
// Container Types are Sequence 0x30, Octect String 0x04, Array? (0xA0, 0xA1)
|
|||
// Value Types are Integer 0x02, Bit String 0x03, Null 0x05, Object ID 0x06,
|
|||
// Sometimes Bit String is used as a container (RSA Pub Spki)
|
|||
ASN1.VTYPES = [ 0x02, 0x03, 0x05, 0x06, 0x0c, 0x82 ]; |
|||
ASN1.parse = function parseAsn1(buf, depth, ws) { |
|||
if (!ws) { ws = ''; } |
|||
if (depth >= 20) { throw new Error(ASN1.EDEEP); } |
|||
|
|||
var index = 2; // we know, at minimum, data starts after type (0) and lengthSize (1)
|
|||
var asn1 = { type: buf[0], lengthSize: 0, length: buf[1] }; |
|||
var child; |
|||
var iters = 0; |
|||
var adjust = 0; |
|||
var adjustedLen; |
|||
|
|||
// Determine how many bytes the length uses, and what it is
|
|||
if (0x80 & asn1.length) { |
|||
asn1.lengthSize = 0x7f & asn1.length; |
|||
// I think that buf->hex->int solves the problem of Endianness... not sure
|
|||
asn1.length = parseInt(Enc.bufToHex(buf.slice(index, index + asn1.lengthSize)), 16); |
|||
index += asn1.lengthSize; |
|||
} |
|||
|
|||
// High-order bit Integers have a leading 0x00 to signify that they are positive.
|
|||
// Bit Streams use the first byte to signify padding, which x.509 doesn't use.
|
|||
if (0x00 === buf[index] && (0x02 === asn1.type || 0x03 === asn1.type)) { |
|||
// However, 0x00 on its own is a valid number
|
|||
if (asn1.length > 1) { |
|||
index += 1; |
|||
adjust = -1; |
|||
} |
|||
} |
|||
adjustedLen = asn1.length + adjust; |
|||
|
|||
//console.warn(ws + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);
|
|||
|
|||
// this is a primitive value type
|
|||
if (-1 !== ASN1.VTYPES.indexOf(asn1.type)) { |
|||
asn1.value = buf.slice(index, index + adjustedLen); |
|||
return asn1; |
|||
} |
|||
|
|||
asn1.children = []; |
|||
//console.warn('1 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', 0);
|
|||
while (iters < 15 && index < (2 + asn1.length + asn1.lengthSize)) { |
|||
iters += 1; |
|||
child = ASN1.parse(buf.slice(index, index + adjustedLen), (depth || 0) + 1, ws + ' '); |
|||
// The numbers don't match up exactly and I don't remember why...
|
|||
// probably something with adjustedLen or some such, but the tests pass
|
|||
index += (2 + child.lengthSize + child.length); |
|||
//console.warn('2 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', (2 + child.lengthSize + child.length));
|
|||
if (index > (2 + asn1.lengthSize + asn1.length)) { |
|||
console.error(JSON.stringify(asn1, function (k, v) { |
|||
if ('value' === k) { return '0x' + Enc.bufToHex(v.data); } return v; |
|||
}, 2)); |
|||
throw new Error("Parse error: child value length (" + child.length |
|||
+ ") is greater than remaining parent length (" + (asn1.length - index) |
|||
+ " = " + asn1.length + " - " + index + ")"); |
|||
} |
|||
asn1.children.push(child); |
|||
//console.warn(ws + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);
|
|||
} |
|||
if (index !== (2 + asn1.lengthSize + asn1.length)) { |
|||
console.warn('index:', index, 'length:', (2 + asn1.lengthSize + asn1.length)) |
|||
throw new Error("premature end-of-file"); |
|||
} |
|||
if (iters >= 15) { throw new Error(ASN1.ELOOP); } |
|||
|
|||
return asn1; |
|||
}; |
|||
|
|||
/* |
|||
ASN1._stringify = function(asn1) { |
|||
//console.log(JSON.stringify(asn1, null, 2));
|
|||
//console.log(asn1);
|
|||
var ws = ''; |
|||
|
|||
function write(asn1) { |
|||
console.log(ws, 'ch', Enc.numToHex(asn1.type), asn1.length); |
|||
if (!asn1.children) { |
|||
return; |
|||
} |
|||
asn1.children.forEach(function (a) { |
|||
ws += '\t'; |
|||
write(a); |
|||
ws = ws.slice(1); |
|||
}); |
|||
} |
|||
write(asn1); |
|||
}; |
|||
*/ |
|||
|
|||
ASN1.tpl = function (asn1) { |
|||
//console.log(JSON.stringify(asn1, null, 2));
|
|||
//console.log(asn1);
|
|||
var sp = ' '; |
|||
var ws = sp; |
|||
var i = 0; |
|||
var vars = []; |
|||
var str = ws; |
|||
|
|||
function write(asn1, k) { |
|||
str += "\n" + ws; |
|||
var val; |
|||
if ('number' !== typeof k) { |
|||
// ignore
|
|||
} else { |
|||
str += ', '; |
|||
} |
|||
if (0x02 === asn1.type) { |
|||
str += "ASN1.UInt("; |
|||
} else if (0x03 === asn1.type) { |
|||
str += "ASN1.BitStr("; |
|||
} else { |
|||
str += "ASN1('" + Enc.numToHex(asn1.type) + "'"; |
|||
} |
|||
if (!asn1.children) { |
|||
if (0x05 !== asn1.type) { |
|||
if (0x06 !== asn1.type) { |
|||
val = asn1.value || new Uint8Array(0); |
|||
vars.push("\n// 0x" + Enc.numToHex(val.byteLength) + " (" + val.byteLength + " bytes)\nopts.tpl" + i + " = '" |
|||
+ Enc.bufToHex(val) + "';"); |
|||
if (0x02 !== asn1.type && 0x03 !== asn1.type) { |
