Nepotistic Pontifex Maximus

    @peculiar/x509
    TypeScript icon, indicating that this package has built-in type declarations

    1.3.2 • Public • Published

    @peculiar/x509

    License Node.js CI Coverage Status npm version

    About

    @peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy.

    Installation

    npm install @peculiar/x509
    

    Documentation

    https://peculiarventures.github.io/x509/

    Usage

    Browser

    Every release of @peculiar/x509 will have new build of ./build/x509.js for use in the browser. To get access to module classes use x509 global variable.

    WARN: We recommend hosting and controlling your own copy for security reasons

    <script src="https://unpkg.com/@peculiar/x509"></script>

    A simple web application examples

    Set crypto provider for Node.js

    In some cases you may want to use a different cryptographic implementation, for example when you want to work with an object that supports a cryptographic algorithm not supported by the platform you are on.

    In these cases you can set a custom provider, these providers need to be compatible with the WebCrypto API, for example on NodeJS you can use @peculiar/webcrypto to allow @peculiar/x509 to work the same as it does in browser!

    import * as x509 from "@peculiar/x509";
    import { Crypto } from "@peculiar/webcrypto";
    
    const crypto = new Crypto();
    x509.cryptoProvider.set(crypto);

    Create a self-signed certificate

    const alg = {
      name: "RSASSA-PKCS1-v1_5",
      hash: "SHA-256",
      publicExponent: new Uint8Array([1, 0, 1]),
      modulusLength: 2048,
    };
    const keys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]);
    const cert = await x509.X509CertificateGenerator.createSelfSigned({
      serialNumber: "01",
      name: "CN=Test",
      notBefore: new Date("2020/01/01"),
      notAfter: new Date("2020/01/02"),
      signingAlgorithm: alg,
      keys,
      extensions: [
        new x509.BasicConstraintsExtension(true, 2, true),
        new x509.ExtendedKeyUsageExtension(["1.2.3.4.5.6.7", "2.3.4.5.6.7.8"], true),
        new x509.KeyUsagesExtension(x509.KeyUsageFlags.keyCertSign | x509.KeyUsageFlags.cRLSign, true),
        await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),
      ]
    });
    
    console.log(cert.toString("pem")); // Certificate in PEM format

    Parse a x509 certificate

    const base64 = "MIIDljCCAn6gAwIBAgIOSETcxtRwD...S+kAFXIwugUGYEnTWp0m5bAn5NlD314IEOg4mnS8Q==";
    
    const cert = new x509.X509Certificate(base64);
    console.log(cert.subject); // CN=Test, O=PeculiarVentures LLC

    Create a PKCS#10 certificate request

    const alg = {
      name: "ECDSA",
      namedCurve: "P-384",
      hash: "SHA-384",
    }
    const keys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]);
    const csr = await x509.Pkcs10CertificateRequestGenerator.create({
      name: "CN=Test",
      keys,
      signingAlgorithm: alg,
      extensions: [
        new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment),
      ],
      attributes: [
        new x509.ChallengePasswordAttribute("password"),
      ]
    });
    
