@root/x509

Built by The Root Company for Greenlock, ACME.js, and Keypairs.js

Lightweight, Zero-Dependency, x509 encoder and decoder for Node.js and Browsers

| 1.6k gzipped | 6.8k minified | 9.7k pretty |

This provides a set ASN.1 / x509 schemas for DER encoding and decoding Public / Private Keypairs and CSRs.

• [x] Zero External Dependencies
• [x] x509 schemas for common crypto
  • [x] RSA & ECDSA Public/Private Keypairs
    • PKCS1
    • PKCS8
    • SEC1
    • SPKI
    • PKIX
  • [x] Certificate Signing Requests (CSR)
    • PKCS10
• [x] Universal Support
  • [x] Node.js
  • [x] Browsers
• [x] Vanilla JS

Looking for easy?

You probably just want to use one of these:

• keypairs.js
• csr.js

Looking for a deep dive? Well, in addition to x509.js, you'll probably also want one of more of these:

• encoding.js
• asn1.js
• csr.js
• pem.js
• keypairs.js

Want to contribute? Need commercial support?

Install

This package contains both node-specific and browser-specific code, and the package.json#browser field ensures that your package manager will automatically choose the correct code for your environment.

Node (and Webpack)

npm install --save @root/x509

var X509 = require('@root/x509');

// just the encoders
var X509 = require('@root/x509/packers');

// just the decoders
var X509 = require('@root/x509/parsers');

Browsers (Vanilla JS)

<script src="https://unpkg.com/@root/x509/dist/x509.all.js"></script>

<script src="https://unpkg.com/@root/x509/dist/x509.all.min.js"></script>

var X509 = window.X509;

Usage

This is a very tiny, very efficient x509 package.

Rather than implementing full schemas as defined by the RFCs, it only implements the parts that are actually used in the wild by programs like openssl, Let's Encrypt, ssh-keygen, etc.

Additionally, rather than always using a full parser, it uses happy-path heuristics to quickly and efficiently extract the necessary information. It likewise packs very quickly.

Encoders

The packers encoder JWK as DER.

X509.packPkcs1(jwk);
X509.packSec1(jwk);
X509.packPkcs8(jwk);
X509.packSpki(jwk);
X509.packPkix(jwk); // alias of X509.packSpki

There are two special functions specifically for embeding keys in CSRs.

X509.packCsrRsaPublicKey(jwk);
X509.packCsrEcPublicKey(jwk);

The rest of the CSR code is in csr.js.

Decoders

The keypair format parsers each return a JWK, for convenience. To conserve memory, they expect taht you give an empty object as the jwk parameter.

If you are using crv: 'P-384', you should pass that in as part of the otherwise empty JWK.

X509.parsePkcs1(buf, jwk);
X509.parseSec1(buf, jwk);
X509.parsePkcs8(buf, jwk);
X509.parseSpki(buf, jwk);
X509.parsePkix(buf, jwk); // aliase of parseSpki

Contributions

Did this project save you some time? Maybe make your day? Even save the day?

Please say "thanks" via Paypal or Patreon:

• Paypal: $5 | $10 | Any amount: [email protected]
• Patreon: https://patreon.com/rootprojects

Where does your contribution go?

Root is a collection of experts who trust each other and enjoy working together on deep-tech, Indie Web projects.

Our goal is to operate as a sustainable community.

Your contributions - both in code and especially monetarily - help to not just this project, but also our broader work of projects that fuel the Indie Web.

Also, we chat on Keybase in #rootprojects

Commercial Support

Do you need...

• more features?
• bugfixes, on your timeline?
• custom code, built by experts?
• commercial support and licensing?

Contact [email protected] for support options.

Legal

Copyright AJ ONeal, Root 2018-2019

MPL-2.0 | Terms of Use | Privacy Policy