35 changed files with 1689 additions and 84 deletions
--- a/README.md
+++ b/README.md
@ -266,14 +266,12 @@ but it does matter.
 # ChangeLog:
-* v2.0
+* v2.0.0
-  * remove ursa and node-forge deps
+  * remove ursa and node-forge as strict dependencies
-  * mark for node v10.11+
+* v1.9.0
 * v1.9
  * consistently handle key generation across node crypto, ursa, and forge
  * move all other operations to rasha.js and rsa-csr.js
  * bugfix non-standard JWKs output (which *mostly* worked)
  * move dependencies to optional
 * v1.4.0
  * remove ursa as dependency (just causes confusion), but note in docs
  * drop node &lt; v6 support
--- a/lib/generate-privkey-forge.js
+++ b/lib/generate-privkey-forge.js
@ -4,7 +4,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 'use strict';
-var Keypairs = require('keypairs');
+var Rasha = require('./rasha');
 module.exports = function (bitlen, exp) {
  var k = require('node-forge').pki.rsa
@ -21,8 +21,8 @@ module.exports = function (bitlen, exp) {
  , qi: _toUrlBase64(k.qInv)
  };
  return {
-    publicKeyPem: Keypairs._exportSync({ jwk: jwk, public: true })
+    publicKeyPem: Rasha.exportSync({ jwk: jwk, public: true })
-  , privateKeyPem: Keypairs._exportSync({ jwk: jwk })
+  , privateKeyPem: Rasha.exportSync({ jwk: jwk })
  , privateKeyJwk: jwk
  , publicKeyJwk: {
      kty: jwk.kty
--- a/lib/generate-privkey-node.js
+++ b/lib/generate-privkey-node.js
@ -4,7 +4,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 'use strict';
-var Keypairs = require('keypairs');
+var Rasha = require('./rasha');
 module.exports = function (bitlen, exp) {
  var keypair = require('crypto').generateKeyPairSync(
@ -25,8 +25,8 @@ module.exports = function (bitlen, exp) {
    publicKeyPem: keypair.publicKey.trim()
  , privateKeyPem: keypair.privateKey.trim()
  };
-  result.publicKeyJwk = Keypairs._importSync({ pem: result.publicKeyPem, public: true });
+  result.publicKeyJwk = Rasha.importSync({ pem: result.publicKeyPem, public: true });
-  result.privateKeyJwk = Keypairs._importSync({ pem: result.privateKeyPem });
+  result.privateKeyJwk = Rasha.importSync({ pem: result.privateKeyPem });
  return result;
 };
--- a/lib/generate-privkey-ursa.js
+++ b/lib/generate-privkey-ursa.js
@ -4,7 +4,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 'use strict';
-var Keypairs = require('keypairs');
+var Rasha = require('./rasha');
 module.exports = function (bitlen, exp) {
  var ursa;
@ -18,8 +18,8 @@ module.exports = function (bitlen, exp) {
    publicKeyPem: keypair.toPublicPem().toString('ascii').trim()
  , privateKeyPem: keypair.toPrivatePem().toString('ascii').trim()
  };
-  result.publicKeyJwk = Keypairs._importSync({ pem: result.publicKeyPem, public: true });
+  result.publicKeyJwk = Rasha.importSync({ pem: result.publicKeyPem, public: true });
-  result.privateKeyJwk = Keypairs._importSync({ pem: result.privateKeyPem });
+  result.privateKeyJwk = Rasha.importSync({ pem: result.privateKeyPem });
  return result;
 };
--- a/lib/generate-privkey.js
+++ b/lib/generate-privkey.js
@ -20,8 +20,7 @@ module.exports = function (bitlen, exp) {
      return require('./generate-privkey-ursa.js')(bitlen, exp);
    } catch(e) {
      if (e.code !== 'MODULE_NOT_FOUND') {
-        console.error("[rsa-compat] Unexpected error when using 'ursa':");
+        throw e;
        console.error(e);
      }
      if (!oldver) {
        oldver = true;
@ -48,10 +47,11 @@ module.exports = function (bitlen, exp) {
      try {
        return require('./generate-privkey-forge.js')(bitlen, exp);
      } catch(e) {
        if (e.code !== 'MODULE_NOT_FOUND') {
          throw e;
        }
        console.error("[ERROR] rsa-compat: could not generate a private key.");
        console.error("None of crypto.generateKeyPair, ursa, nor node-forge are present");
        console.error("");
        throw e;
      }
    }
  }
--- a/lib/rasha/.drone.yml
+++ b/lib/rasha/.drone.yml
@ -0,0 +1,11 @@
 kind: pipeline
 name: default
 pipeline:
  build:
    image: node
    environment:
      RASHA_TEST_LARGE_KEYS: "true"
    commands:
      - npm install --ignore-scripts
      - npm test
--- a/lib/rasha/.gitignore
+++ b/lib/rasha/.gitignore
@ -0,0 +1 @@
 all.*
--- a/lib/rasha/README.md
+++ b/lib/rasha/README.md
@ -0,0 +1,218 @@
 [Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js) &middot; [![Build Status](https://strong-emu-11.telebit.io/api/badges/coolaj86/rasha.js/status.svg)](https://strong-emu-11.telebit.io/coolaj86/rasha.js)
 =========
 Sponsored by [Root](https://therootcompany.com).
 Built for [ACME.js](https://git.coolaj86.com/coolaj86/acme.js)
 and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js)
 | ~550 lines of code | 3kb gzipped | 10kb minified | 18kb with comments |
 RSA tools. Lightweight. Zero Dependencies. Universal compatibility.
 * [x] Fast and Easy RSA Key Generation
 * [x] PEM-to-JWK
 * [x] JWK-to-PEM
 * [x] SSH "pub" format
 * [ ] ECDSA
  * **Need EC or ECDSA tools?** Check out [Eckles.js](https://git.coolaj86.com/coolaj86/eckles.js)
 ## Generate RSA Key
 Achieves the *fastest possible key generation* using node's native RSA bindings to OpenSSL,
 then converts to JWK for ease-of-use.
 ```
 Rasha.generate({ format: 'jwk' }).then(function (keypair) {
  console.log(keypair.private);
  console.log(keypair.public);
 });
 ```
 **options**
 * `format` defaults to `'jwk'`
  * `'pkcs1'` (traditional)
  * `'pkcs8'` <!-- * `'ssh'` -->
 * `modulusLength` defaults to 2048 (must not be lower)
  * generally you shouldn't pick a larger key size - they're slow
  * **2048** is more than sufficient
  * 3072 is way, way overkill and takes a few seconds to generate
  * 4096 can take about a minute to generate and is just plain wasteful
 **advanced options**
 These options are provided for debugging and should not be used.
 * `publicExponent` defaults to 65537 (`0x10001`)
 ## PEM-to-JWK
 * [x] PKCS#1 (traditional)
 * [x] PKCS#8, SPKI/PKIX
 * [x] 2048-bit, 3072-bit, 4096-bit (and ostensibily all others)
 * [x] SSH (RFC4716), (RFC 4716/SSH2)
 ```js
 var Rasha = require('rasha');
 var pem = require('fs')
  .readFileSync('./node_modles/rasha/fixtures/privkey-rsa-2048.pkcs1.pem', 'ascii');
 Rasha.import({ pem: pem }).then(function (jwk) {
  console.log(jwk);
 });
 ```
 ```js
 {
  "kty": "RSA",
  "n": "m2ttVBxPlWw06ZmGBWVDl...QlEz7UNNj9RGps_50-CNw",
  "e": "AQAB",
  "d": "Cpfo7Mm9Nu8YMC_xrZ54W...Our1IdDzJ_YfHPt9sHMQQ",
  "p": "ynG-t9HwKCN3MWRYFdnFz...E9S4DsGcAarIuOT2TsTCE",
  "q": "xIkAjgUzB1zaUzJtW2Zgv...38ahSrBFEVnxjpnPh1Q1c",
  "dp": "tzDGjECFOU0ehqtuqhcu...dVGAXJoGOdv5VpaZ7B1QE",
  "dq": "kh5dyDk7YCz7sUFbpsmu...aX9PKa12HFlny6K1daL48",
  "qi": "AlHWbx1gp6Z9pbw_1hlS...lhmIOgRApS0t9VoXtHhFU"
 }
 ```
 ## JWK-to-PEM
 * [x] PKCS#1 (traditional)
 * [x] PKCS#8, SPKI/PKIX
 * [x] 2048-bit, 4096-bit (and ostensibily all others)
 * [x] SSH (RFC4716), (RFC 4716/SSH2)
 ```js
 var Rasha = require('rasha');
 var jwk = require('rasha/fixtures/privkey-rsa-2048.jwk.json');
 Rasha.export({ jwk: jwk }).then(function (pem) {
  // PEM in PKCS1 (traditional) format
  console.log(pem);
 });
 ```
 ```
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD
 NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ
 38P8LdAIlb0pqDHxEJ9adWomjuFf.....5cCBahfsiNtNR6WV1/iCSuINYs6uPdA
 Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+
 atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ==
 -----END RSA PRIVATE KEY-----
 ```
 ### Advanced Options
 `format: 'pkcs8'`:
 The default output format `pkcs1` (RSA-specific format) is used for private keys.
 Use `format: 'pkcs8'` to output in PKCS#8 format instead.