|||
str += ", "; |
|||
} |
|||
str += "Enc.bufToHex(opts.tpl" + i + ")"; |
|||
} else { |
|||
str += ", '" + Enc.bufToHex(asn1.value) + "'"; |
|||
} |
|||
} else { |
|||
console.warn("XXXXXXXXXXXXXXXXXXXXX"); |
|||
} |
|||
str += ")"; |
|||
return ; |
|||
} |
|||
asn1.children.forEach(function (a, j) { |
|||
i += 1; |
|||
ws += sp; |
|||
write(a, j); |
|||
ws = ws.slice(sp.length); |
|||
}); |
|||
str += "\n" + ws + ")"; |
|||
} |
|||
|
|||
write(asn1); |
|||
console.log('var opts = {};'); |
|||
console.log(vars.join('\n') + '\n'); |
|||
console.log(); |
|||
console.log('function buildSchema(opts) {'); |
|||
console.log(sp + 'return Enc.hexToBuf(' + str.slice(3) + ');'); |
|||
console.log('}'); |
|||
console.log(); |
|||
console.log('buildSchema(opts);'); |
|||
}; |
|||
|
|||
module.exports = ASN1; |
@ -1,104 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
var Enc = module.exports; |
|||
|
|||
Enc.base64ToBuf = function (str) { |
|||
// always convert from urlsafe base64, just in case
|
|||
//return Buffer.from(Enc.urlBase64ToBase64(str)).toString('base64');
|
|||
// node handles urlBase64 automatically
|
|||
return Buffer.from(str, 'base64'); |
|||
}; |
|||
|
|||
Enc.base64ToHex = function (b64) { |
|||
return Enc.bufToHex(Enc.base64ToBuf(b64)); |
|||
}; |
|||
|
|||
Enc.bufToBase64 = function (u8) { |
|||
// we want to maintain api compatability with browser APIs,
|
|||
// so we assume that this could be a Uint8Array
|
|||
return Buffer.from(u8).toString('base64'); |
|||
}; |
|||
|
|||
/* |
|||
Enc.bufToUint8 = function bufToUint8(buf) { |
|||
return new Uint8Array(buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength)); |
|||
}; |
|||
*/ |
|||
|
|||
Enc.bufToUrlBase64 = function (u8) { |
|||
return Enc.bufToBase64(u8) |
|||
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, ''); |
|||
}; |
|||
|
|||
|
|||
Enc.bufToHex = function (u8) { |
|||
var hex = []; |
|||
var i, h; |
|||
var len = (u8.byteLength || u8.length); |
|||
|
|||
for (i = 0; i < len; i += 1) { |
|||
h = u8[i].toString(16); |
|||
if (2 !== h.length) { h = '0' + h; } |
|||
hex.push(h); |
|||
} |
|||
|
|||
return hex.join('').toLowerCase(); |
|||
}; |
|||
|
|||
Enc.hexToBase64 = function (hex) { |
|||
return Buffer.from(hex, 'hex').toString('base64'); |
|||
}; |
|||
|
|||
Enc.hexToBuf = function (hex) { |
|||
return Buffer.from(hex, 'hex'); |
|||
}; |
|||
|
|||
Enc.numToHex = function (d) { |
|||
d = d.toString(16); |
|||
if (d.length % 2) { |
|||
return '0' + d; |
|||
} |
|||
return d; |
|||
}; |
|||
|
|||
/* |
|||
Enc.strToBase64 = function (str) { |
|||
// node automatically can tell the difference
|
|||
// between uc2 (utf-8) strings and binary strings
|
|||
// so we don't have to re-encode the strings
|
|||
return Buffer.from(str).toString('base64'); |
|||
}; |
|||
*/ |
|||
|
|||
/* |
|||
Enc.strToBin = function (str) { |
|||
var escstr = encodeURIComponent(str); |
|||
// replaces any uri escape sequence, such as %0A,
|
|||
// with binary escape, such as 0x0A
|
|||
var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { |
|||
return String.fromCharCode(parseInt(p1, 16)); |
|||
}); |
|||
|
|||
return binstr; |
|||
}; |
|||
*/ |
|||
|
|||
Enc.strToBuf = function (str) { |
|||
return Buffer.from(str); |
|||
}; |
|||
|
|||
Enc.strToHex = function (str) { |
|||
return Buffer.from(str).toString('hex'); |
|||
}; |
|||
|
|||
/* |
|||
Enc.urlBase64ToBase64 = function (str) { |
|||
var r = str % 4; |
|||
if (2 === r) { |
|||
str += '=='; |
|||
} else if (3 === r) { |
|||
str += '='; |
|||
} |
|||
return str.replace(/-/g, '+').replace(/_/g, '/'); |
|||
}; |
|||
*/ |
@ -1,28 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
var PEM = module.exports; |
|||
var Enc = require('./encoding.js'); |
|||
|
|||
PEM.parseBlock = function pemToDer(pem) { |
|||
var lines = pem.trim().split(/\n/); |
|||
var end = lines.length - 1; |
|||
var head = lines[0].match(/-----BEGIN (.*)-----/); |
|||
var foot = lines[end].match(/-----END (.*)-----/); |
|||
|
|||
if (head) { |
|||
lines = lines.slice(1, end); |
|||
head = head[1]; |
|||
if (head !== foot[1]) { |
|||
throw new Error("headers and footers do not match"); |
|||
} |
|||
} |
|||
|
|||
return { type: head, bytes: Enc.base64ToBuf(lines.join('')) }; |
|||
}; |
|||
|
|||
PEM.packBlock = function (opts) { |
|||
return '-----BEGIN ' + opts.type + '-----\n' |
|||
+ Enc.bufToBase64(opts.bytes).match(/.{1,64}/g).join('\n') + '\n' |
|||
+ '-----END ' + opts.type + '-----' |
|||
; |
|||
}; |
@ -1,204 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
