2018-12-16 03:08:59 -07:00
# [rsa-compat.js](https://git.coolaj86.com/coolaj86/rsa-compat.js)
2018-07-10 19:55:08 +00:00
2016-07-30 15:59:48 -04:00
2018-12-16 02:54:57 -07:00
| A [Root ](https://therootcompany.com ) Project.
2018-03-20 21:33:26 -06:00
JavaScript RSA utils that work on Windows, Mac, and Linux with or without C compiler
2016-07-30 15:59:48 -04:00
2018-12-16 02:54:57 -07:00
This was built for the [ACME.js ](https://git.coolaj86.com/coolaj86/acme.js ) and
[Greenlock.js ](https://git.coolaj86.com/coolaj86/greenlock.js ) **Let's Encrypt** clients
and is particularly suitable for building **certbot** -like clients.
2016-08-01 05:44:46 -04:00
2018-12-16 02:54:57 -07:00
(if you're looking for similar tools in the browser, consider [Bluecrypt ](https://www.npmjs.com/search?q=bluecrypt ))
2016-07-30 15:59:48 -04:00
2018-12-16 02:54:57 -07:00
# Install
2016-08-17 00:22:07 -06:00
2018-06-29 02:39:10 -06:00
node.js
```bash
2016-08-17 00:22:07 -06:00
npm install --save rsa-compat
2018-06-29 02:39:10 -06:00
```
2018-12-16 03:08:59 -07:00
If you need compatibility with older versions of node, you may need to `npm install --save ursa-optional node-forge` .
2018-06-29 02:39:10 -06:00
### CLI
```bash
2016-08-17 00:22:07 -06:00
npm install --global rsa-compat
```
2018-12-16 02:54:57 -07:00
# Usage
2016-08-17 00:22:07 -06:00
CLI
---
You can generate keypairs on Windows, Mac, and Linux using rsa-keygen-js:
```bash
# generates a new keypair in the current directory
rsa-keypiar-js
```
2016-07-30 15:59:48 -04:00
Examples
--------
Generate an RSA Keypair:
```javascript
2016-07-31 01:23:10 -04:00
var RSA = require('rsa-compat').RSA;
2016-07-30 15:59:48 -04:00
2018-07-13 04:09:57 -06:00
var options = { bitlen: 2048, exp: 65537, public: true, pem: true, internal: true };
2016-07-30 15:59:48 -04:00
2018-07-13 04:09:57 -06:00
RSA.generateKeypair(options, function (err, keypair) {
2016-07-30 15:59:48 -04:00
console.log(keypair);
});
```
2016-07-31 01:23:10 -04:00
Here's what the object might look like:
2016-07-30 15:59:48 -04:00
`console.log(keypair)` :
```javascript
2016-07-30 23:47:52 -04:00
{ publicKeyPem: '-----BEGIN RSA PUBLIC KEY-----\n/*base64 pem-encoded string*/'
, privateKeyPem: '-----BEGIN RSA PRIVATE KEY-----\n/*base64 pem-encoded string*/'
2016-07-30 15:59:48 -04:00
, privateKeyJwk: {
kty: "RSA"
, n: '/*base64 modulus n = pq*/'
2016-07-30 16:04:57 -04:00
, e: '/*base64 exponent (usually 65537)*/'
2016-07-30 15:59:48 -04:00
, d: '/*base64 private exponent (d = e^−
, p: '/*base64 first prime*/'
2016-07-31 01:23:10 -04:00
, q: '/*base64 second prime*/'
, dp: '/*base64 first exponent for Chinese remainder theorem (dP = d (mod p−
, dq: '/*base64 Second exponent, used for CRT (dQ = d (mod q−
, qi: '/*base64 Coefficient, used for CRT (qinv = q^−
2016-07-30 15:59:48 -04:00
}
, publicKeyJwk: {
kty: "RSA"
2016-07-31 01:23:10 -04:00
, n: '/*base64 modulus n = pq*/'
, e: '/*base64 exponent (usually 65537)*/'
2016-07-30 15:59:48 -04:00
}
}
```
2016-07-31 01:23:10 -04:00
See http://crypto.stackexchange.com/questions/6593/what-data-is-saved-in-rsa-private-key to learn a little more about the meaning of the specific fields in the JWK.
