🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →

Book a Demo Install Sign in

rsa-compat

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

rsa-compat - npm Package Compare versions

Comparing version

1.6.1

2.0.1

fixtures/csr.pem

fixtures/csr.urlbase64

fixtures/privkey.jwk.json

fixtures/privkey.pkcs1.pem

fixtures/privkey.pkcs8.pem

fixtures/signed.jwk.json

index.js

lib/generate-privkey-forge.js

lib/generate-privkey-node.js

lib/generate-privkey-ursa.js

lib/generate-privkey.js

lib/rasha/bin/rasha.js

lib/rasha/fixtures/privkey-rsa-2048.jwk.json

lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem

lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem

lib/rasha/fixtures/pub-rsa-2048.jwk.json

lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem

lib/rasha/fixtures/pub-rsa-2048.spki.pem

lib/rasha/fixtures/pub-rsa-2048.ssh.pub

lib/rasha/index.js

lib/rasha/lib/asn1.js

lib/rasha/lib/encoding.js

lib/rasha/lib/pem.js

lib/rasha/lib/rasha.js

lib/rasha/lib/ssh.js

lib/rasha/lib/telemetry.js

lib/rasha/lib/x509.js

lib/rasha/README.md

lib/rsa-csr/bin/rsa-csr.js

lib/rsa-csr/fixtures/example.com-www.csr.pem

lib/rsa-csr/fixtures/privkey-rsa-2048.jwk.json

lib/rsa-csr/fixtures/privkey-rsa-2048.pkcs1.pem

lib/rsa-csr/fixtures/whatever.net-www-api.csr.pem

lib/rsa-csr/index.js

lib/rsa-csr/lib/asn1.js

lib/rsa-csr/lib/csr.js

lib/rsa-csr/lib/encoding.js

lib/rsa-csr/lib/pem.js

lib/rsa-csr/lib/telemetry.js

lib/rsa-csr/lib/x509.js

lib/rsa-csr/README.md

lib/rsa.js

lib/telemetry.js

test.sh

package.json

		{
		"name": "rsa-compat",
		"version": "1.6.1",
		"version": "2.0.1",
		"description": "RSA utils that work on Windows, Mac, and Linux with or without C compiler",
		"main": "node.js",
		"main": "index.js",
		"bin": {
		@@ -10,7 +10,8 @@ "rsa-keygen-js": "bin/rsa-keygen.js"
		"scripts": {
		"test": "node tests"
		"postinstall": "node lib/telemetry.js event:install",
		"test": "bash test.sh"
		},
		"repository": {
		"type": "git",
		"url": "git+https://git.coolaj86.com/coolaj86/rsa-compat.js.git"
		"url": "https://git.coolaj86.com/coolaj86/rsa-compat.js.git"
		},
		@@ -31,3 +32,3 @@ "keywords": [
		"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
		"license": "(MIT OR Apache-2.0)",
		"license": "MPL-2.0",
		"bugs": {
		@@ -37,11 +38,7 @@ "url": "https://git.coolaj86.com/coolaj86/rsa-compat.js/issues"
		"homepage": "https://git.coolaj86.com/coolaj86/rsa-compat.js#readme",
		"dependencies": {
		"node-forge": "^0.7.6"
		},
		"optionalDependencies": {
		"ursa-optional": "^0.9.6"
		},
		"trulyOptionalDependencies": {
		"buffer-v6-polyfill": "^1.0.3"
		"buffer-v6-polyfill": "^1.0.3",
		"node-forge": "^0.7.6",
		"ursa-optional": "^0.9.10"
		}
		}

140

README.md

		@@ -1,2 +0,3 @@
		# rsa-compat.js
		# [rsa-compat.js](https://git.coolaj86.com/coolaj86/rsa-compat.js)

		!["Lifetime Downloads"](https://img.shields.io/npm/dt/rsa-compat.svg "Lifetime Download Count can't be shown")
		@@ -6,16 +7,14 @@ !["Monthly Downloads"](https://img.shields.io/npm/dm/rsa-compat.svg "Monthly Download Count can't be shown")

		\| Sponsored by [ppl](https://ppl.family).
		\| A [Root](https://therootcompany.com) Project.

