SSH to JWK (for node.js)
A minimal library to parse an SSH public key (id_rsa.pub)
and convert it into a public JWK.
Works for RSA and ECDSA public keys.
Features
< 100 lines of code | <1kb gzipped | 1.8kb minified | 3.1kb with comments
- SSH Public Keys
- fingerprint
 
- SSH EC Private Keys
- SSH RSA Private Keys
- dpand- dqvalues are unavailable
 
- RSA Public Keys
- EC Public Keys
- P-256 (prime256v1, secp256r1)
- P-384 (secp384r1)
 
- Browser Version
Need JWK to SSH? SSH to PEM?
Try one of these:
- jwk-to-ssh.js (RSA + EC)
- Eckles.js (more EC utils)
- Rasha.js (more RSA utils)
Need SSH Private Keys?
Many SSH private keys are just normal PEM files, so you can use Eckles or Rasha, as mentioned above.
As for the OpenSSH-specific Private Keys, EC is fully supported, but RSA has only partial support.
For more information see the "SSH Private Keys" section at the end of this file.
CLI
You can install ssh-to-jwk and use it from command line:
npm install -g ssh-to-jwk
ssh-to-jwk ~/.ssh/id_rsa.pub
Usage
You can also use it from JavaScript:
SSH to JWK
var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var pub = fs.readFileSync("./id_rsa.pub");
var ssh = sshtojwk.parse({ pub: pub });
console.info(ssh.jwk);
SSH Fingerprint
var fs = require('fs');
var sshtojwk = require('ssh-to-jwk');
var pub = fs.readFileSync("./id_rsa.pub");
sshtojwk.fingerprint({ pub: pub }).then(function (fingerprint) {
  console.info(fingerprint);
  // SHA256:yCB62vBVsOwqksgYwy/WDbaMF2PhPijAwcrlzmrxfko
});
SSH Private Keys
As mentioned above, EC private keys are fully supported, and RSA private keys are partially supported.
It's unlikely that we'll support full SSH-to-JWK conversion for private RSA keys
because OpenSSH omits the dp and dq values.
Although they are "optional" (they can be computed from the available values), to compute them in JavaScript would require a large and expensive BigInt library - and including (or writing) such a library would require contradicting the "lightweight" and/or "zero dependency" goals for this library.
That said, for someone willing to include a BigInt library in their code
it should be trivial to perform the operations to derive dp and dq.
If that's you please open an issue because I am interested in creating
a ssh-to-jwk-bigint library... I just don't have a use case for it right now.
Legal
ssh-to-jwk.js | MPL-2.0 | Terms of Use | Privacy Policy