npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

rasha

v1.2.5

Published

💯 PEM-to-JWK and JWK-to-PEM for RSA keys in a lightweight, zero-dependency library focused on perfect universal compatibility.

Downloads

424,522

Readme

Rasha.js

A Root Project. Built for ACME.js and Greenlock.js

| ~550 lines of code | 3kb gzipped | 10kb minified | 18kb with comments |

RSA tools. Lightweight. Zero Dependencies. Universal compatibility.

  • [x] Fast and Easy RSA Key Generation
  • [x] PEM-to-JWK
  • [x] JWK-to-PEM
  • [x] JWK thumbprint
  • [x] SSH "pub" format
  • [ ] ECDSA

Generate RSA Key

Achieves the fastest possible key generation using node's native RSA bindings to OpenSSL, then converts to JWK for ease-of-use.

Rasha.generate({ format: 'jwk' }).then(function (keypair) {
  console.log(keypair.private);
  console.log(keypair.public);
});

options

  • format defaults to 'jwk'
    • 'pkcs1' (traditional)
    • 'pkcs8'
  • modulusLength defaults to 2048 (must not be lower)
    • generally you shouldn't pick a larger key size - they're slow
    • 2048 is more than sufficient
    • 3072 is way, way overkill and takes a few seconds to generate
    • 4096 can take about a minute to generate and is just plain wasteful

advanced options

These options are provided for debugging and should not be used.

  • publicExponent defaults to 65537 (0x10001)

PEM-to-JWK

  • [x] PKCS#1 (traditional)
  • [x] PKCS#8, SPKI/PKIX
  • [x] 2048-bit, 3072-bit, 4096-bit (and ostensibily all others)
  • [x] SSH (RFC4716), (RFC 4716/SSH2)
var Rasha = require('rasha');
var pem = require('fs')
  .readFileSync('./node_modles/rasha/fixtures/privkey-rsa-2048.pkcs1.pem', 'ascii');

Rasha.import({ pem: pem }).then(function (jwk) {
  console.log(jwk);
});
{
  "kty": "RSA",
  "n": "m2ttVBxPlWw06ZmGBWVDl...QlEz7UNNj9RGps_50-CNw",
  "e": "AQAB",
  "d": "Cpfo7Mm9Nu8YMC_xrZ54W...Our1IdDzJ_YfHPt9sHMQQ",
  "p": "ynG-t9HwKCN3MWRYFdnFz...E9S4DsGcAarIuOT2TsTCE",
  "q": "xIkAjgUzB1zaUzJtW2Zgv...38ahSrBFEVnxjpnPh1Q1c",
  "dp": "tzDGjECFOU0ehqtuqhcu...dVGAXJoGOdv5VpaZ7B1QE",
  "dq": "kh5dyDk7YCz7sUFbpsmu...aX9PKa12HFlny6K1daL48",
  "qi": "AlHWbx1gp6Z9pbw_1hlS...lhmIOgRApS0t9VoXtHhFU"
}

JWK-to-PEM

  • [x] PKCS#1 (traditional)
  • [x] PKCS#8, SPKI/PKIX
  • [x] 2048-bit, 4096-bit (and ostensibily all others)
  • [x] SSH (RFC4716), (RFC 4716/SSH2)
var Rasha = require('rasha');
var jwk = require('rasha/fixtures/privkey-rsa-2048.jwk.json');

Rasha.export({ jwk: jwk }).then(function (pem) {
  // PEM in PKCS1 (traditional) format
  console.log(pem);
});
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD
NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ
38P8LdAIlb0pqDHxEJ9adWomjuFf.....5cCBahfsiNtNR6WV1/iCSuINYs6uPdA
Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+
atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ==
-----END RSA PRIVATE KEY-----

Advanced Options

format: 'pkcs8':

The default output format pkcs1 (RSA-specific format) is used for private keys. Use format: 'pkcs8' to output in PKCS#8 format instead.

Rasha.export({ jwk: jwk, format: 'pkcs8' }).then(function (pem) {
  // PEM in PKCS#8 format
  console.log(pem);
});
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp
mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo
6HF5JijfWzK7haHFuRMEsgI4VwIY.....LorV1ovjwKBgAJR1m8dYKemfaW8P9YZ
Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC
+nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9
Q+Z5YZiDoEQKUtLfVaF7R4RV
-----END PRIVATE KEY-----

format: 'ssh':

Although SSH uses PKCS#1 for private keys, it uses ts own special non-ASN1 format (affectionately known as rfc4716) for public keys. I got curious and then decided to add this format as well.

To get the same format as you would get with ssh-keygen, pass ssh as the format option:

Rasha.export({ jwk: jwk, format: 'ssh' }).then(function (pub) {
  // Special SSH2 Public Key format (RFC 4716)
  console.log(pub);
});
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE.....Q02P1Eamz/nT4I3 rsa@localhost

public: 'true':

If a private key is used as input, a private key will be output.

If you'd like to output a public key instead you can pass public: true.

or format: 'spki'.

Rasha.export({ jwk: jwk, public: true }).then(function (pem) {
  // PEM in SPKI/PKIX format
  console.log(pem);
});
-----BEGIN PUBLIC KEY-----
MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ
efLukC+xu0LBKylYojT5vTkxaOhx.....TmzCh2ikrwTMja7mUdBJf2bK3By5AB0
Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB
-----END PUBLIC KEY-----

JWK Thumbprint

Rasha.thumbprint({ jwk: jwk }).then(function (thumbprint) {
  console.log(thumbprint);
});

Testing

All cases are tested in test.sh.

You can compare these keys to the ones that you get from OpenSSL, OpenSSH/ssh-keygen, and WebCrypto:

# Generate 2048-bit RSA Keypair
openssl genrsa -out privkey-rsa-2048.pkcs1.pem 2048

# Convert PKCS1 (traditional) RSA Keypair to PKCS8 format
openssl rsa -in privkey-rsa-2048.pkcs1.pem -pubout -out pub-rsa-2048.spki.pem

# Export Public-only RSA Key in PKCS1 (traditional) format
openssl pkcs8 -topk8 -nocrypt -in privkey-rsa-2048.pkcs1.pem -out privkey-rsa-2048.pkcs8.pem

# Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format
openssl rsa -in pub-rsa-2048.spki.pem -pubin -RSAPublicKey_out -out pub-rsa-2048.pkcs1.pem

# Convert RSA public key to SSH format
ssh-keygen -f ./pub-rsa-2048.spki.pem -i -mPKCS8 > ./pub-rsa-2048.ssh.pub

Goals of this project

  • Focused support for 2048-bit and 4096-bit RSA keypairs (although any size is technically supported)
  • Zero Dependencies
  • VanillaJS
  • Quality Code: Good comments and tests
  • Convert both ways: PEM-to-JWK and JWK-to-PEM (also supports SSH pub files)
  • Browser support as well (TODO)
  • OpenSSL, ssh-keygen, and WebCrypto compatibility

Legal

Rasha.js | MPL-2.0 | Terms of Use | Privacy Policy