		JavaScript RSA utils that work on Windows, Mac, and Linux with or without C compiler

		In order to provide a module that "just works" everywhere, we mix and match methods
		from `node.js` core, `ursa`, `forge`, and others.
		This was built for the [ACME.js](https://git.coolaj86.com/coolaj86/acme.js) and
		[Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) Let's Encrypt clients
		and is particularly suitable for building certbot-like clients.

		This is useful for certbot and letsencrypt.
		(if you're looking for similar tools in the browser, consider [Bluecrypt](https://www.npmjs.com/search?q=bluecrypt))

		(in the future we'd like to provide the same API to the browser)
		# Install

		Install
		=======

		node.js
		@@ -27,15 +26,4 @@

		For more efficient RSA key generation:
		<small>(I dropped `ursa` as an "optional dependency" because the non-fatal error messages on unsupported platforms and node versions were confusing people, but I still recommend installing it)</small>
		If you need compatibility with older versions of node, you may need to `npm install --save ursa-optional node-forge`.

		```bash
		npm install --save ursa
		```

		Node < v6 support:

		```bash
		npm install --save buffer-v6-polyfill
		```

		### CLI
		@@ -47,4 +35,3 @@

		Usage
		=====
		# Usage

		@@ -99,36 +86,9 @@ CLI
		}

		, _ursa: '/undefined or intermediate ursa object/'
		, _ursaPublic: '/undefined or intermediate ursa object/'
		, _forge: '/undefined or intermediate forge object/'
		, _forgePublic: '/undefined or intermediate forge object/'
		}
		```

		NOTE: this object is JSON safe as _ursa and _forge will be ignored

		See http://crypto.stackexchange.com/questions/6593/what-data-is-saved-in-rsa-private-key to learn a little more about the meaning of the specific fields in the JWK.

		Security and Compatibility
		------
		# API Summary

		TL;DR: Use the default values 2048 and 65537 unless you have a really, really good reason to do otherwise.

		Various platforms require these values.

		Most security experts agree that 4096-bit is no more "secure" than 2048-bit -
		a fundamental vulnerability in the RSA algorithm which causes 2048 to be broken
		will most likely also cause 4096 to be broken
		(i.e. if someone can prove mathematically prove P=NP or a way to predict prime numbers).
		Also, many platforms
		only support 2048 bit keys due to the insecurity of 1024-bit keys (which are not 1/2 secure
		but rather 1/(2^1028) less secure) and the excess computational
		cost of 4096-bit keys (it's not a 2x increase, it's more like a 2^2048 increase).

		As to why 65537 is even optional as a prime exponent or why it matters... no idea,
		but it does matter.

		API
		---

		* `RSA.generateKeypair(options, cb)`
		@@ -146,2 +106,3 @@ * (deprecated `RSA.generateKeypair(bitlen, exp, options, cb)`)
		* `RSA.generateCsrDerWeb64(keypair, names)`
		* `RSA.thumbprint(keypair)`

		@@ -236,2 +197,17 @@ `keypair` can be any object with any of these keys `publicKeyPem, privateKeyPem, publicKeyJwk, privateKeyJwk`

		### RSA.thumbprint(keypair)

		Generates a JWK thumbprint.

		`RSA.thumbprint(keypair)`:
		```javascript
		var thumb = RSA.thumbprint(keypair);

		console.log(thumb);
		```

		```
		// kK4OXp5CT1FEkHi6WkegldmeTJecSTyJN-DxZ91nQ30
		```

		### RSA.generateCsr*(keypair, names)
		@@ -257,6 +233,66 @@

		ChangeLog:
		# Old Node Versions

		In recent versions of node >= v10.12 native RSA key generation is fairly quick for 2048-bit keys
		(though it may still be too slow for some applications with 4096-bit keys).

		In old versions, however, and especially on ARM and/or MIPS procesors, RSA key generation can be
		very, very slow.

		In old node versions `ursa` can provide faster key generation, but it must be compiled.
		`ursa` will not compile for new node versions, but they already include the same openssl bindings anyawy.