var RSA = module.exports; |
|||
var SSH = require('./ssh.js'); |
|||
var PEM = require('./pem.js'); |
|||
var x509 = require('./x509.js'); |
|||
var ASN1 = require('./asn1.js'); |
|||
|
|||
/*global Promise*/ |
|||
RSA.generate = function (opts) { |
|||
return Promise.resolve().then(function () { |
|||
var typ = 'rsa'; |
|||
var format = opts.format; |
|||
var encoding = opts.encoding; |
|||
var priv; |
|||
var pub; |
|||
|
|||
if (!format) { |
|||
format = 'jwk'; |
|||
} |
|||
if ('spki' === format || 'pkcs8' === format) { |
|||
format = 'pkcs8'; |
|||
pub = 'spki'; |
|||
} |
|||
|
|||
if ('pem' === format) { |
|||
format = 'pkcs1'; |
|||
encoding = 'pem'; |
|||
} else if ('der' === format) { |
|||
format = 'pkcs1'; |
|||
encoding = 'der'; |
|||
} |
|||
|
|||
if ('jwk' === format || 'json' === format) { |
|||
format = 'jwk'; |
|||
encoding = 'json'; |
|||
} else { |
|||
priv = format; |
|||
pub = pub || format; |
|||
} |
|||
|
|||
if (!encoding) { |
|||
encoding = 'pem'; |
|||
} |
|||
|
|||
if (priv) { |
|||
priv = { type: priv, format: encoding }; |
|||
pub = { type: pub, format: encoding }; |
|||
} else { |
|||
// jwk
|
|||
priv = { type: 'pkcs1', format: 'pem' }; |
|||
pub = { type: 'pkcs1', format: 'pem' }; |
|||
} |
|||
|
|||
return new Promise(function (resolve, reject) { |
|||
return require('crypto').generateKeyPair(typ, { |
|||
modulusLength: opts.modulusLength || 2048 |
|||
, publicExponent: opts.publicExponent || 0x10001 |
|||
, privateKeyEncoding: priv |
|||
, publicKeyEncoding: pub |
|||
}, function (err, pubkey, privkey) { |
|||
if (err) { reject(err); } |
|||
resolve({ |
|||
private: privkey |
|||
, public: pubkey |
|||
}); |
|||
}); |
|||
}).then(function (keypair) { |
|||
if ('jwk' !== format) { |
|||
return keypair; |
|||
} |
|||
|
|||
return { |
|||
private: RSA.importSync({ pem: keypair.private, format: priv.type }) |
|||
, public: RSA.importSync({ pem: keypair.public, format: pub.type, public: true }) |
|||
}; |
|||
}); |
|||
}); |
|||
}; |
|||
|
|||
RSA.importSync = function (opts) { |
|||
if (!opts || !opts.pem || 'string' !== typeof opts.pem) { |
|||
throw new Error("must pass { pem: pem } as a string"); |
|||
} |
|||
|
|||
var jwk = { kty: 'RSA', n: null, e: null }; |
|||
if (0 === opts.pem.indexOf('ssh-rsa ')) { |
|||
return SSH.parse(opts.pem, jwk); |
|||
} |
|||
var pem = opts.pem; |
|||
var block = PEM.parseBlock(pem); |
|||
//var hex = toHex(u8);
|
|||
var asn1 = ASN1.parse(block.bytes); |
|||
|
|||
var meta = x509.guess(block.bytes, asn1); |
|||
|
|||
if ('pkcs1' === meta.format) { |
|||
jwk = x509.parsePkcs1(block.bytes, asn1, jwk); |
|||
} else { |
|||
jwk = x509.parsePkcs8(block.bytes, asn1, jwk); |
|||
} |
|||
|
|||
if (opts.public) { |
|||
jwk = RSA.nueter(jwk); |
|||
} |
|||
return jwk; |
|||
}; |
|||
RSA.parse = function parseRsa(opts) { |
|||
// wrapped in a promise for API compatibility
|
|||
// with the forthcoming browser version
|
|||
// (and potential future native node capability)
|
|||
return Promise.resolve().then(function () { |
|||
return RSA.importSync(opts); |
|||
}); |
|||
}; |
|||
RSA.toJwk = RSA.import = RSA.parse; |
|||
|
|||
/* |
|||
RSAPrivateKey ::= SEQUENCE { |
|||
version Version, |
|||
modulus INTEGER, -- n |
|||
publicExponent INTEGER, -- e |
|||
privateExponent INTEGER, -- d |
|||
prime1 INTEGER, -- p |
|||
prime2 INTEGER, -- q |
|||
exponent1 INTEGER, -- d mod (p-1) |
|||
exponent2 INTEGER, -- d mod (q-1) |
|||
coefficient INTEGER, -- (inverse of q) mod p |
|||
otherPrimeInfos OtherPrimeInfos OPTIONAL |
|||
} |
|||
*/ |
|||
|
|||
RSA.exportSync = function (opts) { |
|||
if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) { |
|||
throw new Error("must pass { jwk: jwk }"); |
|||
} |
|||
var jwk = JSON.parse(JSON.stringify(opts.jwk)); |
|||
var format = opts.format; |
|||
var pub = opts.public; |
|||
if (pub || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) { |
|||
jwk = RSA.nueter(jwk); |
|||
} |
|||
if ('RSA' !== jwk.kty) { |
|||
throw new Error("options.jwk.kty must be 'RSA' for RSA keys"); |
|||
} |
|||
if (!jwk.p) { |
|||
// TODO test for n and e
|
|||
pub = true; |
|||
if (!format || 'pkcs1' === format) { |
|||
format = 'pkcs1'; |
|||
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) { |
|||
format = 'spki'; |
|||
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) { |
|||
format = 'ssh'; |
|||
} else { |
|||
throw new Error("options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not (" |
|||
+ typeof format + ") " + format); |
|||
} |
|||
} else { |
|||
// TODO test for all necessary keys (d, p, q ...)
