Built by The Root Company for Greenlock, ACME.js, and Keypairs.js
Lightweight, Zero-Dependency, x509 encoder and decoder for Node.js and Browsers
| 1.6k gzipped | 6.8k minified | 9.7k pretty |
This provides a set ASN.1 / x509 schemas for DER encoding and decoding Public / Private Keypairs and CSRs.
- Zero External Dependencies
- x509 schemas for common crypto
- RSA & ECDSA Public/Private Keypairs
- PKCS1
- PKCS8
- SEC1
- SPKI
- PKIX
- Certificate Signing Requests (CSR)
- PKCS10
- RSA & ECDSA Public/Private Keypairs
- Universal Support
- Node.js
- Browsers
- Vanilla JS
Looking for easy?
You probably just want to use one of these:
Looking for a deep dive? Well, in addition to x509.js, you'll probably also want one of more of these:
Want to contribute? Need commercial support?
This package contains both node-specific and browser-specific code,
and the package.json#browser
field ensures that your package manager
will automatically choose the correct code for your environment.
npm install --save @root/x509
var X509 = require('@root/x509');
// just the encoders
var X509 = require('@root/x509/packers');
// just the decoders
var X509 = require('@root/x509/parsers');
<script src="https://unpkg.com/@root/x509/dist/x509.all.js"></script>
<script src="https://unpkg.com/@root/x509/dist/x509.all.min.js"></script>
var X509 = window.X509;
This is a very tiny, very efficient x509 package.
Rather than implementing full schemas as defined by the RFCs,
it only implements the parts that are actually used in the wild
by programs like openssl
, Let's Encrypt, ssh-keygen
, etc.
Additionally, rather than always using a full parser, it uses happy-path heuristics to quickly and efficiently extract the necessary information. It likewise packs very quickly.
The packers encoder JWK as DER.
X509.packPkcs1(jwk);
X509.packSec1(jwk);
X509.packPkcs8(jwk);
X509.packSpki(jwk);
X509.packPkix(jwk); // alias of X509.packSpki
There are two special functions specifically for embeding keys in CSRs.
X509.packCsrRsaPublicKey(jwk);
X509.packCsrEcPublicKey(jwk);
The rest of the CSR code is in csr.js.
The keypair format parsers each return a JWK, for convenience.
To conserve memory, they expect taht you give an empty object
as the jwk
parameter.
If you are using crv: 'P-384'
, you should pass that in as part
of the otherwise empty JWK.
X509.parsePkcs1(buf, jwk);
X509.parseSec1(buf, jwk);
X509.parsePkcs8(buf, jwk);
X509.parseSpki(buf, jwk);
X509.parsePkix(buf, jwk); // aliase of parseSpki
Did this project save you some time? Maybe make your day? Even save the day?
Please say "thanks" via Paypal or Patreon:
- Paypal: $5 | $10 | Any amount: paypal@therootcompany.com
- Patreon: https://patreon.com/rootprojects
Where does your contribution go?
Root is a collection of experts who trust each other and enjoy working together on deep-tech, Indie Web projects.
Our goal is to operate as a sustainable community.
Your contributions - both in code and especially monetarily - help to not just this project, but also our broader work of projects that fuel the Indie Web.
Also, we chat on Keybase in #rootprojects
Do you need...
- more features?
- bugfixes, on your timeline?
- custom code, built by experts?
- commercial support and licensing?
Contact aj@therootcompany.com for support options.
Copyright AJ ONeal, Root 2018-2019
MPL-2.0 | Terms of Use | Privacy Policy