v1.2.1: update README

README.md

@@ -14,6 +14,7 @@ RSA tools. Lightweight. Zero Dependencies. Universal compatibility.
 * [x] Fast and Easy RSA Key Generation
 * [x] PEM-to-JWK
 * [x] JWK-to-PEM
+* [x] JWK thumbprint
 * [x] SSH "pub" format
 * [ ] ECDSA
   * **Need EC or ECDSA tools?** Check out [Eckles.js](https://git.coolaj86.com/coolaj86/eckles.js)
@@ -174,6 +175,14 @@ Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB
 -----END PUBLIC KEY-----
 ```
 
+## JWK Thumbprint
+
+```js
+Rasha.thumbprint({ jwk: jwk }).then(function (thumbprint) {
+  console.log(thumbprint);
+});
+```
+
 Testing
 -------
 

bin/rasha.js

@@ -8,6 +8,12 @@ var ASN1 = require('../lib/asn1.js');
 
 var infile = process.argv[2];
 var format = process.argv[3];
+var msg = process.argv[4];
+var sign;
+if ('sign' === format) {
+  sign = true;
+  format = 'pkcs8';
+}
 
 if (!infile) {
   infile = 'jwk';
@@ -40,13 +46,24 @@ try {
   // ignore
 }
 
+var thumbprint = ('thumbprint' === format);
+if (thumbprint) {
+  format = 'public';
+}
+
 if ('string' === typeof key) {
+  if (thumbprint) {
+    Rasha.thumbprint({ pem: key }).then(console.info);
+    return;
+  }
   if ('tpl' === format) {
     var block = PEM.parseBlock(key);
     var asn1 = ASN1.parse(block.der);
     ASN1.tpl(asn1);
     return;
   }
+  if (sign) { signMessage(key, msg); return; }
+
   var pub = (-1 !== [ 'public', 'spki', 'pkix' ].indexOf(format));
   Rasha.import({ pem: key, public: (pub || format) }).then(function (jwk) {
     console.info(JSON.stringify(jwk, null, 2));
@@ -55,10 +72,38 @@ if ('string' === typeof key) {
     process.exit(1);
   });
 } else {
+  if (thumbprint) {
+    Rasha.thumbprint({ jwk: key }).then(console.info);
+    return;
+  }
   Rasha.export({ jwk: key, format: format }).then(function (pem) {
+    if (sign) { signMessage(pem, msg); return; }
     console.info(pem);
   }).catch(function (err) {
     console.error(err);
     process.exit(2);
   });
 }
+
+function signMessage(pem, name) {
+  var msg;
+  try {
+    msg = fs.readFileSync(name);
+  } catch(e) {
+    console.warn("[info] input string did not exist as a file, signing the string itself");
+    msg = Buffer.from(name, 'binary');
+  }
+  var crypto = require('crypto');
+  var sign = crypto.createSign('SHA256');
+  sign.write(msg)
+  sign.end()
+  var buf = sign.sign(pem);
+  console.log(buf.toString('base64'));
+  /*
+  Rasha.sign({ pem: pem, message: msg, alg: 'SHA256' }).then(function (sig) {
+  }).catch(function () {
+    console.error(err);
+    process.exit(3);
+  });
+  */
+}

lib/rasha.js

@@ -5,6 +5,7 @@ var SSH = require('./ssh.js');
 var PEM = require('./pem.js');
 var x509 = require('./x509.js');
 var ASN1 = require('./asn1.js');
+var Enc = require('./encoding.js');
 
 /*global Promise*/
 RSA.generate = function (opts) {
@@ -202,3 +203,26 @@ RSA.nueter = function (jwk) {
   });
   return jwk;
 };
+
+RSA.__thumbprint = function (jwk) {
+  var buf = require('crypto').createHash('sha256')
+    // alphabetically sorted keys [ 'e', 'kty', 'n' ]
+    .update('{"e":"' + jwk.e + '","kty":"RSA","n":"' + jwk.n + '"}')
+    .digest()
+  ;
+  return Enc.bufToUrlBase64(buf);
+};
+
+RSA.thumbprint = function (opts) {
+  return Promise.resolve().then(function () {
+    var jwk;
+    if ('RSA' === opts.kty) {
+      jwk = opts;
+    } else if (opts.jwk) {
+      jwk = opts.jwk;
+    } else {
+      jwk = RSA.importSync(opts);
+    }
+    return RSA.__thumbprint(jwk);
+  });
+};

package.json

@@ -1,6 +1,6 @@
 {
   "name": "rasha",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "description": "💯 PEM-to-JWK and JWK-to-PEM for RSA keys in a lightweight, zero-dependency library focused on perfect universal compatibility.",
   "homepage": "https://git.coolaj86.com/coolaj86/rasha.js",
   "main": "index.js",

test.sh

@@ -164,6 +164,12 @@ echo "Pass"
 
 rm fixtures/*.1.*
 
+echo ""
+echo "Testing Thumbprints"
+node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.pem thumbprint
+node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.json thumbprint
+echo "PASS"
+
 echo ""
 echo ""
 echo "PASSED:"