|
|||
if (!format || 'pkcs1' === format) { |
|||
format = 'pkcs1'; |
|||
} else if ('pkcs8' !== format) { |
|||
throw new Error("options.format must be 'pkcs1' or 'pkcs8' for private RSA keys"); |
|||
} |
|||
} |
|||
|
|||
if ('pkcs1' === format) { |
|||
if (jwk.d) { |
|||
return PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: x509.packPkcs1(jwk) }); |
|||
} else { |
|||
return PEM.packBlock({ type: "RSA PUBLIC KEY", bytes: x509.packPkcs1(jwk) }); |
|||
} |
|||
} else if ('pkcs8' === format) { |
|||
return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) }); |
|||
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) { |
|||
return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) }); |
|||
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) { |
|||
return SSH.pack({ jwk: jwk, comment: opts.comment }); |
|||
} else { |
|||
throw new Error("Sanity Error: reached unreachable code block with format: " + format); |
|||
} |
|||
}; |
|||
RSA.pack = function (opts) { |
|||
// wrapped in a promise for API compatibility
|
|||
// with the forthcoming browser version
|
|||
// (and potential future native node capability)
|
|||
return Promise.resolve().then(function () { |
|||
return RSA.exportSync(opts); |
|||
}); |
|||
}; |
|||
RSA.toPem = RSA.export = RSA.pack; |
|||
|
|||
// snip the _private_ parts... hAHAHAHA!
|
|||
RSA.nueter = function (jwk) { |
|||
// (snip rather than new object to keep potential extra data)
|
|||
// otherwise we could just do this:
|
|||
// return { kty: jwk.kty, n: jwk.n, e: jwk.e };
|
|||
[ 'p', 'q', 'd', 'dp', 'dq', 'qi' ].forEach(function (key) { |
|||
if (key in jwk) { jwk[key] = undefined; } |
|||
return jwk; |
|||
}); |
|||
return jwk; |
|||
}; |
@ -1,80 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
var SSH = module.exports; |
|||
var Enc = require('./encoding.js'); |
|||
|
|||
// 7 s s h - r s a
|
|||
SSH.RSA = '00000007 73 73 68 2d 72 73 61'.replace(/\s+/g, '').toLowerCase(); |
|||
|
|||
SSH.parse = function (pem, jwk) { |
|||
|
|||
var parts = pem.split(/\s+/); |
|||
var buf = Enc.base64ToBuf(parts[1]); |
|||
var els = []; |
|||
var index = 0; |
|||
var len; |
|||
var i = 0; |
|||
var offset = (buf.byteOffset || 0); |
|||
// using dataview to be browser-compatible (I do want _some_ code reuse)
|
|||
var dv = new DataView(buf.buffer.slice(offset, offset + buf.byteLength)); |
|||
var el; |
|||
|
|||
if (SSH.RSA !== Enc.bufToHex(buf.slice(0, SSH.RSA.length/2))) { |
|||
throw new Error("does not lead with ssh header"); |
|||
} |
|||
|
|||
while (index < buf.byteLength) { |
|||
i += 1; |
|||
if (i > 3) { throw new Error("15+ elements, probably not a public ssh key"); } |
|||
len = dv.getUint32(index, false); |
|||
index += 4; |
|||
el = buf.slice(index, index + len); |
|||
// remove BigUInt '00' prefix
|
|||
if (0x00 === el[0]) { |
|||
el = el.slice(1); |
|||
} |
|||
els.push(el); |
|||
index += len; |
|||
} |
|||
|
|||
jwk.n = Enc.bufToUrlBase64(els[2]); |
|||
jwk.e = Enc.bufToUrlBase64(els[1]); |
|||
|
|||
return jwk; |
|||
}; |
|||
|
|||
SSH.pack = function (opts) { |
|||
var jwk = opts.jwk; |
|||
var header = 'ssh-rsa'; |
|||
var comment = opts.comment || 'rsa@localhost'; |
|||
var e = SSH._padHexInt(Enc.base64ToHex(jwk.e)); |
|||
var n = SSH._padHexInt(Enc.base64ToHex(jwk.n)); |
|||
var hex = [ |
|||
SSH._numToUint32Hex(header.length) |
|||
, Enc.strToHex(header) |
|||
, SSH._numToUint32Hex(e.length/2) |
|||
, e |
|||
, SSH._numToUint32Hex(n.length/2) |
|||
, n |
|||
].join(''); |
|||
return [ header, Enc.hexToBase64(hex), comment ].join(' '); |
|||
}; |
|||
|
|||
SSH._numToUint32Hex = function (num) { |
|||
var hex = num.toString(16); |
|||
while (hex.length < 8) { |
|||
hex = '0' + hex; |
|||
} |
|||
return hex; |
|||
}; |
|||
|
|||
SSH._padHexInt = function (hex) { |
|||
// BigInt is negative if the high order bit 0x80 is set,
|
|||
// so ASN1, SSH, and many other formats pad with '0x00'
|
|||
// to signifiy a positive number.
