js-crypto-utils
v1.0.7
Published
JavaScript cryptographic utilities for OpenSSL-WebCrypto compatibility including PEM/X509-JWK converter.
Downloads
11,205
Maintainers
Readme
JavaScript Cryptographic Utilities for Browsers and Node.js Crypto-Suite Compatibility
WARNING: At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
Overview
This library is being developed to provide unified cryptographic APIs for browsers and Node.js. There currently exist various sophisticated cryptographic suites for JavaScript that are implemented as native functions, e.g., WebCrypto API and crypto
in Node.js. However, they have different interfaces and are NOT supported at all platforms. For instance, FireFox cannot be fed PKCS8-formatted private key in WebCrypto API but Chrome does. On the other hand, such suites have not been designed to keep compatibility to existing non-Web cryptographic suites like OpenSSL. This can be seen from the fact that WebCrypto API does not support PEM-formatted keys. Hence we (actually I!) need to write ugly codes so as to enable apps to work in various environments. From this observation, we aim that this library provides support functions to fill such gaps among JS cryptographic suites and that between JavaScript and other popular crypto suites.
Firstly, this library provides following functions that works in most modern browsers and Node.js.
- ECDSA signing, verification, key generation (P-256/P-384/P-521/P-256K)
- RSA-PSS/RSASSA-PKCS1-v1_5 signing, verification, key generation.
- Encryption using ECDH and HKDF.
- Encryption using RSA-OAEP.
- Public/private key format conversion between JWK and PEM/DER (SPKI for public/PKCS8 for private)
- Generation of JWK Thumbprint
- Generation of X.509 public key certificate from JWK and extraction of JWK public key from X.509 public key certificate. Additionally, this library provides random, hash, AES, HMAC, HKDF, and PBKDF functions.
Module structure
The module structure of this library can be illustrated as follows.
/**
* index.js
* Structure of API
* |-- Key (Key object handling EC and RSA public/private keys)
* |
* |-- pkc (public key crypto, EC and RSA)
* | |-- generateKey
* | |-- encrypt
* | |-- decrypt
* | |-- sign
* | |-- verify
* |
* |-- x509
* | |-- toJwk
* | |-- fromJwk
* | |-- parse (to verify)
* |
* |-- aes
* |-- random
* |-- hash
* |-- hmac
* |-- hkdf
* |-- pbkdf
*/
We should note that most of this library's functions are independently available through NPM and GitHub as modules. In other words, this library is being developed as an integrated wrapper of those independent modules. The independent modules are listed as follows:
Key
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-key-utilspkc
(EC): https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-ecpkc
(RSA): https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-rsax509
: https://github.com/junkurihara/jscu/tree/develop/packages/js-x509-utilsaes
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-aesrandom
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-randomhash
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-hashhkdf
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-hkdfpbkdf
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-pbkdfhmac
: https://github.com/junkurihara/jscu/tree/develop/packages/js-crypto-hmac
Please refer to the above repos for further information.
NOTE: If you would use only few modules and employ neither Key
nor pkc
, we highly recommend use our independent modules since those independent ones are relatively small and this library would be overkill.
Installation
At your project directory, do either one of the following.
- From npm/yarn:
$ npm install --save js-crypto-utils // npm $ yarn add js-crypto-utils // yarn
- From GitHub:
$ git clone https://github.com/junkurihara/jscu.git $ cd js-crypto-utils/packages/js-crypto-utils & yarn build
Then you should import the package as follows.
import jscu from 'js-crypto-utils'; // for npm
import jscu from 'path/to/js-crypto-utils/dist/index.js'; // for github
The bundled file is also given as js-crypto-utils/dist/jscu.bundle.js
for a use case where the module is imported as a window.jscu
object via script
tags.
Usage
NOTE: This library always uses jscu.Key
objects as instances of public and private keys, and the Key
object can be instantiated from and can export ones in various formats. For the detailed usage of Key
object, please refer to another GitHub repo.
Key generation, sign and verify
// case of ECDSA
jscu.pkc.generateKey( // key generation
'EC', // ECDSA or ECDH key pair
{namedCurve: 'P-256'} // or 'P-384', 'P-521', 'P-256K'
)
.then( async (keyPair) => { // get a key pair in jscu.Key object
const msg = new Uint8Array(32);
for(let i = 0; i < 32; i++) msg[i] = 0xFF & i;
const sig = await jscu.pkc.sign(msg, keyPair.privateKey, 'SHA-256'); // uint8array
const result = await jscu.pkc.verify(msg, sig, keyPair.publicKey, 'SHA-256'); // true or false
});
// case of RSA
jscu.pkc.generateKey( // key generation
'RSA', // RSA key pair
{modulusLength: 2048}
)
.then( async (keyPair) => { // get a key pair in jscu.Key object
const msg = new Uint8Array(32);
for(let i = 0; i < 32; i++) msg[i] = 0xFF & i;
// case of RSA-PSS
// RSASSA-PKCS1-v1_5 is supported as well. see test files.
const sig = await jscu.pkc.sign(msg, keyPair.privateKey, 'SHA-256', {name: 'RSA-PSS', saltLength: 32}); // uint8array
const result = await jscu.pkc.verify(msg, sig, keyPair.publicKey, 'SHA-256', {name: 'RSA-PSS', saltLength: 32}); // true or false
});
Encryption and decryption through ECDH with AES-GCM of 256 bits key and SHA-256 based HKDF
const msg = new Uint8Array(32);
for(let i = 0; i < 32; i++) msg[i] = 0xFF & i;
const remotePublicKey = {...}; // destination's publicKey in jscu.Key object
const remotePrivateKey = {...}; // destination's privateKey in jscu.Key object
jscu.pkc.generateKey( // key generation
'EC', // ECDSA or ECDH key pair
{namedCurve: 'P-256'} // or 'P-384', 'P-521', 'P-256K'
).then( async (keyPair) => { // get a key pair in jscu.Key object
////////////////////////////
// encryption at my side
////////////////////////////
const optionsEncryption = {
privateKey: keyPair.privateKey, // for ECDH, my private key
hash: 'SHA-256', // for HKDF
encrypt: 'AES-GCM', // for encryption of message, if message is a key, 'AES-KW' can be used as well.
