ssh-to-jwk.js/README.md

# SSH to JWK (for node.js)

A minimal library to parse an SSH public key (`id_rsa.pub`)
and convert it into a public JWK.

Works for RSA and ECDSA public keys.

Features
========

&lt; 100 lines of code | <1kb gzipped | 1.8kb minified | 3.1kb with comments

* [x] SSH Public Keys
  * fingerprint
* [x] SSH EC Private Keys
* [ ] SSH RSA Private Keys
  * `dp` and `dq` values are unavailable
* [x] RSA Public Keys
* [x] EC Public Keys
  * P-256 (prime256v1, secp256r1)
  * P-384 (secp384r1)
* [x] Browser Version
  * [Bluecrypt SSH to JWK](https://git.coolaj86.com/coolaj86/bluecrypt-ssh-to-jwk.js)

### Need JWK to SSH? SSH to PEM?

Try one of these:

* [jwk-to-ssh.js](https://git.coolaj86.com/coolaj86/jwk-to-ssh.js) (RSA + EC)
* [Eckles.js](https://git.coolaj86.com/coolaj86/eckles.js) (more EC utils)
* [Rasha.js](https://git.coolaj86.com/coolaj86/eckles.js) (more RSA utils)

### Need SSH Private Keys?

Many SSH private keys are just normal PEM files,
so you can use Eckles or Rasha, as mentioned above.

As for the [OpenSSH-specific Private Keys](https://coolaj86.com/articles/the-openssh-private-key-format/),
EC is **fully supported**, but RSA has only partial support.

For more information see the "SSH Private Keys" section at the end of this file.

# CLI

You can install `ssh-to-jwk` and use it from command line:

```bash
npm install -g ssh-to-jwk
```

```bash
ssh-to-jwk ~/.ssh/id_rsa.pub
```

```bash
ssh-to-jwk ~/.ssh/id_rsa
```

# Usage

You can also use it from JavaScript:

**SSH to JWK**

```js
var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var ssh;

ssh = sshtojwk.parse({ pub: fs.readFileSync("./id_rsa.pub") });
console.info(ssh.jwk);

// For OpenSSH PEMs only, use Rasha for standard RSA or Eckles for standard EC
ssh = sshtojwk.parse({ pem: fs.readFileSync("./id_rsa") });
console.info(ssh.jwk);
```

**SSH Fingerprint**

```js
var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var pub = fs.readFileSync("./id_rsa.pub");

sshtojwk.fingerprint({ pub: pub }).then(function (fingerprint) {
  console.info(fingerprint);
  // SHA256:yCB62vBVsOwqksgYwy/WDbaMF2PhPijAwcrlzmrxfko
});
```

# SSH Private Keys

As mentioned above, EC private keys are fully supported,
and RSA private keys are partially supported.

It's unlikely that we'll support full SSH-to-JWK conversion for private RSA keys
because OpenSSH omits the `dp` and `dq` values.

Although they are "optional" (they can be computed from the available values),
to compute them in JavaScript would require a large and expensive BigInt library -
and including (or writing) such a library would require contradicting the
"lightweight" and/or "zero dependency" goals for this library.

That said, for someone willing to include a BigInt library in their code
it should be trivial to perform the operations to derive `dp` and `dq`.

If that's you please open an issue because I am interested in creating
a `ssh-to-jwk-bigint` library... I just don't have a use case for it right now.

# Legal

[ssh-to-jwk.js](https://git.coolaj86.com/coolaj86/ssh-to-jwk.js) |
MPL-2.0 |
[Terms of Use](https://therootcompany.com/legal/#terms) |
[Privacy Policy](https://therootcompany.com/legal/#privacy)