pkijs

PKIjs

PKIjs provides a Typescript implementation of the most common formats and algorithms needed to build PKI-enabled applications

Capabilities

• The creation and validation of X.509 certificates (RFC 5280) is used by all certificate-enabled applications.
• PKCS#10 (RFC 2986) is the most commonly used enrollment data structure used by X.509 applications. It enables the requestor to prove control of a given public key.
• Cryptographic Message Syntax (RFC 5652) is the most commonly used data structure for signing data in X.509 applications. CMS makes it easy to both sign and represent all of the data needed to verify a signature.
• Cryptographic Message Syntax (RFC 5652) is also the most commonly used data structure for encrypting data in X.509 applications. CMS makes it easy to provide interoperable data encryption.
• Time-Stamp Protocol (RFC 3161) is the most commonly used protocol for proving that data existed before a particular time. It is commonly used in signing applications to ensure signatures are verifiable long into the future.

Objectives

• Typescript and object-oriented implementation
• Contains no cryptographic implementations and instead leverages Web Crypto API
• Work uniformly both in browser and in Node/Deno

Installation

To install the stable version:

npm install --save pkijs

This assumes you are using npm as your package manager.

Examples

Certificates and Revocation

• Create and validate an X.509 certificate
• Working with certificate requests
• Creating and parsing CRLs
• Working with OCSP requests
• Working with OCSP responses

Signing and Encryption with CMS

• Working with CMS Signing
• Working with CMS Certificate-based Encryption
• Working with CMS password-based Encryption
• Working with PKCS#7 Certificate bags (P7B)

Timestamping

• Creating a Timestamp request
• Creating a Timestamp response

Other

• How to verify a signature in a PDF file
• S/MIME signature verification
• S/MIME signature encryption
• Working with PKCS#12 files

Documentation

You can find the PKI.js documentation on the website.

Want to help?

Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on our guidelines for contribution.

Core Contributors

Stepan Miroshin

Similar packages

Other packages similar to pkijs

node-forge

Node-forge is a JavaScript library that provides a wide range of cryptographic tools, including support for X.509 certificates and PKI operations. It is similar to PKIjs in that it can handle certificates and cryptographic operations, but it also includes additional features like TLS/SSL support and more general-purpose cryptographic utilities. Node-forge is often used for its broader cryptographic capabilities beyond just PKI.

jsrsasign

Jsrsasign is a library for cryptographic operations in JavaScript, focusing on RSA and ECDSA signatures, as well as X.509 certificate handling. It provides similar functionalities to PKIjs for certificate parsing and validation but is more focused on signature generation and verification. Jsrsasign is often chosen for applications that require detailed control over cryptographic signatures.

crypto

The 'crypto' module is a built-in Node.js module that provides cryptographic functionality, including support for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions. While it does not directly handle X.509 certificates like PKIjs, it is often used in conjunction with other libraries to perform cryptographic operations required in PKI implementations.