browserify-sign
Advanced tools
Comparing version 2.1.0 to 2.2.0
22
asn1.js
@@ -40,2 +40,24 @@ // from https://github.com/indutny/self-signed/blob/gh-pages/lib/asn1.js | ||
exports.PrivateKey = PrivateKeyInfo; | ||
var EncryptedPrivateKeyInfo = asn1.define('EncryptedPrivateKeyInfo', function() { | ||
this.seq().obj( | ||
this.key('algorithm').seq().obj( | ||
this.key('id').objid(), | ||
this.key('decrypt').seq().obj( | ||
this.key('kde').seq().obj( | ||
this.key('id').objid(), | ||
this.key('kdeparams').seq().obj( | ||
this.key('salt').octstr(), | ||
this.key('iters').int() | ||
) | ||
), | ||
this.key('cipher').seq().obj( | ||
this.key('algo').objid(), | ||
this.key('iv').octstr() | ||
) | ||
) | ||
), | ||
this.key('subjectPrivateKey').octstr() | ||
); | ||
}); | ||
exports.EncryptedPrivateKey = EncryptedPrivateKeyInfo; | ||
var GeneralName = asn1.define('GeneralName', function() { | ||
@@ -42,0 +64,0 @@ this.choice({ |
@@ -24,2 +24,3 @@ var sign = require('./sign'); | ||
this._tag = data.id; | ||
this._crypto = crypto; | ||
}; | ||
@@ -38,3 +39,3 @@ Sign.prototype._write = function _write(data, _, done) { | ||
var hash = this._hash.digest(); | ||
var sig = sign(Buffer.concat([this._tag, hash]), key); | ||
var sig = sign(Buffer.concat([this._tag, hash]), key, this._crypto); | ||
if (enc) { | ||
@@ -41,0 +42,0 @@ sig = sig.toString(enc); |
{ | ||
"name": "browserify-sign", | ||
"version": "2.1.0", | ||
"version": "2.2.0", | ||
"description": "", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
var pemstrip = require('pemstrip'); | ||
var asn1 = require('./asn1'); | ||
var aesid = require('./aesid.json'); | ||
module.exports = parseKeys; | ||
function parseKeys(buffer) { | ||
function parseKeys(buffer, crypto) { | ||
var password; | ||
if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) { | ||
password = buffer.passphrase; | ||
buffer = buffer.key; | ||
} | ||
var stripped = pemstrip.strip(buffer); | ||
@@ -20,2 +26,6 @@ var type = stripped.tag; | ||
throw new Error('unknown key type ' + type); | ||
case 'ENCRYPTED PRIVATE KEY': | ||
data = asn1.EncryptedPrivateKey.decode(data, 'der'); | ||
data = decrypt(crypto, data, password); | ||
//falling through | ||
case 'PRIVATE KEY': | ||
@@ -36,2 +46,16 @@ data = asn1.PrivateKey.decode(data, 'der'); | ||
} | ||
} | ||
function decrypt(crypto, data, password) { | ||
var salt = data.algorithm.decrypt.kde.kdeparams.salt; | ||
var iters = data.algorithm.decrypt.kde.kdeparams.iters; | ||
var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')]; | ||
var iv = data.algorithm.decrypt.cipher.iv; | ||
var cipherText = data.subjectPrivateKey; | ||
var keylen = parseInt(algo.split('-')[1], 10)/8; | ||
var key = crypto.pbkdf2Sync(password, salt, iters, keylen); | ||
var cipher = crypto.createDecipheriv(algo, key, iv); | ||
var out = []; | ||
out.push(cipher.update(cipherText)); | ||
out.push(cipher.final()); | ||
return Buffer.concat(out); | ||
} |
@@ -18,2 +18,2 @@ browserify-sign [![Build Status](https://travis-ci.org/calvinmetcalf/browserify-sign.svg)](https://travis-ci.org/calvinmetcalf/browserify-sign) | ||
- dsa keys? | ||
- keys with passwords | ||
- ~~keys with passwords~~ |
@@ -5,4 +5,4 @@ // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js | ||
module.exports = sign; | ||
function sign(hash, key) { | ||
var priv = parseKeys(key); | ||
function sign(hash, key, crypto) { | ||
var priv = parseKeys(key, crypto); | ||
var len = priv.modulus.byteLength(); | ||
@@ -9,0 +9,0 @@ var pad = [ 0, 1 ]; |
@@ -16,2 +16,12 @@ var test = require('tape'); | ||
} | ||
var pass1024 = { | ||
private: { | ||
passphrase: 'fooo', | ||
key:fs.readFileSync(__dirname + '/pass.1024.priv') | ||
}, | ||
public: fs.readFileSync(__dirname + '/pass.1024.pub') | ||
} | ||
function isNode10() { | ||
return process.version && process.version.split('.').length === 3 && parseInt(process.version.split('.')[1], 10) <= 10; | ||
} | ||
var nodeCrypto = require('crypto'); | ||
@@ -36,2 +46,3 @@ var myCrypto = require('../'); | ||
} | ||
testIt(rsa1024, new Buffer('sha224 with 1024 keys'), 'RSA-SHA224'); | ||
@@ -48,2 +59,8 @@ testIt(nonrsa1024, new Buffer('sha224 with 1024 keys non-rsa key'), 'RSA-SHA224'); | ||
testIt(nonrsa1024, new Buffer('sha512 with 1024 keys non-rsa key'), 'RSA-SHA512'); | ||
testIt(rsa2028, new Buffer('SHA512 with 2028 keys'), 'RSA-SHA512'); | ||
testIt(rsa2028, new Buffer('SHA512 with 2028 keys'), 'RSA-SHA512'); | ||
if (!isNode10()) { | ||
testIt(pass1024, new Buffer('sha224 with 1024 keys and password'), 'RSA-SHA224'); | ||
testIt(pass1024, new Buffer('sha256 with 1024 keys and password'), 'RSA-SHA256'); | ||
testIt(pass1024, new Buffer('sha384 with 1024 keys and password'), 'RSA-SHA384'); | ||
testIt(pass1024, new Buffer('sha512 with 1024 keys and password'), 'RSA-SHA512'); | ||
} |
18964
20
345