keyLength: 32, // key length of AES
info: '' // for HKDF
};
const encrypted = await jscu.pkc.encrypt(msg, remotePublicKey, optionsEncryption);
// now you get the encrypted message
////////////////////////////
// decryption at remote side
////////////////////////////
const optionsDecryption = {
publicKey: keyPair.publicKey, // for ECDH, my public key
hash: 'SHA-256', // for HKDF
encrypt: 'AES-GCM', // for encryption of message. 'AES-KW' can be used as well
keyLength: 32, // key length of AES
info: '', // for HKDF
salt: encrypted.salt, // for HKDF
iv: encrypted.iv // for AES
};
const decrypted = await jscu.pkc.decrypt(encrypted.data, remotePrivateKey, optionsDecryption);
// now you get decrypted message
});
Note that AES and HKDF are independently available from jscu.aes
and jscu.hkdf
as well as random
and hash
. Also note that the HKDF employed in this library is the one specified in RFC5869 (https://tools.ietf.org/html/rfc5869).
RSA-OAEP encryption and decryption
const msg = new Uint8Array(32);
for(let i = 0; i < 32; i++) msg[i] = 0xFF & i;
const publicKey = {...}; // publicKey in jscu.Key object
const privateKey = {...}; // privateKey in jscu.Key object
jscu.pkc.encrypt(
msg,
publicKey,
{hash: 'SHA-256'} // for OAEP
).then( (encrypted) => {
// now you get the encrypted message
return jscu.pkc.decrypt(
encrypted,
privateKey,
{hash: 'SHA-256'}); // for OAEP
}).then( (decrypted) => {
// now you get the decrypted message
})
Converting between Json Web Key (JWK) and SPKI-formatted (public key) or PKCS8-formatted (private key) PEM/DER
We shall explain the conversion using an example of elliptic curve cryptography keys. First let an elliptic curve crypto public key is given in the form of JWK (RFC7517) as follows:
const publicJwk = {kty: 'EC', crv: 'P-256', x: '...', y: '...'};
Given JWKs can be converted to the PEM/DER formatted keys in the following procedure.
const publicKeyObject = new jscu.Key('jwk', publicJwk);
const publicAsn = await publicKeyObject.export(
'pem', // output format is in string PEM, 'der' is also available
{
compact: false // if true, compressed form of keys are obtained
});
This library also re-convert keys in PEM/DER to JWK as follows.
const publicKeyObjectR = new jscu.Key('pem', publicASN);
const publicJwkR = publicKeyObjectR.export('jwk');
Note that JWK/DER/PEM-formatted RSA keys can be handled in the similar manner to the above.
Generation of self-signed X.509 certificate from JWK-formatted public key
const publicJwk = {kty: 'EC', crv: 'P-256', x: '...', y: '...'}; // public key to be signed
const privateJwk = {ktyp: 'EC', crv: 'P-256', x: '...', y: '...', d: '...'}; // private key
const name = { // this is optional
countryName: 'JP',
stateOrProvinceName: 'Tokyo',
localityName: 'Chiyoda',
organizationName: 'example',
organizationalUnitName: 'Research',
commonName: 'example.com'
};
// generation from JWK
jscu.keyUtil.x509.fromJwk(
publicJwk,
privateJwk,
'pem',
{
signature: 'ecdsa-with-sha256', // signature algorithm
days: 365, // expired in days
issuer: name, // issuer
subject: name // assume that issuer = subject, i.e., self-signed certificate
},
'pem' // output signature is in PEM. DER-encoded signature is available with 'der'.
).then( (cert) => {
// now you get the certificate in PEM string
});
For signature
, rsassaPss
(RSA-PSS) and sha*WithRSAEncryption
(RSASSA-PKCS1-v1_5) are available as well. When rsassaPss
is specified, saltLength
and hash
are required as its params.
Extract JWK from X.509 certificate
const crtsample = '-----BEGIN CERTIFICATE-----...';
const jwkey = jscu.keyUtil.x509.toJwk(crtsample, 'pem');
// now you get JWK public key from PEM-formatted certificate
Notes
One of the listed APIs/libraries is automatically chosen and leveraged for each implemented function, and unified interfaces are provided for browsers and Node.js.
ECDSA and ECDH:
- WebCrypto API for browsers
- NodeCrypto for Node.js
- elliptic for browsers
RSA-PSS, RSASSA-PKCS1-v1_5, RSA-OAEP (RSA-PSSS does not work in Edge)
- WebCrypto API for browsers
- NodeCrypto for Node.js
Key format conversion:
- WebCrypto API for browsers
- asn1.js for browsers and Node.js
X.509 generation from JWK, and extraction of JWK from X.509
- WebCrypto API for browsers
- NodeCrypto for Node.js
- elliptic for browsers
AES: (may not work in IE)
- WebCrypto API for browsers
- NodeCrypto for Node.js
Random, hash, HKDF, HMAC, JWK Thumbprint
- WebCrypto API for browsers
- NodeCrypto for Node.js
IE is completely out of our scope now.
Especially for Hash functions, we shall use the following pure JS implementation for some browsers (WebCrypto does not support SHA-3 yet). SHA-1 doesn't work in Edge. I believe Edge should be discarded ASAP.
License
Licensed under the MIT license, see LICENSE
file.