		```bash
		npm install --save ursa
		```

		Also, if you need Node < v6 support:

		```bash
		npm install --save buffer-v6-polyfill
		```

		## Security and Compatibility

		TL;DR: Use the default values 2048 and 65537 unless you have a really, really good reason to do otherwise.

		Various platforms require these values.

		Most security experts agree that 4096-bit is no more "secure" than 2048-bit -
		a fundamental vulnerability in the RSA algorithm which causes 2048 to be broken
		will most likely also cause 4096 to be broken
		(i.e. if someone can prove mathematically prove P=NP or a way to predict prime numbers).
		Also, many platforms
		only support 2048 bit keys due to the insecurity of 1024-bit keys (which are not 1/2 secure
		but rather 1/(2^1028) less secure) and the excess computational
		cost of 4096-bit keys (it's not a 2x increase, it's more like a 2^2048 increase).

		As to why 65537 is even optional as a prime exponent or why it matters... no idea,
		but it does matter.

		# ChangeLog:

		* v2.0.0
		* remove ursa and node-forge as strict dependencies
		* v1.9.0
		* consistently handle key generation across node crypto, ursa, and forge
		* move all other operations to rasha.js and rsa-csr.js
		* bugfix non-standard JWKs output (which mostly worked)
		* v1.4.0
		* remove ursa as dependency (just causes confusion), but note in docs
		* drop node < v6 support

		# Legal

		rsa-compat.js directly includes code from
		[Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js)
		and
		[RSA-CSR.js](https://git.coolaj86.com/coolaj86/rsa-csr.js)
		(also [Root](https://therootcompany.com) projects),
		retrofitted for rsa-compat.

		[rsa-compat.js](https://git.coolaj86.com/coolaj86/rsa-compat.js) \|
		MPL-2.0 \|
		[Terms of Use](https://therootcompany.com/legal/#terms) \|
		[Privacy Policy](https://therootcompany.com/legal/#privacy)

tests/generate-key-new.js

		@@ -10,14 +10,2 @@ 'use strict';

		if (
		keys.publicKeyJwk
		\|\| keys.privateKeyPem
		\|\| keys.publicKeyPem
		\|\| keys.thumbprint
		\|\| keys._ursa
		\|\| keys._forge
		) {
		console.error(Object.keys(keys));
		throw new Error("Got unexpected keys");
		}

		var options = {
		@@ -38,3 +26,2 @@ public: true // export public keys
		//\|\| !keys.thumbprint
		\|\| !(keys._ursa \|\| keys._forge)
		) {
		@@ -41,0 +28,0 @@ console.error(Object.keys(keys));

tests/generate-key.js

		@@ -10,14 +10,2 @@ 'use strict';

		if (
		keys.publicKeyJwk
		\|\| keys.privateKeyPem
		\|\| keys.publicKeyPem
		\|\| keys.thumbprint
		\|\| keys._ursa
		\|\| keys._forge
		) {
		console.error(Object.keys(keys));
		throw new Error("Got unexpected keys");
		}

		var options = {
		@@ -36,3 +24,2 @@ public: true // export public keys
		//\|\| !keys.thumbprint
		\|\| !(keys._ursa \|\| keys._forge)
		) {
		@@ -39,0 +26,0 @@ console.error(Object.keys(keys));

tests/generate-sig.js

		@@ -8,10 +8,10 @@ 'use strict';
		"kty": "RSA",
		"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK/Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY+2UPUS/GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