2016-07-30 15:59:48 -04:00
2018-12-16 02:54:57 -07:00
# API Summary
2016-07-30 15:59:48 -04:00
2018-07-13 04:09:57 -06:00
* `RSA.generateKeypair(options, cb)`
* (deprecated `RSA.generateKeypair(bitlen, exp, options, cb)` )
* `RSA.import(options)`
* (deprecated `RSA.import(keypair, options)` )
2016-07-30 23:47:52 -04:00
* `RSA.exportPrivatePem(keypair)`
* `RSA.exportPublicPem(keypair)`
* `RSA.exportPrivateJwk(keypair)`
* `RSA.exportPublicJwk(keypair)`
2018-03-20 21:33:26 -06:00
* `RSA.signJws(keypair, header, protect, payload)`
* (deprecated `RSA.signJws(keypair, payload, nonce)` )
2016-08-01 05:44:46 -04:00
* `RSA.generateCsrPem(keypair, names)`
* `RSA.generateCsrDerWeb64(keypair, names)`
2018-12-16 03:08:59 -07:00
* `RSA.thumbprint(keypair)`
2016-07-30 23:47:52 -04:00
`keypair` can be any object with any of these keys `publicKeyPem, privateKeyPem, publicKeyJwk, privateKeyJwk`
2016-07-30 15:59:48 -04:00
2018-07-13 04:09:57 -06:00
### RSA.generateKeypair(options, cb)
2016-07-30 15:59:48 -04:00
Create a private keypair and export it as PEM, JWK, and/or internal formats
```javascript
2018-07-13 04:09:57 -06:00
RSA.generateKeypair(null, function (keypair) { /*...*/ });
2016-07-30 15:59:48 -04:00
2018-07-13 04:09:57 -06:00
RSA.generateKeypair({
bitlen: 2048, exp: 65537, pem: false, public: false, internal: false
}, function (keypair) { /*...*/ });
2016-07-30 15:59:48 -04:00
```
`options` :
```javascript
{ public: false // export public keys
, pem: false // export pems
, jwk: true // export jwks
, internal: false // preserve internal intermediate formats (_ursa, _forge)
, thumbprint: false // JWK sha256 thumbprint
, fingerprint: false // NOT IMPLEMENTED (RSA key fingerprint)
}
```
2016-08-01 04:44:55 -04:00
2018-07-13 04:09:57 -06:00
### RSA.import(options)
2016-08-02 16:42:44 -04:00
Imports keypair as JWKs and internal values `_ursa` and `_forge` .
```javascript
2018-07-13 04:09:57 -06:00
var keypair = RSA.import({ type: 'RSA', privateKeyPem: '...' });
2016-08-02 16:42:44 -04:00
console.log(keypair);
```
```javascript
{ privateKeyPem: ..., privateKeyJwk: ..., _ursa: ..., _forge: ... }
```
2016-08-01 04:44:55 -04:00
### RSA.export*(keypair)
You put in an object like `{ privateKeyPem: '...' }` or `{ publicKeyJwk: {} }`
and you get back the keys in the format you requested.
Note:
* Private keys **can** be used to export both private and public keys
* Public keys can **NOT** be used to generate private keys
Example:
```javascript
var keypair = { privateKeyPem: '...' };
keypair.publicKeyJwk = RSA.exportPublicJwk(keypair);
console.log(keypair);
```
### RSA.signJws(keypair, payload, nonce)
2016-08-01 05:44:46 -04:00
Generates a signature in JWS format (necessary for **certbot** /**letsencrypt**).
2016-08-01 04:44:55 -04:00
```javascript
var message = "Hello, World!"
var nonce = crypto.randomBytes(16).toString('hex');
var jws = RSA.signJws(keypair, message, nonce);
console.log(jws);
```
The result looks like this:
```javascript
{ "header": {
"alg": "RS256",
"jwk": {
"kty": "RSA",
"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK/Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY+2UPUS/GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
"e": "AQAB"
}
},
"protected": "eyJub25jZSI6IjhlZjU2MjRmNWVjOWQzZWYifQ",
"payload": "JLzF1NBNCV3kfbJ5sFaFyX94fJuL2H-IzaoBN-ciiHk",
"signature": "Wb2al5SDyh5gjmkV79MK9m3sfNBBPjntSKor-34BBoGwr6n8qEnBmqB1Y4zbo-5rmvsoPmJsnRlP_hRiUY86zSAQyfbisTGrGBl0IQ7ditpkfYVm0rBWJ8WnYNqYNp8K3qcD7NW72tsy-XoWEjNlz4lWJeRdEG2Nt4CJgnREH4Y"
}
```
2016-08-01 05:44:46 -04:00
2018-12-16 03:08:59 -07:00
### RSA.thumbprint(keypair)
Generates a JWK thumbprint.