    console.log(cert.toString("base64")); // Certificate request in Base64 format

    Decoded X509 certificate

    X509Certificate {
      rawData: ArrayBuffer {
        [Uint8Contents]: <30 82 02 fc 30 82 01 e4 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 1e 17 0d 31 39 31 32 33 31 32 31 30 30 30 30 5a 17 0d 32 30 30 31 30 31 32 31 30 30 30 30 5a 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 82 01 ... 668 more bytes>,
        byteLength: 768
      },
      tbs: ArrayBuffer {
        [Uint8Contents]: <30 82 01 e4 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 1e 17 0d 31 39 31 32 33 31 32 31 30 30 30 30 5a 17 0d 32 30 30 31 30 31 32 31 30 30 30 30 5a 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 82 01 22 30 0d 06 ... 388 more bytes>,
        byteLength: 488
      },
      serialNumber: '01',
      subject: 'CN=Test',
      issuer: 'CN=Test',
      signatureAlgorithm: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } },
      signature: ArrayBuffer {
        [Uint8Contents]: <2e 78 fb 4b f6 c8 a1 9d b4 d1 8b 22 80 20 c1 68 46 39 a6 11 d1 a9 7a 13 03 8d 1e 0e 5e 87 b5 33 2a ba 44 1b 96 6d 91 e7 fd c0 ce b7 93 fe e4 df d3 d0 57 7c 9a eb 7e 3e 8b ed c6 07 ad 80 df fd 8f f7 ce 26 07 db 0e 9f af e6 cb 70 02 2d 17 9f f5 c1 0d ef d6 cf 1d ec 78 a0 dd 5d 46 2a 60 08 71 74 2c 26 ... 156 more bytes>,
        byteLength: 256
      },
      notBefore: 2019-12-31T21:00:00.000Z,
      notAfter: 2020-01-01T21:00:00.000Z,
      extensions: Extensions(4) [
        BasicConstraintsExtension {
          rawData: [ArrayBuffer],
          type: '2.5.29.19',
          critical: true,
          value: [ArrayBuffer],
          ca: true,
          pathLength: 2
        },
        ExtendedKeyUsageExtension {
          rawData: [ArrayBuffer],
          type: '2.5.29.37',
          critical: true,
          value: [ArrayBuffer],
          usages: [ExtendedKeyUsage]
        },
        KeyUsagesExtension {
          rawData: [ArrayBuffer],
          type: '2.5.29.15',
          critical: true,
          value: [ArrayBuffer],
          usages: 96
        },
        SubjectKeyIdentifierExtension {
          rawData: [ArrayBuffer],
          type: '2.5.29.14',
          critical: false,
          value: [ArrayBuffer],
          keyId: 'f525754650a3dee83f8bd777ee3b53ecc2c8d726'
        }
      ],
      publicKey: PublicKey {
        rawData: ArrayBuffer {
          [Uint8Contents]: <30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b6 f4 f1 cf dd 26 a1 23 45 b6 6e 4e ec 3e 20 8a 3f 90 ec 84 46 49 87 a2 05 c5 eb da ac 84 37 eb a3 bf 46 b5 8e 82 75 25 8a 80 19 10 79 13 c0 13 6c 29 df 56 44 1c ec f8 7b 34 0a f2 13 41 b5 53 98 e1 f5 ... 194 more bytes>,
          byteLength: 294
        },
        algorithm: {
          name: 'RSASSA-PKCS1-v1_5',
          publicExponent: [Uint8Array],
          modulusLength: 2048
        }
      }
    }

    Build a certificate chain

    const chain = new x509.X509ChainBuilder({
      certificates: [
        new x509.X509Certificate(raw1),
        new x509.X509Certificate(raw2),
        // ...
        new x509.X509Certificate(rawN),
      ],
    });
    
    const cert = x509.X509Certificate(raw);
    const items = await chain.build(cert);
    console.log(items); // [ X509Certificate, X509Certificate, X509Certificate ]

    Export a list of X509 certificates to PKCS#7 format

    const certs = new x509.X509Certificates([
      new x509.X509Certificate("MIIDljCCAn6gAwIBAgIOSETcxtRwD...S+kAFXIwugUGYEnTWp0m5bAn5NlD314IEOg4mnS8Q=="),
      new x509.X509Certificate("MIIDljCCAn6gAwIBAgIOSETcxtRwD...w8Y/o+hk3QzNBVa3ZUvzDhVAmamQflvw3lXMm/JG4U="),
    ]);
    
    console.log(certs.export("base64")); // "MIICTAYJKoZIhvcNAQcCoIICPTCCAjkCAQAxADACBgCgggIq...F7EZPNo3pjbfznpIilRMRrmwf5dkgCdSKDdE94xAA==");

    Install

    npm i @peculiar/x509

    DownloadsWeekly Downloads

    8,546

    Version

    1.3.2

    License

    MIT

    Unpacked Size

    327 kB

    Total Files

    40

    Last publish

    Collaborators

    • avatar
    • avatar
    • avatar
    • avatar
    • avatar
    • avatar