jsrsasign
    DefinitelyTyped icon, indicating that this package has TypeScript declarations provided by the separate @types/jsrsasign package

    10.5.1 • Public • Published

    jsrsasign

    license bower npm version npm downloads jsdeliver downloads CDNJS githubsponsors cryptocurrency

    The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token/Key in pure JavaScript.

    Public page is https://kjur.github.io/jsrsasign .

    Your bugfix and pull request contribution are always welcomed :)

    NEWS

    • 2021-Nov-21: 10.5.0 Release. Now supports secp521r1(P-521) ECDSA.
    • 2021-Apr-14: Security advisory and update for CVE-2021-30246 RSA signature validation vulnerability published
    • 2020-Oct-05: jsrsasign won Google Open Source Peer Bonus Award. Thank you Google.
    • 2020-Sep-23: 10.0.0 released for CMS SignedData related class including timestamp and CAdES architecture update
    • 2020-Aug-24: 9.1.0 released to new CRL APIs align with certificate
    • 2020-Aug-19: 9.0.0 released for major update of certificate and CSR generation and parsing without backward compatibility. Please see migration guide in detail.
    • 2020-Aug-02: twitter account @jsrsasign started for announcement. please follow.

    HIGHLIGHTS

    • Swiss Army Knife style all in one package crypto and PKI library
    • available on Node.js and browsers
    • Long live open source software from 2010
    • very easy API to use
    • powerful various format key loader and ASN.1 API
    • rich document and samples
    • no dependency to other library
    • no dependency to W3C Web Cryptography API nor OpenSSL
    • no dependency on newer ECMAScirpt function. So old browsers also supported.
    • very popular crypto library with 0.6M+ npm downloads/month

    INSTALL

    Node NPM

    > npm install jsrsasign jsrsasign-util
    

    Bower

    > bower install jsrsasign
    

    Or include in HTML from many CDN sites

    > <script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/8.0.20/jsrsasign-all-min.js"></script>
    

    USAGE

    Loading encrypted PKCS#5 private key:

    > var rs = require('jsrsasign');
    > var rsu = require('jsrsasign-util');
    > var pem = rsu.readFile('z1.prv.p5e.pem');
    > var prvKey = rs.KEYUTIL.getKey(pem, 'passwd');
    

    Sign string 'aaa' with the loaded private key:

    > var sig = new a.Signature({alg: 'SHA1withRSA'});
    > sig.init(prvKey);
    > sig.updateString('aaa');
    > var sigVal = sig.sign();
    > sigVal
    'd764dcacb...'
    

    MORE TUTORIALS AND SAMPLES

    RECENT SECURITY ADVISORY

    published fixed version title/advisory CVE CVSS
    2021Apr14 10.2.0 RSA signature validation vulnerability on maleable encoded message CVE-2021-30246 9.1
    2020Jun22 8.0.19 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding CVE-2020-14966 5.5
    2020Jun22 8.0.18 RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros CVE-2020-14967 4.8
    2020Jun22 8.0.17 RSA-PSS signature validation vulnerability by prepending zeros CVE-2020-14968 4.2

    Here is full published security advisory list.

    DONATIONS

    If you like jsrsasign and my other project, you can support their development by donation through any of the platform/services below. Thank you as always.

    Github Sponsors

    You can sponsor jsrsasign with the GitHub Sponsors program.

    Cryptocurrency

    You can donate cryptocurrency to jsrsasign using the following addresses:

    Install

    npm i jsrsasign

    DownloadsWeekly Downloads

    218,868

    Version

    10.5.1

    License

    MIT

    Unpacked Size

    818 kB

    Total Files

    13

    Last publish

    Collaborators

    • kjur