|
|||
var i = parseInt(hex.slice(0, 2), 16); |
|||
if (0x80 & i) { |
|||
return '00' + hex; |
|||
} |
|||
return hex; |
|||
}; |
@ -1,111 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
// We believe in a proactive approach to sustainable open source.
|
|||
// As part of that we make it easy for you to opt-in to following our progress
|
|||
// and we also stay up-to-date on telemetry such as operating system and node
|
|||
// version so that we can focus our efforts where they'll have the greatest impact.
|
|||
//
|
|||
// Want to learn more about our Terms, Privacy Policy, and Mission?
|
|||
// Check out https://therootcompany.com/legal/
|
|||
|
|||
var os = require('os'); |
|||
var crypto = require('crypto'); |
|||
var https = require('https'); |
|||
var pkg = require('../package.json'); |
|||
|
|||
// to help focus our efforts in the right places
|
|||
var data = { |
|||
package: pkg.name |
|||
, version: pkg.version |
|||
, node: process.version |
|||
, arch: process.arch || os.arch() |
|||
, platform: process.platform || os.platform() |
|||
, release: os.release() |
|||
}; |
|||
|
|||
function addCommunityMember(opts) { |
|||
setTimeout(function () { |
|||
var req = https.request({ |
|||
hostname: 'api.therootcompany.com' |
|||
, port: 443 |
|||
, path: '/api/therootcompany.com/public/community' |
|||
, method: 'POST' |
|||
, headers: { 'Content-Type': 'application/json' } |
|||
}, function (resp) { |
|||
// let the data flow, so we can ignore it
|
|||
resp.on('data', function () {}); |
|||
//resp.on('data', function (chunk) { console.log(chunk.toString()); });
|
|||
resp.on('error', function () { /*ignore*/ }); |
|||
//resp.on('error', function (err) { console.error(err); });
|
|||
}); |
|||
var obj = JSON.parse(JSON.stringify(data)); |
|||
obj.action = 'updates'; |
|||
try { |
|||
obj.ppid = ppid(obj.action); |
|||
} catch(e) { |
|||
// ignore
|
|||
//console.error(e);
|
|||
} |
|||
obj.name = opts.name || undefined; |
|||
obj.address = opts.email; |
|||
obj.community = 'node.js@therootcompany.com'; |
|||
|
|||
req.write(JSON.stringify(obj, 2, null)); |
|||
req.end(); |
|||
req.on('error', function () { /*ignore*/ }); |
|||
//req.on('error', function (err) { console.error(err); });
|
|||
}, 50); |
|||
} |
|||
|
|||
function ping(action) { |
|||
setTimeout(function () { |
|||
var req = https.request({ |
|||
hostname: 'api.therootcompany.com' |
|||
, port: 443 |
|||
, path: '/api/therootcompany.com/public/ping' |
|||
, method: 'POST' |
|||
, headers: { 'Content-Type': 'application/json' } |
|||
}, function (resp) { |
|||
// let the data flow, so we can ignore it
|
|||
resp.on('data', function () { }); |
|||
//resp.on('data', function (chunk) { console.log(chunk.toString()); });
|
|||
resp.on('error', function () { /*ignore*/ }); |
|||
//resp.on('error', function (err) { console.error(err); });
|
|||
}); |
|||
var obj = JSON.parse(JSON.stringify(data)); |
|||
obj.action = action; |
|||
try { |
|||
obj.ppid = ppid(obj.action); |
|||
} catch(e) { |
|||
// ignore
|
|||
//console.error(e);
|
|||
} |
|||
|
|||
req.write(JSON.stringify(obj, 2, null)); |
|||
req.end(); |
|||
req.on('error', function (/*e*/) { /*console.error('req.error', e);*/ }); |
|||
}, 50); |
|||
} |
|||
|
|||
// to help identify unique installs without getting
|
|||
// the personally identifiable info that we don't want
|
|||
function ppid(action) { |
|||
var parts = [ action, data.package, data.version, data.node, data.arch, data.platform, data.release ]; |
|||
var ifaces = os.networkInterfaces(); |
|||
Object.keys(ifaces).forEach(function (ifname) { |
|||
if (/^en/.test(ifname) || /^eth/.test(ifname) || /^wl/.test(ifname)) { |
|||
if (ifaces[ifname] && ifaces[ifname].length) { |
|||
parts.push(ifaces[ifname][0].mac); |
|||
} |
|||
} |
|||
}); |
|||
return crypto.createHash('sha1').update(parts.join(',')).digest('base64'); |
|||
} |
|||
|
|||
module.exports.ping = ping; |
|||
module.exports.joinCommunity = addCommunityMember; |
|||
|
|||
if (require.main === module) { |
|||
ping('install'); |
|||
//addCommunityMember({ name: "AJ ONeal", email: 'coolaj86@gmail.com' });
|
|||
} |
@ -1,153 +0,0 @@ |
|||
'use strict'; |
|||
|
|||
var x509 = module.exports; |
|||
var ASN1 = require('./asn1.js'); |
|||
var Enc = require('./encoding.js'); |
|||
|
|||
x509.guess = function (der, asn1) { |
|||
