💯 SSH to JWK in a lightweight, zero-dependency library.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
AJ ONeal 1deaf14f5c v1.2.5: bugfix RSA swapped n and e values (private key) 5 years ago
bin v1.2.1: fingerprint privkeys, doc priv parsing, update bin 5 years ago
fixtures v1.2.0: add support for ssh private keys (EC and RSA) 5 years ago
lib v1.2.5: bugfix RSA swapped n and e values (private key) 5 years ago
README.md v1.2.1: fingerprint privkeys, doc priv parsing, update bin 5 years ago
index.js v1.0.0: parse EC and RSA ssh public keys 5 years ago
package.json v1.2.5: bugfix RSA swapped n and e values (private key) 5 years ago

README.md

SSH to JWK (for node.js)

A minimal library to parse an SSH public key (id_rsa.pub) and convert it into a public JWK.

Works for RSA and ECDSA public keys.

Features

< 100 lines of code | <1kb gzipped | 1.8kb minified | 3.1kb with comments

  • SSH Public Keys
    • fingerprint
  • SSH EC Private Keys
  • SSH RSA Private Keys
    • dp and dq values are unavailable
  • RSA Public Keys
  • EC Public Keys
    • P-256 (prime256v1, secp256r1)
    • P-384 (secp384r1)
  • Browser Version

Need JWK to SSH? SSH to PEM?

Try one of these:

Need SSH Private Keys?

Many SSH private keys are just normal PEM files, so you can use Eckles or Rasha, as mentioned above.

As for the OpenSSH-specific Private Keys, EC is fully supported, but RSA has only partial support.

For more information see the "SSH Private Keys" section at the end of this file.

CLI

You can install ssh-to-jwk and use it from command line:

npm install -g ssh-to-jwk
ssh-to-jwk ~/.ssh/id_rsa.pub
ssh-to-jwk ~/.ssh/id_rsa

Usage

You can also use it from JavaScript:

SSH to JWK

var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var ssh;

ssh = sshtojwk.parse({ pub: fs.readFileSync("./id_rsa.pub") });
console.info(ssh.jwk);

// For OpenSSH PEMs only, use Rasha for standard RSA or Eckles for standard EC
ssh = sshtojwk.parse({ pem: fs.readFileSync("./id_rsa") });
console.info(ssh.jwk);

SSH Fingerprint

var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var pub = fs.readFileSync("./id_rsa.pub");

sshtojwk.fingerprint({ pub: pub }).then(function (fingerprint) {
  console.info(fingerprint);
  // SHA256:yCB62vBVsOwqksgYwy/WDbaMF2PhPijAwcrlzmrxfko
});

SSH Private Keys

As mentioned above, EC private keys are fully supported, and RSA private keys are partially supported.

It's unlikely that we'll support full SSH-to-JWK conversion for private RSA keys because OpenSSH omits the dp and dq values.

Although they are "optional" (they can be computed from the available values), to compute them in JavaScript would require a large and expensive BigInt library - and including (or writing) such a library would require contradicting the "lightweight" and/or "zero dependency" goals for this library.

That said, for someone willing to include a BigInt library in their code it should be trivial to perform the operations to derive dp and dq.

If that's you please open an issue because I am interested in creating a ssh-to-jwk-bigint library... I just don't have a use case for it right now.

Legal

ssh-to-jwk.js | MPL-2.0 | Terms of Use | Privacy Policy