 ```js
 Rasha.export({ jwk: jwk, format: 'pkcs8' }).then(function (pem) {
  // PEM in PKCS#8 format
  console.log(pem);
 });
 ```
 ```
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp
 mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo
 6HF5JijfWzK7haHFuRMEsgI4VwIY.....LorV1ovjwKBgAJR1m8dYKemfaW8P9YZ
 Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC
 +nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9
 Q+Z5YZiDoEQKUtLfVaF7R4RV
 -----END PRIVATE KEY-----
 ```
 `format: 'ssh'`:
 Although SSH uses PKCS#1 for private keys, it uses ts own special non-ASN1 format
 (affectionately known as rfc4716) for public keys. I got curious and then decided
 to add this format as well.
 To get the same format as you
 would get with `ssh-keygen`, pass `ssh` as the format option:
 ```js
 Rasha.export({ jwk: jwk, format: 'ssh' }).then(function (pub) {
  // Special SSH2 Public Key format (RFC 4716)
  console.log(pub);
 });
 ```
 ```
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE.....Q02P1Eamz/nT4I3 rsa@localhost
 ```
 `public: 'true'`:
 If a private key is used as input, a private key will be output.
 If you'd like to output a public key instead you can pass `public: true`.
 or `format: 'spki'`.
 ```js
 Rasha.export({ jwk: jwk, public: true }).then(function (pem) {
  // PEM in SPKI/PKIX format
  console.log(pem);
 });
 ```
 ```
 -----BEGIN PUBLIC KEY-----
 MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ
 efLukC+xu0LBKylYojT5vTkxaOhx.....TmzCh2ikrwTMja7mUdBJf2bK3By5AB0
 Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB
 -----END PUBLIC KEY-----
 ```
 Testing
 -------
 All cases are tested in `test.sh`.
 You can compare these keys to the ones that you get from OpenSSL, OpenSSH/ssh-keygen, and WebCrypto:
 ```bash
 # Generate 2048-bit RSA Keypair
 openssl genrsa -out privkey-rsa-2048.pkcs1.pem 2048
 # Convert PKCS1 (traditional) RSA Keypair to PKCS8 format
 openssl rsa -in privkey-rsa-2048.pkcs1.pem -pubout -out pub-rsa-2048.spki.pem
 # Export Public-only RSA Key in PKCS1 (traditional) format
 openssl pkcs8 -topk8 -nocrypt -in privkey-rsa-2048.pkcs1.pem -out privkey-rsa-2048.pkcs8.pem
 # Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format
 openssl rsa -in pub-rsa-2048.spki.pem -pubin -RSAPublicKey_out -out pub-rsa-2048.pkcs1.pem
 # Convert RSA public key to SSH format
 ssh-keygen -f ./pub-rsa-2048.spki.pem -i -mPKCS8 > ./pub-rsa-2048.ssh.pub
 ```
 Goals of this project
 -----
 * Focused support for 2048-bit and 4096-bit RSA keypairs (although any size is technically supported)
 * Zero Dependencies
 * VanillaJS
 * Quality Code: Good comments and tests
 * Convert both ways: PEM-to-JWK and JWK-to-PEM (also supports SSH pub files)
 * Browser support as well (TODO)
 * OpenSSL, ssh-keygen, and WebCrypto compatibility
 Legal
 -----
 [Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js) |
 MPL-2.0 |
 [Terms of Use](https://therootcompany.com/legal/#terms) |
 [Privacy Policy](https://therootcompany.com/legal/#privacy)
--- a/lib/rasha/TODO.txt
+++ b/lib/rasha/TODO.txt
@ -0,0 +1,63 @@
 ACME <- rsa-compat
 unsign csr
 greenlock-ecdsa
 greenlock-ec-pem-to-jwk
 greenlock-ec-jwk-to-pem
 greenlock-ec-ssh-to-jwk
 greenlock-ec-jwk-to-ssh
 greenlock-ec-csr
 greenlock-rsa
 greenlock-rsa-pem-to-jwk
 greenlock-rsa-jwk-to-pem
 greenlock-rsa-ssh-to-jwk
 greenlock-rsa-jwk-to-ssh
 greenlock-rsa-csr
 greenlock-x509
 greenlock-acme
 greenlock-asn1
 greenlock-encoding
 bluecrypt-ecdsa
 bluecrypt-ec-pem-to-jwk
 bluecrypt-ec-jwk-to-pem
 bluecrypt-ec-ssh-to-jwk
 bluecrypt-ec-jwk-to-ssh
 bluecrypt-ec-csr
 bluecrypt-rsa
 bluecrypt-rsa-pem-to-jwk
 bluecrypt-rsa-jwk-to-pem
 bluecrypt-rsa-ssh-to-jwk
 bluecrypt-rsa-jwk-to-ssh
 bluecrypt-rsa-csr
 bluecrypt-ans1
 bluecrypt-x509
 bluecrypt-acme
 bluecrypt-encoding
 keypairs
 asymmetric
 symmetric
 groot-crypto
 broot-crypto
 ** unified openssl commands **
 https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
 https://connect2id.com/products/nimbus-jose-jwt/examples/jwk-generation
 https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
 RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
 }
--- a/lib/rasha/bin/rasha.js
+++ b/lib/rasha/bin/rasha.js
@ -0,0 +1,97 @@
 #!/usr/bin/env node
 'use strict';
 var fs = require('fs');
 var Rasha = require('../index.js');
 var PEM = require('../lib/pem.js');
 var ASN1 = require('../lib/asn1.js');
 var infile = process.argv[2];
 var format = process.argv[3];
 var msg = process.argv[4];
 var sign;
 if ('sign' === format) {
  sign = true;
  format = 'pkcs8';
 }
 if (!infile) {
  infile = 'jwk';
 }
 if (-1 !== [ 'jwk', 'pem', 'json', 'der', 'pkcs1', 'pkcs8', 'spki' ].indexOf(infile)) {
  console.log("Generating new key...");
  Rasha.generate({
    format: infile
  , modulusLength: parseInt(format, 10) || 2048
  , encoding: parseInt(format, 10) ? null : format
  }).then(function (key) {
    if ('der' === infile || 'der' === format) {
      key.private = key.private.toString('binary');
      key.public = key.public.toString('binary');
    }
    console.log(key.private);
    console.log(key.public);
  }).catch(function (err) {
    console.error(err);
    process.exit(1);
  });
  return;
 }
 var key = fs.readFileSync(infile, 'ascii');
 try {
  key = JSON.parse(key);
 } catch(e) {
  // ignore
 }
 if ('string' === typeof key) {
  if ('tpl' === format) {
    var block = PEM.parseBlock(key);
    var asn1 = ASN1.parse(block.der);
    ASN1.tpl(asn1);
    return;
  }
  if (sign) { signMessage(key, msg); return; }
  var pub = (-1 !== [ 'public', 'spki', 'pkix' ].indexOf(format));
  Rasha.import({ pem: key, public: (pub || format) }).then(function (jwk) {
    console.info(JSON.stringify(jwk, null, 2));
  }).catch(function (err) {
    console.error(err);
    process.exit(1);
  });
 } else {
  Rasha.export({ jwk: key, format: format }).then(function (pem) {
    if (sign) { signMessage(pem, msg); return; }
    console.info(pem);
  }).catch(function (err) {
    console.error(err);
    process.exit(2);
  });
 }
 function signMessage(pem, name) {
  var msg;
  try {
    msg = fs.readFileSync(name);
  } catch(e) {
    console.warn("[info] input string did not exist as a file, signing the string itself");
    msg = Buffer.from(name, 'binary');
  }
  var crypto = require('crypto');
  var sign = crypto.createSign('SHA256');
  sign.write(msg)
  sign.end()
  var buf = sign.sign(pem, 'hex');
  console.log(buf);
  //console.log(buf.toString('base64'));
  /*
  Rasha.sign({ pem: pem, message: msg, alg: 'SHA256' }).then(function (sig) {
  }).catch(function () {
    console.error(err);
    process.exit(3);
  });
  */
 }
--- a/lib/rasha/fixtures/privkey-rsa-2048.jwk.json
+++ b/lib/rasha/fixtures/privkey-rsa-2048.jwk.json
@ -0,0 +1,11 @@
 {
  "kty": "RSA",
  "n": "m2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC-xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6-I70on0_iDZm7-jcqOPgADAmbWHhy67BXkk4yy_YzD4yOGZFXZcNp915_TW5bRd__AKPHUHxJasPiyEFqlNKBR2DSD-LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps_50-CNw",
  "e": "AQAB",