// accepting der for compatability with other usages
|
|||
|
|||
var meta = { kty: 'RSA', format: 'pkcs1', public: true }; |
|||
//meta.asn1 = ASN1.parse(u8);
|
|||
|
|||
if (asn1.children.every(function(el) { |
|||
return 0x02 === el.type; |
|||
})) { |
|||
if (2 === asn1.children.length) { |
|||
// rsa pkcs1 public
|
|||
return meta; |
|||
} else if (asn1.children.length >= 9) { |
|||
// the standard allows for "otherPrimeInfos", hence at least 9
|
|||
meta.public = false; |
|||
// rsa pkcs1 private
|
|||
return meta; |
|||
} else { |
|||
throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)"); |
|||
} |
|||
} else { |
|||
meta.format = 'pkcs8'; |
|||
} |
|||
|
|||
return meta; |
|||
}; |
|||
|
|||
x509.parsePkcs1 = function parseRsaPkcs1(buf, asn1, jwk) { |
|||
if (!asn1.children.every(function(el) { |
|||
return 0x02 === el.type; |
|||
})) { |
|||
throw new Error("not an RSA PKCS#1 public or private key (not all ints)"); |
|||
} |
|||
|
|||
if (2 === asn1.children.length) { |
|||
|
|||
jwk.n = Enc.bufToUrlBase64(asn1.children[0].value); |
|||
jwk.e = Enc.bufToUrlBase64(asn1.children[1].value); |
|||
return jwk; |
|||
|
|||
} else if (asn1.children.length >= 9) { |
|||
// the standard allows for "otherPrimeInfos", hence at least 9
|
|||
|
|||
jwk.n = Enc.bufToUrlBase64(asn1.children[1].value); |
|||
jwk.e = Enc.bufToUrlBase64(asn1.children[2].value); |
|||
jwk.d = Enc.bufToUrlBase64(asn1.children[3].value); |
|||
jwk.p = Enc.bufToUrlBase64(asn1.children[4].value); |
|||
jwk.q = Enc.bufToUrlBase64(asn1.children[5].value); |
|||
jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value); |
|||
jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value); |
|||
jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value); |
|||
return jwk; |
|||
|
|||
} else { |
|||
throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)"); |
|||
} |
|||
}; |
|||
|
|||
x509.parsePkcs8 = function parseRsaPkcs8(buf, asn1, jwk) { |
|||
if (2 === asn1.children.length |
|||
&& 0x03 === asn1.children[1].type |
|||
&& 0x30 === asn1.children[1].value[0]) { |
|||
|
|||
asn1 = ASN1.parse(asn1.children[1].value); |
|||
jwk.n = Enc.bufToUrlBase64(asn1.children[0].value); |
|||
jwk.e = Enc.bufToUrlBase64(asn1.children[1].value); |
|||
|
|||
} else if (3 === asn1.children.length |
|||
&& 0x04 === asn1.children[2].type |
|||
&& 0x30 === asn1.children[2].children[0].type |
|||
&& 0x02 === asn1.children[2].children[0].children[0].type) { |
|||
|
|||
asn1 = asn1.children[2].children[0]; |
|||
jwk.n = Enc.bufToUrlBase64(asn1.children[1].value); |
|||
jwk.e = Enc.bufToUrlBase64(asn1.children[2].value); |
|||
jwk.d = Enc.bufToUrlBase64(asn1.children[3].value); |
|||
jwk.p = Enc.bufToUrlBase64(asn1.children[4].value); |
|||
jwk.q = Enc.bufToUrlBase64(asn1.children[5].value); |
|||
jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value); |
|||
jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value); |
|||
jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value); |
|||
|
|||
} else { |
|||
throw new Error("not an RSA PKCS#8 public or private key (wrong format)"); |
|||
} |
|||
return jwk; |
|||
}; |
|||
|
|||
x509.packPkcs1 = function (jwk) { |
|||
var n = ASN1.UInt(Enc.base64ToHex(jwk.n)); |
|||
var e = ASN1.UInt(Enc.base64ToHex(jwk.e)); |
|||
|
|||
if (!jwk.d) { |
|||
return Enc.hexToBuf(ASN1('30', n, e)); |
|||
} |
|||
|
|||
return Enc.hexToBuf(ASN1('30' |
|||
, ASN1.UInt('00') |
|||
, n |
|||
, e |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.d)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.p)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.q)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.dp)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.dq)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.qi)) |
|||
)); |
|||
}; |
|||
|
|||
x509.packPkcs8 = function (jwk) { |
|||
if (!jwk.d) { |
|||
// Public RSA
|
|||
return Enc.hexToBuf(ASN1('30' |
|||
, ASN1('30' |
|||
, ASN1('06', '2a864886f70d010101') |
|||
, ASN1('05') |
|||
) |
|||
, ASN1.BitStr(ASN1('30' |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.n)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.e)) |
|||
)) |
|||
)); |
|||
} |
|||
|
|||
// Private RSA
|
|||
return Enc.hexToBuf(ASN1('30' |
|||
, ASN1.UInt('00') |
|||
, ASN1('30' |
|||
, ASN1('06', '2a864886f70d010101') |
|||
, ASN1('05') |
|||
) |
|||
, ASN1('04' |
