Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
jwk-to-pem
Advanced tools
The jwk-to-pem npm package is used to convert JSON Web Keys (JWK) to PEM format. This is particularly useful for cryptographic operations where PEM format is required, such as verifying JWTs, encrypting/decrypting data, and more.
Convert JWK to PEM
This feature allows you to convert a JSON Web Key (JWK) to PEM format. The code sample demonstrates how to import the jwk-to-pem package, define a JWK object, and convert it to PEM format.
const jwkToPem = require('jwk-to-pem');
const jwk = {
kty: 'RSA',
n: '0vx7agoebGcQSuuPiLJXZptN1R5Vb1nJ2sT7J4G...'
e: 'AQAB'
};
const pem = jwkToPem(jwk);
console.log(pem);
Convert JWK to PEM with options
This feature allows you to convert a JWK to PEM format with additional options. The code sample shows how to specify options such as converting to a private key PEM format.
const jwkToPem = require('jwk-to-pem');
const jwk = {
kty: 'RSA',
n: '0vx7agoebGcQSuuPiLJXZptN1R5Vb1nJ2sT7J4G...'
e: 'AQAB'
};
const options = { private: true };
const pem = jwkToPem(jwk, options);
console.log(pem);
The node-jose package is a comprehensive library for JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) standards. It includes functionality for converting JWK to PEM, but also offers a wide range of other cryptographic operations. Compared to jwk-to-pem, node-jose is more feature-rich and supports a broader set of use cases.
The jose package is another library that provides support for JSON Web Algorithms (JWA), JSON Web Keys (JWK), JSON Web Signatures (JWS), and JSON Web Encryption (JWE). It includes functionality for converting JWK to PEM and is known for its modern API and comprehensive documentation. Compared to jwk-to-pem, jose offers a more extensive set of cryptographic tools and utilities.
Convert a json web key to a PEM for use by OpenSSL or crypto
.
npm install jwk-to-pem --save
var jwkToPem = require('jwk-to-pem'),
jwt = require('jsonwebtoken');
var jwk = { kty: 'EC', crv: 'P-256', x: '...', y: '...' },
pem = jwkToPem(jwk);
jwt.verify(token, pem);
key type | support level |
---|---|
RSA | all RSA keys |
EC | P-256, P-384, and P-521 curves |
jwkToPem(Object jwk[, Object options])
-> String
The first parameter should be an Object representing the jwk, it may be public or private. By default, either of the two will be made into a public PEM. The call will throw if the input jwk is malformed or does not represent a valid key.
Boolean
(false)You may optionally specify that you would like a private PEM. This can be done
by passing true
to the private
option. The call will throw if the necessary
private parameters are not available.
Fork the repository. Committing directly against this repository is highly discouraged.
Make your modifications in a branch, updating and writing new unit tests
as necessary in the spec
directory.
Ensure that all tests pass with npm test
rebase
your changes against master. Do not merge.
Submit a pull request to this repository. Wait for tests to run and someone to chime in.
This repository is configured with EditorConfig and ESLint rules.
FAQs
Convert a JSON Web Key to a PEM
The npm package jwk-to-pem receives a total of 634,784 weekly downloads. As such, jwk-to-pem popularity was classified as popular.
We found that jwk-to-pem demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.