  "d": "Cpfo7Mm9Nu8YMC_xrZ54W9mKHPkCG9rZ93Ds9PNp-RXUgb-ljTbFPZWsYxGNKLllFz8LNosr1pT2ZDMrwNk0Af1iWNvD6gkyXaiQdCyiDPSBsJyNv2LJZon-e85X74nv53UlIkmo9SYxdLz2JaJ-iIWEe8Qh-7llLktrTJV_xr98_tbhgSppz_IeOymq3SEZaQHM8pTU7w7XvCj2pb9r8fN0M0XcgWZIaf3LGEfkhF_WtX67XJ0C6-LbkT51jtlLRNGX6haGdscXS0OWWjKOJzKGuV-NbthEn5rmRtVnjRZ3yaxQ0ud8vC-NONn7yvGUlOur1IdDzJ_YfHPt9sHMQQ",
  "p": "ynG-t9HwKCN3MWRYFdnFzi9-02Qcy3p8B5pu3ary2E70hYn2pHlUG2a9BNE8c5xHQ3Hx43WoWf6s0zOunPV1G28LkU_UYEbAtPv_PxSmzpQp9n9XnYvBLBF8Y3z7gxgLn1vVFNARrQdRtj87qY3aw7E9S4DsGcAarIuOT2TsTCE",
  "q": "xIkAjgUzB1zaUzJtW2Zgvp9cYYr1DmpH30ePZl3c_8397_DZDDo46fnFYjs6uPa03HpmKUnbjwr14QHlfXlntJBEuXxcqLjkdKdJ4ob7xueLTK4suo9V8LSrkLChVxlZQwnFD2E5ll0sVeeDeMJHQw38ahSrBFEVnxjpnPh1Q1c",
  "dp": "tzDGjECFOU0ehqtuqhcuT63a7h8hj19-7MJqoFwY9HQ-ALkfXyYLXeBSGxHbyiIYuodZg6LsfMNgUJ3r3Eyhc_nAVfYPEC_2IdAG4WYmq7iXYF9LQV09qEsKbFykm7QekE3hO7wswo5k-q2tp3ieBYdVGAXJoGOdv5VpaZ7B1QE",
  "dq": "kh5dyDk7YCz7sUFbpsmuAeuPjoH2ghooh2u3xN7iUVmAg-ToKjwbVnG5-7eXiC779rQVwnrD_0yh1AFJ8wjRPqDIR7ObXGHikIxT1VSQWqiJm6AfZzDsL0LUD4YS3iPdhob7-NxLKWzqao_u4lhnDQaX9PKa12HFlny6K1daL48",
  "qi": "AlHWbx1gp6Z9pbw_1hlS7HuXAgWoX7IjbTUelldf4gkriDWLOrj3QCZcO4ZvZvEwJhVlsny9LO8IkbwGJEL6cXraK08ByVS2mwQyflgTgGNnpzixyEUL_mrQLx6y145FHcxfeqNInMhep-0Mxn1D5nlhmIOgRApS0t9VoXtHhFU"
 }
--- a/lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem
+++ b/lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD
 NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ
 38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57
 qAZM6+I70on0/iDZm7+jcqOPgADAmbWHhy67BXkk4yy/YzD4yOGZFXZcNp915/TW
 5bRd//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By
 5AB0Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQABAoIBAAqX6OzJvTbvGDAv
 8a2eeFvZihz5Ahva2fdw7PTzafkV1IG/pY02xT2VrGMRjSi5ZRc/CzaLK9aU9mQz
 K8DZNAH9Yljbw+oJMl2okHQsogz0gbCcjb9iyWaJ/nvOV++J7+d1JSJJqPUmMXS8
 9iWifoiFhHvEIfu5ZS5La0yVf8a/fP7W4YEqac/yHjspqt0hGWkBzPKU1O8O17wo
 9qW/a/HzdDNF3IFmSGn9yxhH5IRf1rV+u1ydAuvi25E+dY7ZS0TRl+oWhnbHF0tD
 lloyjicyhrlfjW7YRJ+a5kbVZ40Wd8msUNLnfLwvjTjZ+8rxlJTrq9SHQ8yf2Hxz
 7fbBzEECgYEAynG+t9HwKCN3MWRYFdnFzi9+02Qcy3p8B5pu3ary2E70hYn2pHlU
 G2a9BNE8c5xHQ3Hx43WoWf6s0zOunPV1G28LkU/UYEbAtPv/PxSmzpQp9n9XnYvB
 LBF8Y3z7gxgLn1vVFNARrQdRtj87qY3aw7E9S4DsGcAarIuOT2TsTCECgYEAxIkA
 jgUzB1zaUzJtW2Zgvp9cYYr1DmpH30ePZl3c/8397/DZDDo46fnFYjs6uPa03Hpm
 KUnbjwr14QHlfXlntJBEuXxcqLjkdKdJ4ob7xueLTK4suo9V8LSrkLChVxlZQwnF
 D2E5ll0sVeeDeMJHQw38ahSrBFEVnxjpnPh1Q1cCgYEAtzDGjECFOU0ehqtuqhcu
 T63a7h8hj19+7MJqoFwY9HQ+ALkfXyYLXeBSGxHbyiIYuodZg6LsfMNgUJ3r3Eyh
 c/nAVfYPEC/2IdAG4WYmq7iXYF9LQV09qEsKbFykm7QekE3hO7wswo5k+q2tp3ie
 BYdVGAXJoGOdv5VpaZ7B1QECgYEAkh5dyDk7YCz7sUFbpsmuAeuPjoH2ghooh2u3
 xN7iUVmAg+ToKjwbVnG5+7eXiC779rQVwnrD/0yh1AFJ8wjRPqDIR7ObXGHikIxT
 1VSQWqiJm6AfZzDsL0LUD4YS3iPdhob7+NxLKWzqao/u4lhnDQaX9PKa12HFlny6
 K1daL48CgYACUdZvHWCnpn2lvD/WGVLse5cCBahfsiNtNR6WV1/iCSuINYs6uPdA
 Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+
 atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ==
 -----END RSA PRIVATE KEY-----
--- a/lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem
+++ b/lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem
@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp
 mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo
 6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/R
 JSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZ
 tYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYN
 IP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Ea
 mz/nT4I3AgMBAAECggEACpfo7Mm9Nu8YMC/xrZ54W9mKHPkCG9rZ93Ds9PNp+RXU
 gb+ljTbFPZWsYxGNKLllFz8LNosr1pT2ZDMrwNk0Af1iWNvD6gkyXaiQdCyiDPSB
 sJyNv2LJZon+e85X74nv53UlIkmo9SYxdLz2JaJ+iIWEe8Qh+7llLktrTJV/xr98
 /tbhgSppz/IeOymq3SEZaQHM8pTU7w7XvCj2pb9r8fN0M0XcgWZIaf3LGEfkhF/W
 tX67XJ0C6+LbkT51jtlLRNGX6haGdscXS0OWWjKOJzKGuV+NbthEn5rmRtVnjRZ3
 yaxQ0ud8vC+NONn7yvGUlOur1IdDzJ/YfHPt9sHMQQKBgQDKcb630fAoI3cxZFgV
 2cXOL37TZBzLenwHmm7dqvLYTvSFifakeVQbZr0E0TxznEdDcfHjdahZ/qzTM66c
 9XUbbwuRT9RgRsC0+/8/FKbOlCn2f1edi8EsEXxjfPuDGAufW9UU0BGtB1G2Pzup
 jdrDsT1LgOwZwBqsi45PZOxMIQKBgQDEiQCOBTMHXNpTMm1bZmC+n1xhivUOakff
 R49mXdz/zf3v8NkMOjjp+cViOzq49rTcemYpSduPCvXhAeV9eWe0kES5fFyouOR0
 p0nihvvG54tMriy6j1XwtKuQsKFXGVlDCcUPYTmWXSxV54N4wkdDDfxqFKsEURWf
 GOmc+HVDVwKBgQC3MMaMQIU5TR6Gq26qFy5PrdruHyGPX37swmqgXBj0dD4AuR9f
 Jgtd4FIbEdvKIhi6h1mDoux8w2BQnevcTKFz+cBV9g8QL/Yh0AbhZiaruJdgX0tB
 XT2oSwpsXKSbtB6QTeE7vCzCjmT6ra2neJ4Fh1UYBcmgY52/lWlpnsHVAQKBgQCS
 Hl3IOTtgLPuxQVumya4B64+OgfaCGiiHa7fE3uJRWYCD5OgqPBtWcbn7t5eILvv2
 tBXCesP/TKHUAUnzCNE+oMhHs5tcYeKQjFPVVJBaqImboB9nMOwvQtQPhhLeI92G
 hvv43EspbOpqj+7iWGcNBpf08prXYcWWfLorV1ovjwKBgAJR1m8dYKemfaW8P9YZ
 Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC
 +nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9
 Q+Z5YZiDoEQKUtLfVaF7R4RV
 -----END PRIVATE KEY-----
--- a/lib/rasha/fixtures/pub-rsa-2048.jwk.json
+++ b/lib/rasha/fixtures/pub-rsa-2048.jwk.json
@ -0,0 +1,5 @@
 {
  "kty": "RSA",
  "n": "m2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC-xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6-I70on0_iDZm7-jcqOPgADAmbWHhy67BXkk4yy_YzD4yOGZFXZcNp915_TW5bRd__AKPHUHxJasPiyEFqlNKBR2DSD-LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps_50-CNw",
  "e": "AQAB"
 }
--- a/lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem
+++ b/lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem
@ -0,0 +1,8 @@
 -----BEGIN RSA PUBLIC KEY-----
 MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ
 efLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8
 LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM
 6+I70on0/iDZm7+jcqOPgADAmbWHhy67BXkk4yy/YzD4yOGZFXZcNp915/TW5bRd
 //AKPHUHxJasPiyEFqlNKBR2DSD+LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0
 Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB
 -----END RSA PUBLIC KEY-----
--- a/lib/rasha/fixtures/pub-rsa-2048.spki.pem
+++ b/lib/rasha/fixtures/pub-rsa-2048.spki.pem
@ -0,0 +1,9 @@
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVD
 lfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo
 31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP
 7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6+I70on0/iDZm7+jcqOPgADAmbWHhy67
 BXkk4yy/YzD4yOGZFXZcNp915/TW5bRd//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5
 eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps/50+C
 NwIDAQAB
 -----END PUBLIC KEY-----
--- a/lib/rasha/fixtures/pub-rsa-2048.ssh.pub
+++ b/lib/rasha/fixtures/pub-rsa-2048.ssh.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE+VbDTpmYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/RJSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZtYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYNIP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Eamz/nT4I3 rsa@localhost
--- a/lib/rasha/index.js
+++ b/lib/rasha/index.js
@ -0,0 +1,2 @@
 'use strict';
 module.exports = require('./lib/rasha.js');
--- a/lib/rasha/lib/asn1.js
+++ b/lib/rasha/lib/asn1.js
@ -0,0 +1,235 @@
 'use strict';
 //
 // A dumbed-down, minimal ASN.1 parser / packer combo
 //
 // Note: generally I like to write congruent code
 // (i.e. output can be used as input and vice-versa)
 // However, this seemed to be more readable and easier
 // to use written as-is, asymmetrically.
