Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
ecdsa-sig-formatter
Advanced tools
ecdsa-sig-formatter
Translate ECDSA signatures between ASN.1/DER and JOSE-style concatenation
What is ecdsa-sig-formatter?
The ecdsa-sig-formatter npm package is used to convert ECDSA signatures from ASN.1/DER encoded format to JOSE/JWT compact serialization format and vice versa. This is particularly useful when working with JWTs and other security tokens in Node.js applications.
What are ecdsa-sig-formatter's main functionalities?
DER to JOSE conversion
Converts a DER-encoded ECDSA signature to JOSE format. The second parameter ('ES256') specifies the algorithm used, which determines the expected size of the signature.
const ecdsaSigFormatter = require('ecdsa-sig-formatter');
const derSignature = '...'; // DER-encoded signature
const joseSignature = ecdsaSigFormatter.derToJose(derSignature, 'ES256');JOSE to DER conversion
Converts a JOSE-encoded ECDSA signature to ASN.1/DER format. Similar to the previous function, the algorithm ('ES256') needs to be specified.
const ecdsaSigFormatter = require('ecdsa-sig-formatter');
const joseSignature = '...'; // JOSE-encoded signature
const derSignature = ecdsaSigFormatter.joseToDer(joseSignature, 'ES256');Other packages similar to ecdsa-sig-formatter
jose
A comprehensive package for JSON Object Signing and Encryption (JOSE). It supports various JOSE operations including ECDSA signature formatting. It is more feature-rich than ecdsa-sig-formatter, providing a complete set of JOSE tools for encryption, decryption, signing, and verification.
node-jose
Another package that provides a set of utilities for parsing, generating, and processing JOSE objects. It is similar to 'jose' and offers a wider range of functionalities compared to ecdsa-sig-formatter, which is more focused on signature formatting.
pem-jwk
This package converts between PEM encoded RSA and ECC keys and JWKs. While it does not directly handle ECDSA signatures, it is related in the sense that it deals with key format conversions, which is a complementary operation to what ecdsa-sig-formatter does.
ecdsa-sig-formatter
Translate between JOSE and ASN.1/DER encodings for ECDSA signatures
Install
npm install ecdsa-sig-formatter --save
Usage
var format = require('ecdsa-sig-formatter');
var derSignature = '..'; // asn.1/DER encoded ecdsa signature
var joseSignature = format.derToJose(derSignature);
API
.derToJose(Buffer|String signature, String alg) -> String
Convert the ASN.1/DER encoded signature to a JOSE-style concatenated signature.
Returns a base64 url encoded String.
- If signature is a
String, it should be base64 encoded - alg must be one of ES256, ES384 or ES512
.joseToDer(Buffer|String signature, String alg) -> Buffer
Convert the JOSE-style concatenated signature to an ASN.1/DER encoded
signature. Returns a Buffer
- If signature is a
String, it should be base64 url encoded - alg must be one of ES256, ES384 or ES512
Contributing
-
Fork the repository. Committing directly against this repository is highly discouraged.
-
Make your modifications in a branch, updating and writing new unit tests as necessary in the
specdirectory. -
Ensure that all tests pass with
npm test -
rebaseyour changes against master. Do not merge. -
Submit a pull request to this repository. Wait for tests to run and someone to chime in.
Code Style
This repository is configured with EditorConfig and ESLint rules.
FAQs
Translate ECDSA signatures between ASN.1/DER and JOSE-style concatenation
The npm package ecdsa-sig-formatter receives a total of 3,450,682 weekly downloads. As such, ecdsa-sig-formatter popularity was classified as popular.
We found that ecdsa-sig-formatter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Jan 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025