`RSA.thumbprint(keypair)` :
```javascript
var thumb = RSA.thumbprint(keypair);
console.log(thumb);
```
```
// kK4OXp5CT1FEkHi6WkegldmeTJecSTyJN-DxZ91nQ30
```
2016-08-01 05:44:46 -04:00
### RSA.generateCsr*(keypair, names)
You can generate the CSR in human-readable or binary / base64 formats:
`RSA.generateCsrPem(keypair, names)` :
```javascript
var pem = RSA.generateCsrPem(keypair, [ 'example.com', 'www.example.com' ]);
console.log(pem);
```
web-safe base64 for **certbot** /**letsencrypt**:
`RSA.generateCsrDerWeb64(keypair, names)` :
```javascript
var web64 = RSA.generateCsrDerWeb64(keypair, [ 'example.com', 'www.example.com' ]);
console.log(web64);
```
2018-06-29 02:39:10 -06:00
2018-12-16 02:54:57 -07:00
# Old Node Versions
In recent versions of node >= v10.12 native RSA key generation is fairly quick for 2048-bit keys
(though it may still be too slow for some applications with 4096-bit keys).
In old versions, however, and especially on ARM and/or MIPS procesors, RSA key generation can be
very, very slow.
In old node versions `ursa` can provide faster key generation, but it must be compiled.
`ursa` will not compile for new node versions, but they already include the same openssl bindings anyawy.
```bash
npm install --save ursa
```
Also, if you need **Node < v6** support:
```bash
npm install --save buffer-v6-polyfill
```
## Security and Compatibility
**TL;DR**: Use the default values 2048 and 65537 unless you have a really, really good reason to do otherwise.
Various platforms *require* these values.
2018-06-29 02:39:10 -06:00
2018-12-16 02:54:57 -07:00
Most security experts agree that 4096-bit is no more "secure" than 2048-bit -
a fundamental vulnerability in the RSA algorithm which causes 2048 to be broken
will most likely also cause 4096 to be broken
(i.e. if someone can prove mathematically prove P=NP or a way to predict prime numbers).
Also, many platforms
only support 2048 bit keys due to the insecurity of 1024-bit keys (which are not 1/2 secure
but rather 1/(2^1028) less secure) and the excess computational
cost of 4096-bit keys (it's not a 2x increase, it's more like a 2^2048 increase).
As to why 65537 is even optional as a prime exponent or why it matters... no idea,
but it does matter.
# ChangeLog:
2018-12-17 01:19:45 -07:00
* v2.0
* remove ursa and node-forge deps
* mark for node v10.11+
* v1.9
2018-12-16 02:54:57 -07:00
* consistently handle key generation across node crypto, ursa, and forge
* move all other operations to rasha.js and rsa-csr.js
2018-12-16 03:08:59 -07:00
* bugfix non-standard JWKs output (which *mostly* worked)
2018-12-17 01:19:45 -07:00
* move dependencies to optional
2018-06-29 02:39:10 -06:00
* v1.4.0
* remove ursa as dependency (just causes confusion), but note in docs
* drop node < v6 support
2018-12-16 02:54:57 -07:00
# Legal
rsa-compat.js directly includes code from
[Rasha.js ](https://git.coolaj86.com/coolaj86/rasha.js )
and
[RSA-CSR.js ](https://git.coolaj86.com/coolaj86/rsa-csr.js )
(also [Root ](https://therootcompany.com ) projects),
retrofitted for rsa-compat.
[rsa-compat.js ](https://git.coolaj86.com/coolaj86/rsa-compat.js ) |
MPL-2.0 |
[Terms of Use ](https://therootcompany.com/legal/#terms ) |
[Privacy Policy ](https://therootcompany.com/legal/#privacy )