 // (I also generally prefer to export objects rather
 // functions but, yet again, asthetics one in this case)
 var Enc = require('./encoding.js');
 //
 // Packer
 //
 // Almost every ASN.1 type that's important for CSR
 // can be represented generically with only a few rules.
 var ASN1 = module.exports = function ASN1(/*type, hexstrings...*/) {
  var args = Array.prototype.slice.call(arguments);
  var typ = args.shift();
  var str = args.join('').replace(/\s+/g, '').toLowerCase();
  var len = (str.length/2);
  var lenlen = 0;
  var hex = typ;
  // We can't have an odd number of hex chars
  if (len !== Math.round(len)) {
    throw new Error("invalid hex");
  }
  // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
  // The second byte is either the size of the value, or the size of its size
  // 1. If the second byte is < 0x80 (128) it is considered the size
  // 2. If it is > 0x80 then it describes the number of bytes of the size
  //    ex: 0x82 means the next 2 bytes describe the size of the value
  // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
  if (len > 127) {
    lenlen += 1;
    while (len > 255) {
      lenlen += 1;
      len = len >> 8;
    }
  }
  if (lenlen) { hex += Enc.numToHex(0x80 + lenlen); }
  return hex + Enc.numToHex(str.length/2) + str;
 };
 // The Integer type has some special rules
 ASN1.UInt = function UINT() {
  var str = Array.prototype.slice.call(arguments).join('');
  var first = parseInt(str.slice(0, 2), 16);
  // If the first byte is 0x80 or greater, the number is considered negative
  // Therefore we add a '00' prefix if the 0x80 bit is set
  if (0x80 & first) { str = '00' + str; }
  return ASN1('02', str);
 };
 // The Bit String type also has a special rule
 ASN1.BitStr = function BITSTR() {
  var str = Array.prototype.slice.call(arguments).join('');
  // '00' is a mask of how many bits of the next byte to ignore
  return ASN1('03', '00' + str);
 };
 //
 // Parser
 //
 ASN1.ELOOP = "uASN1.js Error: iterated over 15+ elements (probably a malformed file)";
 ASN1.EDEEP = "uASN1.js Error: element nested 20+ layers deep (probably a malformed file)";
 // Container Types are Sequence 0x30, Octect String 0x04, Array? (0xA0, 0xA1)
 // Value Types are Integer 0x02, Bit String 0x03, Null 0x05, Object ID 0x06,
 // Sometimes Bit String is used as a container (RSA Pub Spki)
 ASN1.VTYPES = [ 0x02, 0x03, 0x05, 0x06, 0x0c, 0x82 ];
 ASN1.parse = function parseAsn1(buf, depth, ws) {
  if (!ws) { ws = ''; }
  if (depth >= 20) { throw new Error(ASN1.EDEEP); }
  var index = 2; // we know, at minimum, data starts after type (0) and lengthSize (1)
  var asn1 = { type: buf[0], lengthSize: 0, length: buf[1] };
  var child;
  var iters = 0;
  var adjust = 0;
  var adjustedLen;
  // Determine how many bytes the length uses, and what it is
  if (0x80 & asn1.length) {
    asn1.lengthSize = 0x7f & asn1.length;
    // I think that buf->hex->int solves the problem of Endianness... not sure
    asn1.length = parseInt(Enc.bufToHex(buf.slice(index, index + asn1.lengthSize)), 16);
    index += asn1.lengthSize;
  }
  // High-order bit Integers have a leading 0x00 to signify that they are positive.
  // Bit Streams use the first byte to signify padding, which x.509 doesn't use.
  if (0x00 === buf[index] && (0x02 === asn1.type || 0x03 === asn1.type)) {
    // However, 0x00 on its own is a valid number
    if (asn1.length > 1) {
      index += 1;
      adjust = -1;
    }
  }
  adjustedLen = asn1.length + adjust;
  //console.warn(ws + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);
  // this is a primitive value type
  if (-1 !== ASN1.VTYPES.indexOf(asn1.type)) {
    asn1.value = buf.slice(index, index + adjustedLen);
    return asn1;
  }
  asn1.children = [];
  //console.warn('1 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', 0);
  while (iters < 15 && index < (2 + asn1.length + asn1.lengthSize)) {
    iters += 1;
    child = ASN1.parse(buf.slice(index, index + adjustedLen), (depth || 0) + 1, ws + '  ');
    // The numbers don't match up exactly and I don't remember why...
    // probably something with adjustedLen or some such, but the tests pass
    index += (2 + child.lengthSize + child.length);
    //console.warn('2 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', (2 + child.lengthSize + child.length));
    if (index > (2 + asn1.lengthSize + asn1.length)) {
      console.error(JSON.stringify(asn1, function (k, v) {
        if ('value' === k) { return '0x' + Enc.bufToHex(v.data); } return v;
      }, 2));
      throw new Error("Parse error: child value length (" + child.length
        + ") is greater than remaining parent length (" + (asn1.length - index)
        + " = " + asn1.length + " - " + index + ")");
    }
    asn1.children.push(child);
    //console.warn(ws + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);
  }
  if (index !== (2 + asn1.lengthSize + asn1.length)) {
    console.warn('index:', index, 'length:', (2 + asn1.lengthSize + asn1.length))
    throw new Error("premature end-of-file");
  }
  if (iters >= 15) { throw new Error(ASN1.ELOOP); }
  return asn1;
 };
 /*
 ASN1._stringify = function(asn1) {
  //console.log(JSON.stringify(asn1, null, 2));
  //console.log(asn1);
  var ws = '';
  function write(asn1) {
    console.log(ws, 'ch', Enc.numToHex(asn1.type), asn1.length);
    if (!asn1.children) {
      return;
    }
    asn1.children.forEach(function (a) {
      ws += '\t';
      write(a);
      ws = ws.slice(1);
    });
  }
  write(asn1);
 };
 */
 ASN1.tpl = function (asn1) {
  //console.log(JSON.stringify(asn1, null, 2));
  //console.log(asn1);
  var sp = '  ';
  var ws = sp;
  var i = 0;
  var vars = [];
  var str = ws;
  function write(asn1, k) {
    str += "\n" + ws;
    var val;
    if ('number' !== typeof k) {
      // ignore
    } else {
      str += ', ';
    }
    if (0x02 === asn1.type) {
      str += "ASN1.UInt(";
    } else if (0x03 === asn1.type) {
      str += "ASN1.BitStr(";
    } else {
      str += "ASN1('" + Enc.numToHex(asn1.type) + "'";
    }
    if (!asn1.children) {
      if (0x05 !== asn1.type) {
        if (0x06 !== asn1.type) {
          val = asn1.value || new Uint8Array(0);
          vars.push("\n// 0x" + Enc.numToHex(val.byteLength) + " (" + val.byteLength + " bytes)\nopts.tpl" + i + " = '"
            + Enc.bufToHex(val) + "';");
          if (0x02 !== asn1.type && 0x03 !== asn1.type) {
            str += ", ";
          }
          str += "Enc.bufToHex(opts.tpl" + i + ")";
        } else {
          str += ", '" + Enc.bufToHex(asn1.value) + "'";
        }
      } else {
        console.warn("XXXXXXXXXXXXXXXXXXXXX");
      }
      str += ")";
      return ;
    }
    asn1.children.forEach(function (a, j) {
      i += 1;
      ws += sp;
      write(a, j);
      ws = ws.slice(sp.length);
    });
    str += "\n" + ws + ")";
  }
  write(asn1);
  console.log('var opts = {};');
  console.log(vars.join('\n') + '\n');
  console.log();
  console.log('function buildSchema(opts) {');
  console.log(sp + 'return Enc.hexToBuf(' + str.slice(3) + ');');
  console.log('}');
  console.log();
  console.log('buildSchema(opts);');
 };
 module.exports = ASN1;
--- a/lib/rasha/lib/encoding.js
+++ b/lib/rasha/lib/encoding.js
@ -0,0 +1,104 @@
 'use strict';
 var Enc = module.exports;
 Enc.base64ToBuf = function (str) {
  // always convert from urlsafe base64, just in case
  //return Buffer.from(Enc.urlBase64ToBase64(str)).toString('base64');
  // node handles urlBase64 automatically
  return Buffer.from(str, 'base64');
 };
 Enc.base64ToHex = function (b64) {
  return Enc.bufToHex(Enc.base64ToBuf(b64));
 };
 Enc.bufToBase64 = function (u8) {
  // we want to maintain api compatability with browser APIs,
  // so we assume that this could be a Uint8Array
  return Buffer.from(u8).toString('base64');
 };
 /*
 Enc.bufToUint8 = function bufToUint8(buf) {
  return new Uint8Array(buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength));
 };
 */