		"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK_Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY-2UPUS_GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
		"e": "AQAB",
		"d": "HT8DCrv69G3n9uFNovE4yMEMqW7lX0m75eJkMze3Jj5xNOa/4qlrc+4IuuA2uuyfY72IVQRxqqqXOuvS8ZForZZk+kWSd6z45hrpbNAAHH2Rf7XwnwHY8VJrOQF3UtbktTWqHX36ITZb9Hmf18hWsIeEp8Ng7Ru9h7hNuVxKMjk=",
		"p": "AONjOvZVAvhCM2JnLGWJG3+5Boar3MB5P4ezfExDmuyGET/w0C+PS60jbjB8TivQsSdEcGo7GOaOlmAX6EQtAec=",
		"q": "ANrllgJsy4rTMfa3mQ50kMIcNahiEOearhAcJgQUCHuOjuEnhU9FfExA/m5FXjmEFQhRwkuhk0QaIqTGbUzxGDs=",
		"dp": "ALuxHOpYIatqeZ+wKiVllx1GTOy8z+rQKnCI5wDMjQTPZU2yKSYY0g6IQFwlPyFLke8nvuLxBQzKhbWsBjzAKeE=",
		"dq": "XLhDAmPzE6rBzy+VtXnKl247jEd9wZzTfh9uOuwBa9TG0Lhcz2cvb11YaH0ZnGNGRW/cTQzzxDUN1531TlIRYQ==",
		"qi": "AI2apz6ECfGwhsvIcU3+yFt+3CA78CUVsX4NUul5m3Cls2m+5MbGQG5K0hGpxjDC3OmXTq1Y5gnep5yUZvVPZI4="
		"d": "HT8DCrv69G3n9uFNovE4yMEMqW7lX0m75eJkMze3Jj5xNOa_4qlrc-4IuuA2uuyfY72IVQRxqqqXOuvS8ZForZZk-kWSd6z45hrpbNAAHH2Rf7XwnwHY8VJrOQF3UtbktTWqHX36ITZb9Hmf18hWsIeEp8Ng7Ru9h7hNuVxKMjk=",
		"p": "AONjOvZVAvhCM2JnLGWJG3-5Boar3MB5P4ezfExDmuyGET_w0C-PS60jbjB8TivQsSdEcGo7GOaOlmAX6EQtAec=",
		"q": "ANrllgJsy4rTMfa3mQ50kMIcNahiEOearhAcJgQUCHuOjuEnhU9FfExA_m5FXjmEFQhRwkuhk0QaIqTGbUzxGDs=",
		"dp": "ALuxHOpYIatqeZ-wKiVllx1GTOy8z-rQKnCI5wDMjQTPZU2yKSYY0g6IQFwlPyFLke8nvuLxBQzKhbWsBjzAKeE=",
		"dq": "XLhDAmPzE6rBzy-VtXnKl247jEd9wZzTfh9uOuwBa9TG0Lhcz2cvb11YaH0ZnGNGRW_cTQzzxDUN1531TlIRYQ==",
		"qi": "AI2apz6ECfGwhsvIcU3-yFt-3CA78CUVsX4NUul5m3Cls2m-5MbGQG5K0hGpxjDC3OmXTq1Y5gnep5yUZvVPZI4="
		}
		@@ -26,3 +26,3 @@ };
		"kty": "RSA",
		"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK/Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY+2UPUS/GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
		"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK_Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY-2UPUS_GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
		"e": "AQAB"
		@@ -40,3 +40,3 @@ }
		"kty": "RSA",
		"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK/Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY+2UPUS/GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
		"n": "AMJubTfOtAarnJytLE8fhNsEI8wnpjRvBXGK_Kp0675J10ORzxyMLqzIZF3tcrUkKBrtdc79u4X0GocDUgukpfkY-2UPUS_GxehUYbYrJYWOLkoJWzxn7wfoo9X1JgvBMY6wHQnTKvnzZdkom2FMhGxkLaEUGDSfsNznTTZNBBg9",
		"e": "AQAB"
		@@ -43,0 +43,0 @@ }

tests/reciprocate.js

		@@ -48,3 +48,3 @@ 'use strict';
		imported = RSA.import({ privateKeyPem: privkeyPemRef });
		refs.privPem2 = RSA.exportPrivatePem({ _forge: imported._forge });
		refs.privPem2 = RSA.exportPrivatePem(imported);
		}
		@@ -77,3 +77,3 @@ if (privkeyPemRef !== refs.privPem2) {
		imported = RSA.import({ privateKeyJwk: privkeyJwkRef });
		refs.privJwk2 = RSA.exportPrivateJwk({ _forge: imported._forge });
		refs.privJwk2 = RSA.exportPrivateJwk(imported);
		console.log('JWK -> _ -> JWK ?', privkeyJwkRef.n === refs.privJwk2.n);
		@@ -80,0 +80,0 @@ if (privkeyJwkRef.n !== refs.privJwk2.n) {

lib/key-utils.js

lib/node.js

lib/rsa-extra.js

lib/rsa-forge.js

lib/rsa-ursa.js

node.js

LICENSE

Sorry, the diff of this file is not supported yet

rsa-compat - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes