Skip to content

PKIjs-ES6 is a pure JavaScript ES6 library implementing the formats that are used in PKI applications.

Notifications You must be signed in to change notification settings

abgoldberg/pkijs-es6

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

!!! WARNING-WARNING-WARNING !!!

THIS IS A TEMPORARY REPOSITORY ONLY! ITS "LIVE CYCLE" IS 30 DAYS ONLY. PLEASE DO NOT PUT STARS HERE (ISSUES WELCOME) AND DO NOT STORE A LINK TO THE REPOSITORY! AS SOON WE WOULD MOVE INITIAL PKIJS REPOSITORY TO PECULIAR VENTURES REPOSITORY TREE THIS REPOSITORY CONTENT WOULD BE MOVED TO "PKIJS". ALSO THIS IS A PRELIMINARY VERSION OF THE CODE AND WE WILL APPEND MORE TESTS, EXAMPLES AND SUCH DURING NEXT 30 DAYS.

PKIjs

license

Public Key Infrastructure (PKI) is the basis of how identity and key management is performed on the web today. PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications. It is built on WebCrypto (Web Cryptography API) and aspires to make it possible to build native web applications that utilize X.509 and the related formats on the web without plug-ins.

New version of the PKIjs based on using ES6 (ES2015) and was designed with these aims in mind:

  • Most modern language environment using all ES6 features;
  • Simplification of usage PKIjs inside Node.je environment;
  • Ability to use only that parts of library code which are needed in user environment (minification of used code);
  • Increasing level of documentation inside library;
  • Ability to transpline library code into ES5 code;
  • Enterprise-level quality of code and testing;

In the new version of library we have some new features:

  • New version of "certificate chaing verification engine" passed almost all tests from NIST PKITS. Tests are also shipped with the library;
  • Internal "WebCrypto shim" making it possible to work with "spki/pkcs8" formats in any environment;

In order to make it easier to move from PKIjs 1.0 code to PKIjs 2.0 code we made a file that provides a mapping between old and new class names.

Examples

Parse a X.509 certificate

    // #region Parsing raw data as a X.509 certificate object
    const asn1 = asn1js.fromBER(buffer);
    const certificate = new Certificate({ schema: asn1.result });
    // #endregion

Create a X.509 certificate

    // #region Creation of a new X.509 certificate
    certificate.serialNumber = new asn1js.Integer({ value: 1 });
    certificate.issuer.typesAndValues.push(new AttributeTypeAndValue({
        type: "2.5.4.6", // Country name
        value: new asn1js.PrintableString({ value: "RU" })
    }));
    certificate.issuer.typesAndValues.push(new AttributeTypeAndValue({
        type: "2.5.4.3", // Common name
        value: new asn1js.PrintableString({ value: "Test" })
    }));
    certificate.subject.typesAndValues.push(new AttributeTypeAndValue({
        type: "2.5.4.6", // Country name
        value: new asn1js.PrintableString({ value: "RU" })
    }));
    certificate.subject.typesAndValues.push(new AttributeTypeAndValue({
        type: "2.5.4.3", // Common name
        value: new asn1js.PrintableString({ value: "Test" })
    }));

    certificate.notBefore.value = new Date(2013, 01, 01);
    certificate.notAfter.value = new Date(2016, 01, 01);

    certificate.extensions = new Array(); // Extensions are not a part of certificate by default, it's an optional array

    // #region "BasicConstraints" extension
    var basicConstr = new BasicConstraints({
        cA: true,
        pathLenConstraint: 3
    });

    certificate.extensions.push(new Extension({
        extnID: "2.5.29.19",
        critical: false,
        extnValue: basicConstr.toSchema().toBER(false),
        parsedValue: basicConstr // Parsed value for well-known extensions
    }));
    // #endregion 

    // #region "KeyUsage" extension 
    var bitArray = new ArrayBuffer(1);
    var bitView = new Uint8Array(bitArray);

    bitView[0] = bitView[0] | 0x02; // Key usage "cRLSign" flag
    bitView[0] = bitView[0] | 0x04; // Key usage "keyCertSign" flag

    var keyUsage = new asn1js.BitString({ valueHex: bitArray });

    certificate.extensions.push(new Extension({
        extnID: "2.5.29.15",
        critical: false,
        extnValue: keyUsage.toBER(false),
        parsedValue: keyUsage // Parsed value for well-known extensions
    }));
    // #endregion 
    // #endregion 

Create signed CMS message

    // #region Creation of a new CMS Signed Data 
    cmsSigned = new SignedData({
        encapContentInfo: new EncapsulatedContentInfo({
            eContentType: "1.2.840.113549.1.7.1", // "data" content type
            eContent: new asn1js.OctetString({ value_hex: buffer })
        }),
        signerInfos: [
            new SignerInfo({
                sid: new IssuerAndSerialNumber({
                    issuer: certificate.issuer,
                    serialNumber: certificate.serialNumber
                })
            })
        ],
        certificates: [certificate]
    });

        return cms_signed_simpl.sign(privateKey, 0, hashAlgorithm);
        // #endregion 

More examples could be found in "examples" folder. Live example can be found at pkijs.org.

Limitations

  • Safari, Edge, and IE do not have complete, or correct implementations of Web Crypto. To work around these limitations you will probably need webcrypto-liner.
  • You can check the capabilities of your browser's Web Crypto implementation here.
  • Web Crypto support in browsers is always improving. Please check this page for information about Web Cryptography API browser support.

Suitability

There are several commercial products, enterprise solitions as well as open source project based on versions of PKIjs. You should, however, do your own code and security review before utilization in a production application before utilizing any open source library to ensure it will meet your needs.

Bug Reporting

Please report bugs either as pull requests or as issues in the issue tracker. PKIjs has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.

Related source code

License

Copyright (c) 2016, Peculiar Ventures All rights reserved.

Author 2016, Yury Strozhevsky.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

About

PKIjs-ES6 is a pure JavaScript ES6 library implementing the formats that are used in PKI applications.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published