 Enc.bufToUrlBase64 = function (u8) {
  return Enc.bufToBase64(u8)
    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
 };
 Enc.bufToHex = function (u8) {
  var hex = [];
  var i, h;
  var len = (u8.byteLength || u8.length);
  for (i = 0; i < len; i += 1) {
    h = u8[i].toString(16);
    if (2 !== h.length) { h = '0' + h; }
    hex.push(h);
  }
  return hex.join('').toLowerCase();
 };
 Enc.hexToBase64 = function (hex) {
  return Buffer.from(hex, 'hex').toString('base64');
 };
 Enc.hexToBuf = function (hex) {
  return Buffer.from(hex, 'hex');
 };
 Enc.numToHex = function (d) {
  d = d.toString(16);
  if (d.length % 2) {
    return '0' + d;
  }
  return d;
 };
 /*
 Enc.strToBase64 = function (str) {
  // node automatically can tell the difference
  // between uc2 (utf-8) strings and binary strings
  // so we don't have to re-encode the strings
  return Buffer.from(str).toString('base64');
 };
 */
 /*
 Enc.strToBin = function (str) {
  var escstr = encodeURIComponent(str);
  // replaces any uri escape sequence, such as %0A,
  // with binary escape, such as 0x0A
  var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) {
    return String.fromCharCode(parseInt(p1, 16));
  });
  return binstr;
 };
 */
 Enc.strToBuf = function (str) {
  return Buffer.from(str);
 };
 Enc.strToHex = function (str) {
  return Buffer.from(str).toString('hex');
 };
 /*
 Enc.urlBase64ToBase64 = function (str) {
  var r = str % 4;
  if (2 === r) {
    str += '==';
  } else if (3 === r) {
    str += '=';
  }
  return str.replace(/-/g, '+').replace(/_/g, '/');
 };
 */
--- a/lib/rasha/lib/pem.js
+++ b/lib/rasha/lib/pem.js
@ -0,0 +1,28 @@
 'use strict';
 var PEM = module.exports;
 var Enc = require('./encoding.js');
 PEM.parseBlock = function pemToDer(pem) {
  var lines = pem.trim().split(/\n/);
  var end = lines.length - 1;
  var head = lines[0].match(/-----BEGIN (.*)-----/);
  var foot = lines[end].match(/-----END (.*)-----/);
  if (head) {
    lines = lines.slice(1, end);
    head = head[1];
    if (head !== foot[1]) {
      throw new Error("headers and footers do not match");
    }
  }
  return { type: head, bytes: Enc.base64ToBuf(lines.join('')) };
 };
 PEM.packBlock = function (opts) {
  return '-----BEGIN ' + opts.type + '-----\n'
    + Enc.bufToBase64(opts.bytes).match(/.{1,64}/g).join('\n') + '\n'
    + '-----END ' + opts.type + '-----'
  ;
 };
--- a/lib/rasha/lib/rasha.js
+++ b/lib/rasha/lib/rasha.js
@ -0,0 +1,204 @@
 'use strict';
 var RSA = module.exports;
 var SSH = require('./ssh.js');
 var PEM = require('./pem.js');
 var x509 = require('./x509.js');
 var ASN1 = require('./asn1.js');
 /*global Promise*/
 RSA.generate = function (opts) {
  return Promise.resolve().then(function () {
    var typ = 'rsa';
    var format = opts.format;
    var encoding = opts.encoding;
    var priv;
    var pub;
    if (!format) {
      format = 'jwk';
    }
    if ('spki' === format || 'pkcs8' === format) {
      format = 'pkcs8';
      pub = 'spki';
    }
    if ('pem' === format) {
      format = 'pkcs1';
      encoding = 'pem';
    } else if ('der' === format) {
      format = 'pkcs1';
      encoding = 'der';
    }
    if ('jwk' === format || 'json' === format) {
      format = 'jwk';
      encoding = 'json';
    } else {
      priv = format;
      pub = pub || format;
    }
    if (!encoding) {
      encoding = 'pem';
    }
    if (priv) {
      priv = { type: priv, format: encoding };
      pub = { type: pub, format: encoding };
    } else {
      // jwk
      priv = { type: 'pkcs1', format: 'pem' };
      pub = { type: 'pkcs1', format: 'pem' };
    }
    return new Promise(function (resolve, reject) {
      return require('crypto').generateKeyPair(typ, {
        modulusLength: opts.modulusLength || 2048
      , publicExponent: opts.publicExponent || 0x10001
      , privateKeyEncoding: priv
      , publicKeyEncoding: pub
      }, function (err, pubkey, privkey) {
        if (err) { reject(err); }
        resolve({
          private: privkey
        , public: pubkey
        });
      });
    }).then(function (keypair) {
      if ('jwk' !== format) {
        return keypair;
      }
      return {
        private: RSA.importSync({ pem: keypair.private, format: priv.type })
      , public: RSA.importSync({ pem: keypair.public, format: pub.type, public: true })
      };
    });
  });
 };
 RSA.importSync = function (opts) {
  if (!opts || !opts.pem || 'string' !== typeof opts.pem) {
    throw new Error("must pass { pem: pem } as a string");
  }
  var jwk = { kty: 'RSA', n: null, e: null };
  if (0 === opts.pem.indexOf('ssh-rsa ')) {
    return SSH.parse(opts.pem, jwk);
  }
  var pem = opts.pem;
  var block = PEM.parseBlock(pem);
  //var hex = toHex(u8);
  var asn1 = ASN1.parse(block.bytes);
  var meta = x509.guess(block.bytes, asn1);
  if ('pkcs1' === meta.format) {
    jwk = x509.parsePkcs1(block.bytes, asn1, jwk);
  } else {
    jwk = x509.parsePkcs8(block.bytes, asn1, jwk);
  }
  if (opts.public) {
    jwk = RSA.nueter(jwk);
  }
  return jwk;
 };
 RSA.parse = function parseRsa(opts) {
  // wrapped in a promise for API compatibility
  // with the forthcoming browser version
  // (and potential future native node capability)
  return Promise.resolve().then(function () {
    return RSA.importSync(opts);
  });
 };
 RSA.toJwk = RSA.import = RSA.parse;
 /*
 RSAPrivateKey ::= SEQUENCE {
  version           Version,
  modulus           INTEGER,  -- n
  publicExponent    INTEGER,  -- e
  privateExponent   INTEGER,  -- d
  prime1            INTEGER,  -- p
  prime2            INTEGER,  -- q
  exponent1         INTEGER,  -- d mod (p-1)
  exponent2         INTEGER,  -- d mod (q-1)
  coefficient       INTEGER,  -- (inverse of q) mod p
  otherPrimeInfos   OtherPrimeInfos OPTIONAL
 }
 */
 RSA.exportSync = function (opts) {
  if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {
    throw new Error("must pass { jwk: jwk }");
  }
  var jwk = JSON.parse(JSON.stringify(opts.jwk));
  var format = opts.format;
  var pub = opts.public;
  if (pub || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) {
    jwk = RSA.nueter(jwk);
  }
  if ('RSA' !== jwk.kty) {
    throw new Error("options.jwk.kty must be 'RSA' for RSA keys");
  }
  if (!jwk.p) {
    // TODO test for n and e
    pub = true;
    if (!format || 'pkcs1' === format) {
      format = 'pkcs1';
    } else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
      format = 'spki';
    } else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
      format = 'ssh';
    } else {
      throw new Error("options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not ("
        + typeof format + ") " + format);
    }
  } else {
    // TODO test for all necessary keys (d, p, q ...)
    if (!format || 'pkcs1' === format) {
      format = 'pkcs1';
    } else if ('pkcs8' !== format) {
      throw new Error("options.format must be 'pkcs1' or 'pkcs8' for private RSA keys");
    }
  }
  if ('pkcs1' === format) {
    if (jwk.d) {
      return PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: x509.packPkcs1(jwk) });
    } else {
      return PEM.packBlock({ type: "RSA PUBLIC KEY", bytes: x509.packPkcs1(jwk) });
    }
  } else if ('pkcs8' === format) {
    return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) });
  } else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
    return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) });
  } else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
    return SSH.pack({ jwk: jwk, comment: opts.comment });
  } else {
    throw new Error("Sanity Error: reached unreachable code block with format: " + format);
  }
 };
 RSA.pack = function (opts) {
  // wrapped in a promise for API compatibility
  // with the forthcoming browser version
  // (and potential future native node capability)
  return Promise.resolve().then(function () {
    return RSA.exportSync(opts);
  });
 };
 RSA.toPem = RSA.export = RSA.pack;
 // snip the _private_ parts... hAHAHAHA!
