💯 SSH to JWK in a lightweight, zero-dependency library.

AJ ONeal 81780e5ab1 v1.2.4: bugfix RSA swapped n and e values (private key)		5 лет назад
bin	v1.2.1: fingerprint privkeys, doc priv parsing, update bin	5 лет назад
fixtures	v1.2.0: add support for ssh private keys (EC and RSA)	5 лет назад
lib	v1.2.4: bugfix RSA swapped n and e values (private key)	5 лет назад
README.md	v1.2.1: fingerprint privkeys, doc priv parsing, update bin	5 лет назад
index.js	v1.0.0: parse EC and RSA ssh public keys	5 лет назад
package.json	v1.2.4: bugfix RSA swapped n and e values (private key)	5 лет назад

README.md

SSH to JWK (for node.js)

A minimal library to parse an SSH public key (id_rsa.pub) and convert it into a public JWK.

Works for RSA and ECDSA public keys.

Features

< 100 lines of code | <1kb gzipped | 1.8kb minified | 3.1kb with comments

SSH Public Keys
- fingerprint
SSH EC Private Keys
SSH RSA Private Keys
- dp and dq values are unavailable
RSA Public Keys
EC Public Keys
- P-256 (prime256v1, secp256r1)
- P-384 (secp384r1)
Browser Version
- Bluecrypt SSH to JWK

Need JWK to SSH? SSH to PEM?

Try one of these:

jwk-to-ssh.js (RSA + EC)
Eckles.js (more EC utils)
Rasha.js (more RSA utils)

Need SSH Private Keys?

Many SSH private keys are just normal PEM files, so you can use Eckles or Rasha, as mentioned above.

As for the OpenSSH-specific Private Keys, EC is fully supported, but RSA has only partial support.

For more information see the "SSH Private Keys" section at the end of this file.

CLI

You can install ssh-to-jwk and use it from command line:

npm install -g ssh-to-jwk

ssh-to-jwk ~/.ssh/id_rsa.pub

ssh-to-jwk ~/.ssh/id_rsa

Usage

You can also use it from JavaScript:

SSH to JWK

var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var ssh;

ssh = sshtojwk.parse({ pub: fs.readFileSync("./id_rsa.pub") });
console.info(ssh.jwk);

// For OpenSSH PEMs only, use Rasha for standard RSA or Eckles for standard EC
ssh = sshtojwk.parse({ pem: fs.readFileSync("./id_rsa") });
console.info(ssh.jwk);

SSH Fingerprint

var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var pub = fs.readFileSync("./id_rsa.pub");

sshtojwk.fingerprint({ pub: pub }).then(function (fingerprint) {
  console.info(fingerprint);
  // SHA256:yCB62vBVsOwqksgYwy/WDbaMF2PhPijAwcrlzmrxfko
});

SSH Private Keys

As mentioned above, EC private keys are fully supported, and RSA private keys are partially supported.

It's unlikely that we'll support full SSH-to-JWK conversion for private RSA keys because OpenSSH omits the dp and dq values.

Although they are "optional" (they can be computed from the available values), to compute them in JavaScript would require a large and expensive BigInt library - and including (or writing) such a library would require contradicting the "lightweight" and/or "zero dependency" goals for this library.

That said, for someone willing to include a BigInt library in their code it should be trivial to perform the operations to derive dp and dq.

If that's you please open an issue because I am interested in creating a ssh-to-jwk-bigint library... I just don't have a use case for it right now.

Legal

ssh-to-jwk.js | MPL-2.0 | Terms of Use | Privacy Policy