|||
, ASN1('30' |
|||
, ASN1.UInt('00') |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.n)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.e)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.d)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.p)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.q)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.dp)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.dq)) |
|||
, ASN1.UInt(Enc.base64ToHex(jwk.qi)) |
|||
) |
|||
) |
|||
)); |
|||
}; |
|||
x509.packSpki = x509.packPkcs8; |
@ -1,40 +0,0 @@ |
|||
{ |
|||
"name": "rasha", |
|||
"version": "1.1.0", |
|||
"description": "💯 PEM-to-JWK and JWK-to-PEM for RSA keys in a lightweight, zero-dependency library focused on perfect universal compatibility.", |
|||
"homepage": "https://git.coolaj86.com/coolaj86/rasha.js", |
|||
"main": "index.js", |
|||
"bin": { |
|||
"rasha": "bin/rasha.js" |
|||
}, |
|||
"files": [ |
|||
"bin", |
|||
"fixtures", |
|||
"lib" |
|||
], |
|||
"directories": { |
|||
"lib": "lib" |
|||
}, |
|||
"scripts": { |
|||
"postinstall": "node lib/telemetry.js event:install", |
|||
"test": "bash test.sh" |
|||
}, |
|||
"repository": { |
|||
"type": "git", |
|||
"url": "https://git.coolaj86.com/coolaj86/rasha.js" |
|||
}, |
|||
"keywords": [ |
|||
"zero-dependency", |
|||
"PEM-to-JWK", |
|||
"JWK-to-PEM", |
|||
"RSA", |
|||
"2048", |
|||
"4096", |
|||
"asn1", |
|||
"x509", |
|||
"JWK-to-SSH", |
|||
"PEM-to-SSH" |
|||
], |
|||
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", |
|||
"license": "MPL-2.0" |
|||
} |
@ -1,6 +0,0 @@ |
|||
var Rasha = require('./'); |
|||
|
|||
var pem = require('fs').readFileSync(process.argv[2], 'ascii'); |
|||
var jwk = Rasha.importSync({ pem: pem }); |
|||
|
|||
console.log(Buffer.from(jwk.n, 'base64').byteLength); |
@ -1,172 +0,0 @@ |
|||
#!/bin/bash |
|||
|
|||
# cause errors to hard-fail |
|||
# (and diff non-0 exit status will cause failure) |
|||
set -e |
|||
|
|||
pemtojwk() { |
|||
keyid=$1 |
|||
if [ -z "$keyid" ]; then |
|||
echo "" |
|||
echo "Testing PEM-to-JWK PKCS#1" |
|||
fi |
|||
# |
|||
node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \ |
|||
> ./fixtures/privkey-rsa-2048.jwk.1.json |
|||
diff ./fixtures/privkey-rsa-2048.jwk.${keyid}json ./fixtures/privkey-rsa-2048.jwk.1.json |
|||
# |
|||
node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem \ |
|||
> ./fixtures/pub-rsa-2048.jwk.1.json |
|||
diff ./fixtures/pub-rsa-2048.jwk.${keyid}json ./fixtures/pub-rsa-2048.jwk.1.json |
|||
if [ -z "$keyid" ]; then |
|||
echo "Pass" |
|||
fi |
|||
|
|||
|
|||
if [ -z "$keyid" ]; then |
|||
echo "" |
|||
echo "Testing PEM-to-JWK PKCS#8" |
|||
fi |
|||
# |
|||
node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs8.${keyid}pem \ |
|||
> ./fixtures/privkey-rsa-2048.jwk.1.json |
|||
diff ./fixtures/privkey-rsa-2048.jwk.${keyid}json ./fixtures/privkey-rsa-2048.jwk.1.json |
|||
# |
|||
node bin/rasha.js ./fixtures/pub-rsa-2048.spki.${keyid}pem \ |
|||
> ./fixtures/pub-rsa-2048.jwk.1.json |
|||
diff ./fixtures/pub-rsa-2048.jwk.${keyid}json ./fixtures/pub-rsa-2048.jwk.1.json |
|||
if [ -z "$keyid" ]; then |
|||
echo "Pass" |
|||
fi |
|||
} |
|||
|
|||
jwktopem() { |
|||
keyid=$1 |
|||
if [ -z "$keyid" ]; then |
|||
echo "" |
|||
echo "Testing JWK-to-PEM PKCS#1" |
|||
fi |
|||
# |
|||
node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json pkcs1 \ |
|||
> ./fixtures/privkey-rsa-2048.pkcs1.1.pem |
|||
diff ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem ./fixtures/privkey-rsa-2048.pkcs1.1.pem |
|||
# |
|||
node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json pkcs1 \ |
|||
> ./fixtures/pub-rsa-2048.pkcs1.1.pem |
|||
diff ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem ./fixtures/pub-rsa-2048.pkcs1.1.pem |
|||
if [ -z "$keyid" ]; then |
|||
echo "Pass" |
|||
fi |
|||
|
|||
if [ -z "$keyid" ]; then |
|||
echo "" |
|||
echo "Testing JWK-to-PEM PKCS#8" |
|||
fi |
|||
# |
|||
node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json pkcs8 \ |
|||
> ./fixtures/privkey-rsa-2048.pkcs8.1.pem |
|||
diff ./fixtures/privkey-rsa-2048.pkcs8.${keyid}pem ./fixtures/privkey-rsa-2048.pkcs8.1.pem |
|||
# |
|||
node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json spki \ |
|||
> ./fixtures/pub-rsa-2048.spki.1.pem |
|||
diff ./fixtures/pub-rsa-2048.spki.${keyid}pem ./fixtures/pub-rsa-2048.spki.1.pem |