 RSA.nueter = function (jwk) {
  // (snip rather than new object to keep potential extra data)
  // otherwise we could just do this:
  // return { kty: jwk.kty, n: jwk.n, e: jwk.e };
  [ 'p', 'q', 'd', 'dp', 'dq', 'qi' ].forEach(function (key) {
    if (key in jwk) { jwk[key] = undefined; }
    return jwk;
  });
  return jwk;
 };
--- a/lib/rasha/lib/ssh.js
+++ b/lib/rasha/lib/ssh.js
@ -0,0 +1,80 @@
 'use strict';
 var SSH = module.exports;
 var Enc = require('./encoding.js');
              //  7  s  s  h  -  r  s  a
 SSH.RSA = '00000007 73 73 68 2d 72 73 61'.replace(/\s+/g, '').toLowerCase();
 SSH.parse = function (pem, jwk) {
  var parts = pem.split(/\s+/);
  var buf = Enc.base64ToBuf(parts[1]);
  var els = [];
  var index = 0;
  var len;
  var i = 0;
  var offset = (buf.byteOffset || 0);
  // using dataview to be browser-compatible (I do want _some_ code reuse)
  var dv = new DataView(buf.buffer.slice(offset, offset + buf.byteLength));
  var el;
  if (SSH.RSA !== Enc.bufToHex(buf.slice(0, SSH.RSA.length/2))) {
    throw new Error("does not lead with ssh header");
  }
  while (index < buf.byteLength) {
    i += 1;
    if (i > 3) { throw new Error("15+ elements, probably not a public ssh key"); }
    len = dv.getUint32(index, false);
    index += 4;
    el = buf.slice(index, index + len);
    // remove BigUInt '00' prefix
    if (0x00 === el[0]) {
      el = el.slice(1);
    }
    els.push(el);
    index += len;
  }
  jwk.n = Enc.bufToUrlBase64(els[2]);
  jwk.e = Enc.bufToUrlBase64(els[1]);
  return jwk;
 };
 SSH.pack = function (opts) {
  var jwk = opts.jwk;
  var header = 'ssh-rsa';
  var comment = opts.comment || 'rsa@localhost';
  var e = SSH._padHexInt(Enc.base64ToHex(jwk.e));
  var n = SSH._padHexInt(Enc.base64ToHex(jwk.n));
  var hex = [
    SSH._numToUint32Hex(header.length)
  , Enc.strToHex(header)
  , SSH._numToUint32Hex(e.length/2)
  , e
  , SSH._numToUint32Hex(n.length/2)
  , n
  ].join('');
  return [ header, Enc.hexToBase64(hex), comment ].join(' ');
 };
 SSH._numToUint32Hex = function (num) {
  var hex = num.toString(16);
  while (hex.length < 8) {
    hex = '0' + hex;
  }
  return hex;
 };
 SSH._padHexInt = function (hex) {
  // BigInt is negative if the high order bit 0x80 is set,
  // so ASN1, SSH, and many other formats pad with '0x00'
  // to signifiy a positive number.
  var i = parseInt(hex.slice(0, 2), 16);
  if (0x80 & i) {
    return '00' + hex;
  }
  return hex;
 };
--- a/lib/rasha/lib/telemetry.js
+++ b/lib/rasha/lib/telemetry.js
@ -0,0 +1,111 @@
 'use strict';
 // We believe in a proactive approach to sustainable open source.
 // As part of that we make it easy for you to opt-in to following our progress
 // and we also stay up-to-date on telemetry such as operating system and node
 // version so that we can focus our efforts where they'll have the greatest impact.
 //
 // Want to learn more about our Terms, Privacy Policy, and Mission?
 // Check out https://therootcompany.com/legal/
 var os = require('os');
 var crypto = require('crypto');
 var https = require('https');
 var pkg = require('../package.json');
 // to help focus our efforts in the right places
 var data = {
  package: pkg.name
 , version: pkg.version
 , node: process.version
 , arch: process.arch || os.arch()
 , platform: process.platform || os.platform()
 , release: os.release()
 };
 function addCommunityMember(opts) {
  setTimeout(function () {
    var req = https.request({
      hostname: 'api.therootcompany.com'
    , port: 443
    , path: '/api/therootcompany.com/public/community'
    , method: 'POST'
    , headers: { 'Content-Type': 'application/json' }
    }, function (resp) {
      // let the data flow, so we can ignore it
      resp.on('data', function () {});
      //resp.on('data', function (chunk) { console.log(chunk.toString()); });
      resp.on('error', function () { /*ignore*/ });
      //resp.on('error', function (err) { console.error(err); });
    });
    var obj = JSON.parse(JSON.stringify(data));
    obj.action = 'updates';
    try {
      obj.ppid = ppid(obj.action);
    } catch(e) {
      // ignore
      //console.error(e);
    }
    obj.name = opts.name || undefined;
    obj.address = opts.email;
    obj.community = 'node.js@therootcompany.com';
    req.write(JSON.stringify(obj, 2, null));
    req.end();
    req.on('error', function () { /*ignore*/ });
    //req.on('error', function (err) { console.error(err); });
  }, 50);
 }
 function ping(action) {
  setTimeout(function () {
    var req = https.request({
      hostname: 'api.therootcompany.com'
    , port: 443
    , path: '/api/therootcompany.com/public/ping'
    , method: 'POST'
    , headers: { 'Content-Type': 'application/json' }
    }, function (resp) {
      // let the data flow, so we can ignore it
      resp.on('data', function () { });
      //resp.on('data', function (chunk) { console.log(chunk.toString()); });
      resp.on('error', function () { /*ignore*/ });
      //resp.on('error', function (err) { console.error(err); });
    });
    var obj = JSON.parse(JSON.stringify(data));
    obj.action = action;
    try {
      obj.ppid = ppid(obj.action);
    } catch(e) {
      // ignore
      //console.error(e);
    }
    req.write(JSON.stringify(obj, 2, null));
    req.end();
    req.on('error', function (/*e*/) { /*console.error('req.error', e);*/ });
  }, 50);
 }
 // to help identify unique installs without getting
 // the personally identifiable info that we don't want
 function ppid(action) {
  var parts = [ action, data.package, data.version, data.node, data.arch, data.platform, data.release ];
  var ifaces = os.networkInterfaces();
  Object.keys(ifaces).forEach(function (ifname) {
    if (/^en/.test(ifname) || /^eth/.test(ifname) || /^wl/.test(ifname)) {
      if  (ifaces[ifname] && ifaces[ifname].length) {
        parts.push(ifaces[ifname][0].mac);
      }
    }
  });
  return crypto.createHash('sha1').update(parts.join(',')).digest('base64');
 }
 module.exports.ping = ping;
 module.exports.joinCommunity = addCommunityMember;
 if (require.main === module) {
  ping('install');
  //addCommunityMember({ name: "AJ ONeal", email: 'coolaj86@gmail.com' });
 }
--- a/lib/rasha/lib/x509.js
+++ b/lib/rasha/lib/x509.js
@ -0,0 +1,153 @@
 'use strict';
 var x509 = module.exports;
 var ASN1 = require('./asn1.js');
 var Enc = require('./encoding.js');
 x509.guess = function (der, asn1) {
  // accepting der for compatability with other usages
  var meta = { kty: 'RSA', format: 'pkcs1', public: true };
  //meta.asn1 = ASN1.parse(u8);
  if (asn1.children.every(function(el) {
    return 0x02 === el.type;
  })) {
    if (2 === asn1.children.length) {
      // rsa pkcs1 public
      return meta;
    } else if (asn1.children.length >= 9) {
      // the standard allows for "otherPrimeInfos", hence at least 9
      meta.public = false;
      // rsa pkcs1 private
      return meta;
    } else {
      throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)");
    }
  } else {
    meta.format = 'pkcs8';
  }
  return meta;
 };
 x509.parsePkcs1 = function parseRsaPkcs1(buf, asn1, jwk) {
  if (!asn1.children.every(function(el) {
    return 0x02 === el.type;
  })) {
    throw new Error("not an RSA PKCS#1 public or private key (not all ints)");
  }
  if (2 === asn1.children.length) {
    jwk.n = Enc.bufToUrlBase64(asn1.children[0].value);
    jwk.e = Enc.bufToUrlBase64(asn1.children[1].value);
    return jwk;
  } else if (asn1.children.length >= 9) {
    // the standard allows for "otherPrimeInfos", hence at least 9
    jwk.n = Enc.bufToUrlBase64(asn1.children[1].value);
    jwk.e = Enc.bufToUrlBase64(asn1.children[2].value);
    jwk.d = Enc.bufToUrlBase64(asn1.children[3].value);
    jwk.p = Enc.bufToUrlBase64(asn1.children[4].value);
    jwk.q = Enc.bufToUrlBase64(asn1.children[5].value);
    jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
    jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
    jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
    return jwk;
  } else {
    throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)");
  }
 };
 x509.parsePkcs8 = function parseRsaPkcs8(buf, asn1, jwk) {
  if (2 === asn1.children.length
    && 0x03 === asn1.children[1].type
    && 0x30 === asn1.children[1].value[0]) {
    asn1 = ASN1.parse(asn1.children[1].value);
    jwk.n = Enc.bufToUrlBase64(asn1.children[0].value);
    jwk.e = Enc.bufToUrlBase64(asn1.children[1].value);
  } else if (3 === asn1.children.length
    && 0x04 === asn1.children[2].type
    && 0x30 === asn1.children[2].children[0].type
    && 0x02 === asn1.children[2].children[0].children[0].type) {
    asn1 = asn1.children[2].children[0];
    jwk.n = Enc.bufToUrlBase64(asn1.children[1].value);
    jwk.e = Enc.bufToUrlBase64(asn1.children[2].value);
