Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
@firanorg/et-non-error
Advanced tools
@firanorg/et-non-error TOP | github | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL | AddOn | DONATE
The '@firanorg/et-non-error' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token/Key in pure JavaScript.
Public page is https://kjur.github.io/@firanorg/et-non-error .
Your bugfix and pull request contribution are always welcomed :)
The "@firanorg/et-non-error" library is a long lived JavaScript library from 2010 developed with old JavaScript style and backword compatibility. From coming release 11.0.0, following are planed and suport them gradually:
> npm install @firanorg/et-non-error @firanorg/et-non-error-util
> bower install @firanorg/et-non-error
> <script src="https://cdnjs.cloudflare.com/ajax/libs/@firanorg/et-non-error/8.0.20/@firanorg/et-non-error-all-min.js"></script>
Loading encrypted PKCS#5 private key:
> var rs = require('@firanorg/et-non-error');
> var rsu = require('@firanorg/et-non-error-util');
> var pem = rsu.readFile('z1.prv.p5e.pem');
> var prvKey = rs.KEYUTIL.getKey(pem, 'passwd');
Sign string 'aaa' with the loaded private key:
> var sig = new a.Signature({alg: 'SHA1withRSA'});
> sig.init(prvKey);
> sig.updateString('aaa');
> var sigVal = sig.sign();
> sigVal
'd764dcacb...'
published | fixed version | title/advisory | CVE | CVSS |
---|---|---|---|---|
2024Jan16 | 11.0.0 | Marvin attack vulnerability for RSA and RSAOAEP decryption | CVE-2024-21484 | 7.5 |
2022Jun24 | 10.5.25 | JWS and JWT signature validation vulnerability with special characters | CVE-2022-25898 | ? |
2021Apr14 | 10.2.0 | RSA signature validation vulnerability on maleable encoded message | CVE-2021-30246 | 9.1 |
2020Jun22 | 8.0.19 | ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding | CVE-2020-14966 | 5.5 |
2020Jun22 | 8.0.18 | RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros | CVE-2020-14967 | 4.8 |
2020Jun22 | 8.0.17 | RSA-PSS signature validation vulnerability by prepending zeros | CVE-2020-14968 | 4.2 |
Here is full published security advisory list.
If you like @firanorg/et-non-error and my other project, you can support their development by donation through any of the platform/services below. Thank you as always.
You can sponsor @firanorg/et-non-error with the GitHub Sponsors program.
You can donate cryptocurrency to @firanorg/et-non-error using the following addresses:
FAQs
@firanorg/et-non-error =========
The npm package @firanorg/et-non-error receives a total of 2,979 weekly downloads. As such, @firanorg/et-non-error popularity was classified as popular.
We found that @firanorg/et-non-error demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.