|||
if [ -z "$keyid" ]; then |
|||
echo "Pass" |
|||
fi |
|||
|
|||
if [ -z "$keyid" ]; then |
|||
echo "" |
|||
echo "Testing JWK-to-SSH" |
|||
fi |
|||
# |
|||
node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json ssh > ./fixtures/pub-rsa-2048.ssh.1.pub |
|||
diff ./fixtures/pub-rsa-2048.ssh.${keyid}pub ./fixtures/pub-rsa-2048.ssh.1.pub |
|||
# |
|||
node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json ssh > ./fixtures/pub-rsa-2048.ssh.1.pub |
|||
diff ./fixtures/pub-rsa-2048.ssh.${keyid}pub ./fixtures/pub-rsa-2048.ssh.1.pub |
|||
if [ -z "$keyid" ]; then |
|||
echo "Pass" |
|||
fi |
|||
} |
|||
|
|||
rndkey() { |
|||
keyid="rnd.1." |
|||
keysize=$1 |
|||
# Generate 2048-bit RSA Keypair |
|||
openssl genrsa -out fixtures/privkey-rsa-2048.pkcs1.${keyid}pem $keysize |
|||
# Convert PKCS1 (traditional) RSA Keypair to PKCS8 format |
|||
openssl rsa -in fixtures/privkey-rsa-2048.pkcs1.${keyid}pem -pubout \ |
|||
-out fixtures/pub-rsa-2048.spki.${keyid}pem |
|||
# Export Public-only RSA Key in PKCS1 (traditional) format |
|||
openssl pkcs8 -topk8 -nocrypt -in fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \ |
|||
-out fixtures/privkey-rsa-2048.pkcs8.${keyid}pem |
|||
# Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format |
|||
openssl rsa -in fixtures/pub-rsa-2048.spki.${keyid}pem -pubin -RSAPublicKey_out \ |
|||
-out fixtures/pub-rsa-2048.pkcs1.${keyid}pem |
|||
# Convert RSA public key to SSH format |
|||
sshpub=$(ssh-keygen -f fixtures/pub-rsa-2048.spki.${keyid}pem -i -mPKCS8) |
|||
echo "$sshpub rsa@localhost" > fixtures/pub-rsa-2048.ssh.${keyid}pub |
|||
|
|||
|
|||
# to JWK |
|||
node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \ |
|||
> ./fixtures/privkey-rsa-2048.jwk.${keyid}json |
|||
node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem \ |
|||
> ./fixtures/pub-rsa-2048.jwk.${keyid}json |
|||
|
|||
pemtojwk "$keyid" |
|||
jwktopem "$keyid" |
|||
} |
|||
|
|||
pemtojwk "" |
|||
jwktopem "" |
|||
|
|||
echo "" |
|||
echo "testing node key generation" |
|||
node bin/rasha.js > /dev/null |
|||
node bin/rasha.js jwk > /dev/null |
|||
node bin/rasha.js json 2048 > /dev/null |
|||
node bin/rasha.js der > /dev/null |
|||
node bin/rasha.js pkcs8 der > /dev/null |
|||
node bin/rasha.js pem > /dev/null |
|||
node bin/rasha.js pkcs1 pem > /dev/null |
|||
node bin/rasha.js spki > /dev/null |
|||
echo "PASS" |
|||
|
|||
echo "" |
|||
echo "" |
|||
echo "Re-running tests with random keys of varying sizes" |
|||
echo "" |
|||
|
|||
# commented out sizes below 512, since they are below minimum size on some systems. |
|||
# rndkey 32 # minimum key size |
|||
# rndkey 64 |
|||
# rndkey 128 |
|||
# rndkey 256 |
|||
|
|||
rndkey 512 |
|||
rndkey 768 |
|||
rndkey 1024 |
|||
rndkey 2048 # first secure key size |
|||
|
|||
if [ "${RASHA_TEST_LARGE_KEYS}" == "true" ]; then |
|||
rndkey 3072 |
|||
rndkey 4096 # largest reasonable key size |
|||
else |
|||
echo "" |
|||
echo "Note:" |
|||
echo "Keys larger than 2048 have been tested and work, but are omitted from automated tests to save time." |
|||
echo "Set RASHA_TEST_LARGE_KEYS=true to enable testing of keys up to 4096." |
|||
fi |
|||
|
|||
echo "" |
|||
echo "Pass" |
|||
|
|||
rm fixtures/*.1.* |
|||
|
|||
echo "" |
|||
echo "" |
|||
echo "PASSED:" |
|||
echo "• All inputs produced valid outputs" |
|||
echo "• All outputs matched known-good values" |
|||
echo "• All random tests passed reciprosity" |
@ -0,0 +1,27 @@ |
|||
{ |
|||
"name": "rsa-compat", |
|||
"version": "2.0.3", |
|||
"lockfileVersion": 1, |
|||
"requires": true, |
|||
"dependencies": { |
|||
"eckles": { |
|||
"version": "1.4.1", |
|||
"resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz", |
|||
"integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA==" |
|||
}, |
|||
"keypairs": { |
|||
"version": "1.2.14", |
|||
"resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz", |
|||
"integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==", |
|||
"requires": { |
|||
"eckles": "^1.4.1", |
|||
"rasha": "^1.2.4" |
|||
} |
|||
}, |
|||
"rasha": { |
|||
"version": "1.2.4", |
|||
"resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.4.tgz", |
|||
"integrity": "sha512-GsIwKv+hYSumJyK9wkTDaERLwvWaGYh1WuI7JMTBISfYt13TkKFU/HFzlY4n72p8VfXZRUYm0AqaYhkZVxOC3Q==" |
|||
} |
|||
} |
|||
} |
Loading…
Reference in new issue