    jwk.d = Enc.bufToUrlBase64(asn1.children[3].value);
    jwk.p = Enc.bufToUrlBase64(asn1.children[4].value);
    jwk.q = Enc.bufToUrlBase64(asn1.children[5].value);
    jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value);
    jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value);
    jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value);
  } else {
    throw new Error("not an RSA PKCS#8 public or private key (wrong format)");
  }
  return jwk;
 };
 x509.packPkcs1 = function (jwk) {
  var n = ASN1.UInt(Enc.base64ToHex(jwk.n));
  var e = ASN1.UInt(Enc.base64ToHex(jwk.e));
  if (!jwk.d) {
    return Enc.hexToBuf(ASN1('30', n, e));
  }
  return Enc.hexToBuf(ASN1('30'
  , ASN1.UInt('00')
  , n
  , e
  , ASN1.UInt(Enc.base64ToHex(jwk.d))
  , ASN1.UInt(Enc.base64ToHex(jwk.p))
  , ASN1.UInt(Enc.base64ToHex(jwk.q))
  , ASN1.UInt(Enc.base64ToHex(jwk.dp))
  , ASN1.UInt(Enc.base64ToHex(jwk.dq))
  , ASN1.UInt(Enc.base64ToHex(jwk.qi))
  ));
 };
 x509.packPkcs8 = function (jwk) {
  if (!jwk.d) {
    // Public RSA
    return Enc.hexToBuf(ASN1('30'
      , ASN1('30'
        , ASN1('06', '2a864886f70d010101')
        , ASN1('05')
      )
      , ASN1.BitStr(ASN1('30'
        , ASN1.UInt(Enc.base64ToHex(jwk.n))
        , ASN1.UInt(Enc.base64ToHex(jwk.e))
      ))
    ));
  }
  // Private RSA
  return Enc.hexToBuf(ASN1('30'
    , ASN1.UInt('00')
    , ASN1('30'
      , ASN1('06', '2a864886f70d010101')
      , ASN1('05')
    )
    , ASN1('04'
      , ASN1('30'
        , ASN1.UInt('00')
        , ASN1.UInt(Enc.base64ToHex(jwk.n))
        , ASN1.UInt(Enc.base64ToHex(jwk.e))
        , ASN1.UInt(Enc.base64ToHex(jwk.d))
        , ASN1.UInt(Enc.base64ToHex(jwk.p))
        , ASN1.UInt(Enc.base64ToHex(jwk.q))
        , ASN1.UInt(Enc.base64ToHex(jwk.dp))
        , ASN1.UInt(Enc.base64ToHex(jwk.dq))
        , ASN1.UInt(Enc.base64ToHex(jwk.qi))
      )
    )
  ));
 };
 x509.packSpki = x509.packPkcs8;
--- a/lib/rasha/package.json
+++ b/lib/rasha/package.json
@ -0,0 +1,40 @@
 {
  "name": "rasha",
  "version": "1.1.0",
  "description": "💯 PEM-to-JWK and JWK-to-PEM for RSA keys in a lightweight, zero-dependency library focused on perfect universal compatibility.",
  "homepage": "https://git.coolaj86.com/coolaj86/rasha.js",
  "main": "index.js",
  "bin": {
    "rasha": "bin/rasha.js"
  },
  "files": [
    "bin",
    "fixtures",
    "lib"
  ],
  "directories": {
    "lib": "lib"
  },
  "scripts": {
    "postinstall": "node lib/telemetry.js event:install",
    "test": "bash test.sh"
  },
  "repository": {
    "type": "git",
    "url": "https://git.coolaj86.com/coolaj86/rasha.js"
  },
  "keywords": [
    "zero-dependency",
    "PEM-to-JWK",
    "JWK-to-PEM",
    "RSA",
    "2048",
    "4096",
    "asn1",
    "x509",
    "JWK-to-SSH",
    "PEM-to-SSH"
  ],
  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
  "license": "MPL-2.0"
 }
--- a/lib/rasha/test.js
+++ b/lib/rasha/test.js
@ -0,0 +1,6 @@
 var Rasha = require('./');
 var pem = require('fs').readFileSync(process.argv[2], 'ascii');
 var jwk = Rasha.importSync({ pem: pem });
 console.log(Buffer.from(jwk.n, 'base64').byteLength);
--- a/lib/rasha/test.sh
+++ b/lib/rasha/test.sh
@ -0,0 +1,172 @@
 #!/bin/bash
 # cause errors to hard-fail
 # (and diff non-0 exit status will cause failure)
 set -e
 pemtojwk() {
 	keyid=$1
  if [ -z "$keyid" ]; then
    echo ""
    echo "Testing PEM-to-JWK PKCS#1"
  fi
 	#
 	node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \
    > ./fixtures/privkey-rsa-2048.jwk.1.json
 	diff ./fixtures/privkey-rsa-2048.jwk.${keyid}json ./fixtures/privkey-rsa-2048.jwk.1.json
 	#
 	node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem \
    > ./fixtures/pub-rsa-2048.jwk.1.json
 	diff ./fixtures/pub-rsa-2048.jwk.${keyid}json ./fixtures/pub-rsa-2048.jwk.1.json
  if [ -z "$keyid" ]; then
    echo "Pass"
  fi
  if [ -z "$keyid" ]; then
    echo ""
    echo "Testing PEM-to-JWK PKCS#8"
  fi
 	#
 	node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs8.${keyid}pem \
    > ./fixtures/privkey-rsa-2048.jwk.1.json
 	diff ./fixtures/privkey-rsa-2048.jwk.${keyid}json ./fixtures/privkey-rsa-2048.jwk.1.json
 	#
 	node bin/rasha.js ./fixtures/pub-rsa-2048.spki.${keyid}pem \
    > ./fixtures/pub-rsa-2048.jwk.1.json
 	diff ./fixtures/pub-rsa-2048.jwk.${keyid}json ./fixtures/pub-rsa-2048.jwk.1.json
  if [ -z "$keyid" ]; then
    echo "Pass"
  fi
 }
 jwktopem() {
 	keyid=$1
  if [ -z "$keyid" ]; then
    echo ""
    echo "Testing JWK-to-PEM PKCS#1"
  fi
 	#
 	node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json pkcs1 \
    > ./fixtures/privkey-rsa-2048.pkcs1.1.pem
 	diff ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem ./fixtures/privkey-rsa-2048.pkcs1.1.pem
 	#
 	node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json pkcs1 \
    > ./fixtures/pub-rsa-2048.pkcs1.1.pem
 	diff ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem ./fixtures/pub-rsa-2048.pkcs1.1.pem
  if [ -z "$keyid" ]; then
    echo "Pass"
  fi
  if [ -z "$keyid" ]; then
    echo ""
    echo "Testing JWK-to-PEM PKCS#8"
  fi
 	#
 	node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json pkcs8 \
    > ./fixtures/privkey-rsa-2048.pkcs8.1.pem
 	diff ./fixtures/privkey-rsa-2048.pkcs8.${keyid}pem ./fixtures/privkey-rsa-2048.pkcs8.1.pem
 	#
 	node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json spki \
    > ./fixtures/pub-rsa-2048.spki.1.pem
 	diff ./fixtures/pub-rsa-2048.spki.${keyid}pem ./fixtures/pub-rsa-2048.spki.1.pem
  if [ -z "$keyid" ]; then
    echo "Pass"
  fi
  if [ -z "$keyid" ]; then
    echo ""
    echo "Testing JWK-to-SSH"
  fi
 	#
 	node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json ssh > ./fixtures/pub-rsa-2048.ssh.1.pub
 	diff ./fixtures/pub-rsa-2048.ssh.${keyid}pub ./fixtures/pub-rsa-2048.ssh.1.pub
 	#
 	node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json ssh > ./fixtures/pub-rsa-2048.ssh.1.pub
 	diff ./fixtures/pub-rsa-2048.ssh.${keyid}pub ./fixtures/pub-rsa-2048.ssh.1.pub
  if [ -z "$keyid" ]; then
    echo "Pass"
  fi
 }
 rndkey() {
 	keyid="rnd.1."
  keysize=$1
 	# Generate 2048-bit RSA Keypair
 	openssl genrsa -out fixtures/privkey-rsa-2048.pkcs1.${keyid}pem $keysize
 	# Convert PKCS1 (traditional) RSA Keypair to PKCS8 format
 	openssl rsa -in fixtures/privkey-rsa-2048.pkcs1.${keyid}pem -pubout \
    -out fixtures/pub-rsa-2048.spki.${keyid}pem
 	# Export Public-only RSA Key in PKCS1 (traditional) format
 	openssl pkcs8 -topk8 -nocrypt -in fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \
    -out fixtures/privkey-rsa-2048.pkcs8.${keyid}pem
 	# Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format
 	openssl rsa -in fixtures/pub-rsa-2048.spki.${keyid}pem -pubin -RSAPublicKey_out \
    -out fixtures/pub-rsa-2048.pkcs1.${keyid}pem
 	# Convert RSA public key to SSH format
  sshpub=$(ssh-keygen -f fixtures/pub-rsa-2048.spki.${keyid}pem -i -mPKCS8)
  echo "$sshpub rsa@localhost" > fixtures/pub-rsa-2048.ssh.${keyid}pub
  # to JWK
 	node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \
    > ./fixtures/privkey-rsa-2048.jwk.${keyid}json
 	node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem \
    > ./fixtures/pub-rsa-2048.jwk.${keyid}json
  pemtojwk "$keyid"
  jwktopem "$keyid"
 }
 pemtojwk ""
 jwktopem ""
 echo ""
 echo "testing node key generation"
 node bin/rasha.js > /dev/null
 node bin/rasha.js jwk > /dev/null
 node bin/rasha.js json 2048 > /dev/null
 node bin/rasha.js der > /dev/null
 node bin/rasha.js pkcs8 der > /dev/null
 node bin/rasha.js pem > /dev/null
 node bin/rasha.js pkcs1 pem > /dev/null
 node bin/rasha.js spki > /dev/null
 echo "PASS"
 echo ""
 echo ""
 echo "Re-running tests with random keys of varying sizes"
 echo ""
 # commented out sizes below 512, since they are below minimum size on some systems.
 # rndkey 32 # minimum key size
 # rndkey 64
 # rndkey 128
 # rndkey 256
 rndkey 512
 rndkey 768
 rndkey 1024
 rndkey 2048 # first secure key size
 if [ "${RASHA_TEST_LARGE_KEYS}" == "true" ]; then 
  rndkey 3072
  rndkey 4096 # largest reasonable key size
 else
  echo ""
  echo "Note:"
  echo "Keys larger than 2048 have been tested and work, but are omitted from automated tests to save time."
  echo "Set RASHA_TEST_LARGE_KEYS=true to enable testing of keys up to 4096."
 fi
 echo ""
 echo "Pass"
 rm fixtures/*.1.*
 echo ""
 echo ""
 echo "PASSED:"
 echo "• All inputs produced valid outputs"
 echo "• All outputs matched known-good values"
 echo "• All random tests passed reciprosity"
--- a/lib/rsa-csr/README.md
+++ b/lib/rsa-csr/README.md
@ -171,7 +171,7 @@ Rather than trying to make a generic implementation that works with everything u
 this library is intentionally focused on around the use case of generating certificates for
 ACME services (such as Let's Encrypt).
