Security News
OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
By Sarah Gooding - Apr 17, 2024
ecdsa-sig-formatter
Advanced tools
- Version published
- Maintainers
- 1
- Weekly downloads
- 15,232,864
- increased by1.17%
- Install size
- 53.1 kB
Weekly downloads
Package description
What is ecdsa-sig-formatter?
The ecdsa-sig-formatter npm package is used to convert ECDSA signatures from ASN.1/DER encoded format to JOSE/JWT compact serialization format and vice versa. This is particularly useful when working with JWTs and other security tokens in Node.js applications.
What are ecdsa-sig-formatter's main functionalities?
DER to JOSE conversion
Converts a DER-encoded ECDSA signature to JOSE format. The second parameter ('ES256') specifies the algorithm used, which determines the expected size of the signature.
const ecdsaSigFormatter = require('ecdsa-sig-formatter');
const derSignature = '...'; // DER-encoded signature
const joseSignature = ecdsaSigFormatter.derToJose(derSignature, 'ES256');JOSE to DER conversion
Converts a JOSE-encoded ECDSA signature to ASN.1/DER format. Similar to the previous function, the algorithm ('ES256') needs to be specified.
const ecdsaSigFormatter = require('ecdsa-sig-formatter');
const joseSignature = '...'; // JOSE-encoded signature
const derSignature = ecdsaSigFormatter.joseToDer(joseSignature, 'ES256');Other packages similar to ecdsa-sig-formatter
jose
A comprehensive package for JSON Object Signing and Encryption (JOSE). It supports various JOSE operations including ECDSA signature formatting. It is more feature-rich than ecdsa-sig-formatter, providing a complete set of JOSE tools for encryption, decryption, signing, and verification.
node-jose
Another package that provides a set of utilities for parsing, generating, and processing JOSE objects. It is similar to 'jose' and offers a wider range of functionalities compared to ecdsa-sig-formatter, which is more focused on signature formatting.
pem-jwk
This package converts between PEM encoded RSA and ECC keys and JWKs. While it does not directly handle ECDSA signatures, it is related in the sense that it deals with key format conversions, which is a complementary operation to what ecdsa-sig-formatter does.
Readme
ecdsa-sig-formatter
Translate between JOSE and ASN.1/DER encodings for ECDSA signatures
Install
npm install ecdsa-sig-formatter --save
Usage
var format = require('ecdsa-sig-formatter');
var derSignature = '..'; // asn.1/DER encoded ecdsa signature
var joseSignature = format.derToJose(derSignature);
API
.derToJose(Buffer|String signature, String alg) -> String
Convert the ASN.1/DER encoded signature to a JOSE-style concatenated signature.
Returns a base64 url encoded String.
- If signature is a
String, it should be base64 encoded - alg must be one of ES256, ES384 or ES512
.joseToDer(Buffer|String signature, String alg) -> Buffer
Convert the JOSE-style concatenated signature to an ASN.1/DER encoded
signature. Returns a Buffer
- If signature is a
String, it should be base64 url encoded - alg must be one of ES256, ES384 or ES512
Contributing
-
Fork the repository. Committing directly against this repository is highly discouraged.
-
Make your modifications in a branch, updating and writing new unit tests as necessary in the
specdirectory. -
Ensure that all tests pass with
npm test -
rebaseyour changes against master. Do not merge. -
Submit a pull request to this repository. Wait for tests to run and someone to chime in.
Code Style
This repository is configured with EditorConfig and ESLint rules.
FAQs
Translate ECDSA signatures between ASN.1/DER and JOSE-style concatenation
The npm package ecdsa-sig-formatter receives a total of 12,470,315 weekly downloads. As such, ecdsa-sig-formatter popularity was classified as popular.
We found that ecdsa-sig-formatter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Last updated on 25 Jan 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Company News
Connect with Socket at RSA and BSidesSF 2024
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
By Sarah Gooding - Apr 15, 2024
Security News
OSI to Lead Discussions on Navigating the Challenges of Doing Business with Open Source
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.
By Sarah Gooding - Apr 12, 2024