-That said, [please tell me](https://git.coolaj86.com/coolaj86/rsa-csr.js/issues/new) if it doesn't
+That said, [please tell me](https://git.coolaj86.com/coolaj86/rsa-csr.js/issues) if it doesn't
 do what you need, it may make sense to add it (or otherwise, perhaps to help you create a fork).
 The primary goal of this project is for this code to do exactly (and all of)
--- a/lib/rsa-csr/bin/rsa-csr.js
+++ b/lib/rsa-csr/bin/rsa-csr.js
@ -15,13 +15,9 @@ try {
  // ignore
 }
-var csr = rsacsr.sync({ key: key, domains: domains });
+rsacsr({ key: key, domains: domains }).then(function (csr) {
 console.log(csr);
 /*
 .then(function (csr) {
  // Using error so that we can redirect stdout to file
  //console.error("CN=" + domains[0]);
  //console.error("subjectAltName=" + domains.join(','));
  console.log(csr);
 });
 */
--- a/lib/rsa-csr/lib/csr.js
+++ b/lib/rsa-csr/lib/csr.js
@ -136,14 +136,14 @@ CSR.toDer = function encode(opts) {
 RSA.signSync = function signRsaSync(keypem, ab) {
  // Signer is a stream
  var sign = crypto.createSign('SHA256');
-  sign.write(ab);
+  sign.write(new Uint8Array(ab));
  sign.end();
  // The signature is ASN1 encoded, as it turns out
  var sig = sign.sign(keypem);
  // Convert to a JavaScript ArrayBuffer just because
-  return sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength);
+  return new Uint8Array(sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength));
 };
 RSA.sign = function signRsa(keypem, ab) {
  return Promise.resolve().then(function () {
--- a/lib/rsa-csr/package.json
+++ b/lib/rsa-csr/package.json
@ -1,34 +1,64 @@
 {
  "_from": "rsa-csr",
  "_id": "rsa-csr@1.0.5",
  "_inBundle": false,
  "_integrity": "sha512-rmQY0RmcpLdsXEJgE1S2xBam09YVggDIqBGCJNFkhD6ONkmpSGjZ+28J6gWy+ygKHHgC7Z+OpzDLVQYowOte3A==",
  "_location": "/rsa-csr",
  "_phantomChildren": {},
  "_requested": {
    "type": "tag",
    "registry": true,
    "raw": "rsa-csr",
    "name": "rsa-csr",
-  "version": "1.0.7",
+    "escapedName": "rsa-csr",
-  "description": "💯 A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!",
+    "rawSpec": "",
-  "homepage": "https://git.coolaj86.com/coolaj86/rsa-csr.js",
+    "saveSpec": null,
-  "main": "index.js",
+    "fetchSpec": "latest"
  },
  "_requiredBy": [
    "#USER",
    "/"
  ],
  "_resolved": "https://registry.npmjs.org/rsa-csr/-/rsa-csr-1.0.5.tgz",
  "_shasum": "ac427ae3aa16089f5f26fc93047a7d2d844b0bf4",
  "_spec": "rsa-csr",
  "_where": "/Volumes/Data/git.coolaj86.com/coolaj86/rsa-compat.js",
  "author": {
    "name": "AJ ONeal",
    "email": "coolaj86@gmail.com",
    "url": "https://coolaj86.com/"
  },
  "bin": {
    "rsa-csr": "bin/rsa-csr.js"
  },
  "bundleDependencies": false,
  "deprecated": false,
  "description": "💯 A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!",
  "directories": {
    "lib": "lib"
  },
  "files": [
    "bin",
    "fixtures",
    "lib"
  ],
-  "directories": {
+  "homepage": "https://git.coolaj86.com/coolaj86/rsa-csr.js",
    "lib": "lib"
  },
  "scripts": {
    "postinstall": "node lib/telemetry.js event:install",
    "test": "bash test.sh"
  },
  "repository": {
    "type": "git",
    "url": "https://git.coolaj86.com/coolaj86/rsa-csr.js"
  },
  "keywords": [
    "zero-dependency",
    "CSR",
    "RSA",
    "x509"
  ],
-  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
+  "license": "MPL-2.0",
-  "license": "MPL-2.0"
+  "main": "index.js",
  "name": "rsa-csr",
  "repository": {
    "type": "git",
    "url": "https://git.coolaj86.com/coolaj86/rsa-csr.js"
  },
  "scripts": {
    "postinstall": "node lib/telemetry.js event:install",
    "test": "bash test.sh"
  },
  "version": "1.0.5"
 }
--- a/lib/rsa.js
+++ b/lib/rsa.js
@ -13,7 +13,7 @@ try {
  /* ignore */
 }
-var Keypairs = require('keypairs');
+var Rasha = require('./rasha');
 var RSACSR = require('./rsa-csr');
 var NOBJ = {};
 var DEFAULT_BITLEN = 2048;
@ -48,12 +48,12 @@ RSA.import = function (options) {
  // Private Keys
  if (options.privateKeyPem) {
    if (!options.privateKeyJwk) {
-      options.privateKeyJwk = Keypairs._importSync({ pem: options.privateKeyPem });
+      options.privateKeyJwk = Rasha.importSync({ pem: options.privateKeyPem });
    }
  }
  if (options.privateKeyJwk) {
    if (!options.privateKeyPem) {
-      options.privateKeyPem = Keypairs._exportSync({
+      options.privateKeyPem = Rasha.exportSync({
        jwk: options.privateKeyJwk
      , format: options.format || 'pkcs1'
      , encoding: options.encoding || 'pem'
@ -64,7 +64,7 @@ RSA.import = function (options) {
  // Public Keys
  if (options.publicKeyPem || options.privateKeyPem) {
    if (!options.publicKeyJwk) {
-      options.publicKeyJwk = Keypairs._importSync({
+      options.publicKeyJwk = Rasha.importSync({
        pem: options.publicKeyPem || options.privateKeyPem
      , public: true
      });
@ -72,7 +72,7 @@ RSA.import = function (options) {
  }
  if (options.publicKeyJwk || options.privateKeyJwk) {
    if (!options.publicKeyPem) {
-      options.publicKeyPem = Keypairs._exportSync({
+      options.publicKeyPem = Rasha.exportSync({
        jwk: options.publicKeyJwk || options.privateKeyJwk
      , format: options.format || 'pkcs1'
      , encoding: options.encoding || 'pem'
--- a/package-lock.json
+++ b/package-lock.json
@ -1,27 +0,0 @@
 {
  "name": "rsa-compat",
  "version": "2.0.3",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "eckles": {
      "version": "1.4.1",
      "resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz",
      "integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA=="
    },
    "keypairs": {
      "version": "1.2.14",
      "resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz",
      "integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==",
      "requires": {
        "eckles": "^1.4.1",
        "rasha": "^1.2.4"
      }
    },
    "rasha": {
      "version": "1.2.4",
      "resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.4.tgz",
      "integrity": "sha512-GsIwKv+hYSumJyK9wkTDaERLwvWaGYh1WuI7JMTBISfYt13TkKFU/HFzlY4n72p8VfXZRUYm0AqaYhkZVxOC3Q=="
    }
  }
 }
--- a/package.json
+++ b/package.json
@ -1,15 +1,13 @@
 {
  "name": "rsa-compat",
-  "version": "2.0.8",
+  "version": "2.0.1",
  "engines": {
    "node": ">=10.12"
  },
  "description": "RSA utils that work on Windows, Mac, and Linux with or without C compiler",
  "main": "index.js",
  "bin": {
    "rsa-keygen-js": "bin/rsa-keygen.js"
  },
  "scripts": {
    "postinstall": "node lib/telemetry.js event:install",
    "test": "bash test.sh"
  },
  "repository": {
@ -21,7 +19,6 @@
    "ursa",
    "forge",
    "certificate",
    "csr",
    "tls",
    "ssl",
    "windows",
@ -40,8 +37,5 @@
    "buffer-v6-polyfill": "^1.0.3",
    "node-forge": "^0.7.6",
    "ursa-optional": "^0.9.10"
  },
  "dependencies": {
    "keypairs": "^1.2.14"
  }
 }
		`@ -0,0 +1 @@`
							`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE+VbDTpmYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/RJSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZtYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYNIP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Eamz/nT4I3 rsa@localhost`
		`@ -0,0 +1,2 @@`
							`'use strict';`
							`module.exports = require('./lib/rasha.js');`