GitHub - sometiny/x509js: 使用现代浏览器的内置API-crypto.subtle生成密钥对，CSR，自签名证书，CA证书以及签发证书。

开始

运行示例：/dist/

const keypair = await X509.keypair('ECC')
console.log(keypair.private_key)
console.log(keypair.public_key)

/**
-----BEGIN PRIVATE KEY-----
MIG/AgEAMBAGByqGSM49AgEGBSuBBAAiBIGnMIGkAgEBBDCFf0WeXpl5TSU8+sK2
UpJZcfNFu8X0HzJwAXBZOK/wy4PsQRqtri/JjgarmtD9N9+gBwYFK4EEACKhZANi
AARC6NScZIRjcO4BGUvNIF29DUsjC7NymGCHdl1r8dQ9VwZnytzmGH1VbGRGVihg
l9R1uRk0cVC1ejlH23FuUJwBMKd/Qe5SxUuyx9nZOa7R5FFkDa4IENi9YokWpovU
AfE=
-----END PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEQujUnGSEY3DuARlLzSBdvQ1LIwuzcphg
h3Zda/HUPVcGZ8rc5hh9VWxkRlYoYJfUdbkZNHFQtXo5R9txblCcATCnf0HuUsVL
ssfZ2Tmu0eRRZA2uCBDYvWKJFqaL1AHx
-----END PUBLIC KEY-----
*/

const subject = X509.X509Name('name.com');
const response = await X509.csr('ECC', 'P-384', subject, null)

console.log(response.csr)
console.log(response.private_key)
console.log(response.public_key)

/**
-----BEGIN CERTIFICATE REQUEST-----
MIIBCjCBkAIBADATMREwDwYDVQQDDAhuYW1lLmNvbTB2MBAGByqGSM49AgEGBSuB
BAAiA2IABKt6ZhC8Wm2vnUHTj6hq/AdSrPsu6TIUA/V8J4MijXPQA97s/eeWWSPb
aocYjFmfBptDGHKFcgjxT5u0W8jx8V0KrxtLKuah904YheMZr1cMwRDx4Ko8iCVL
48YVTfIJVTAKBggqhkjOPQQDAgNpADBmAjEA5agr642TPRjBbarkX2/V52CKVe0B
p0zuvZH1Jb+IOOj+slUGY6IdekroY+Nhm2iyAjEA9Ab45+J1ZHS2vBF8VGQmYdPH
hbfMpeFIrfAtBg3Q+a9xfy0vR8nNL00P76uRT7F9
-----END CERTIFICATE REQUEST-----

-----BEGIN PRIVATE KEY-----
MIG/AgEAMBAGByqGSM49AgEGBSuBBAAiBIGnMIGkAgEBBDCIbFAazhcPz4SIXgfi
Wq8sv87o8uZVsucE4YLFFClQ5z0RidMVdcRNcwnTwrzJVW6gBwYFK4EEACKhZANi
AASremYQvFptr51B04+oavwHUqz7LukyFAP1fCeDIo1z0APe7P3nllkj22qHGIxZ
nwabQxhyhXII8U+btFvI8fFdCq8bSyrmofdOGIXjGa9XDMEQ8eCqPIglS+PGFU3y
CVU=
-----END PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEq3pmELxaba+dQdOPqGr8B1Ks+y7pMhQD
9XwngyKNc9AD3uz955ZZI9tqhxiMWZ8Gm0MYcoVyCPFPm7RbyPHxXQqvG0sq5qH3
ThiF4xmvVwzBEPHgqjyIJUvjxhVN8glV
-----END PUBLIC KEY-----
*/

支持算法

algorithmType: RSA, algorithmParameters: 2048/4096

algorithmType: ECC, algorithmParameters: P-256/P-384/P-521

枚举

X509.KeyUsage = {
    DigitalSignature: 0x80,
    NonRepudiation: 0x40,
    KeyEncipherment: 0x20,
    DataEncipherment: 0x10,
    KeyAgreement: 0x8,
    KeyCertSign: 0x4,
    CrlSign: 0x2,
    EncipherOnly: 0x1,
    DecipherOnly: 0x8000,
}

X509.ExtendKeyUsages  = {
    ServerAuth: "1.3.6.1.5.5.7.3.1",
    ClientAuth: "1.3.6.1.5.5.7.3.2",
    CodeSigning: "1.3.6.1.5.5.7.3.3",
    EmailProtection: "1.3.6.1.5.5.7.3.4",
    IpsecEndSystem: "1.3.6.1.5.5.7.3.5",
    IpsecTunnel: "1.3.6.1.5.5.7.3.6",
    IpsecUser: "1.3.6.1.5.5.7.3.7",
    TimeStamping: "1.3.6.1.5.5.7.3.8",
    OCSPSigning: "1.3.6.1.5.5.7.3.9",
    Wireless: "1.3.6.1.5.5.7.3.19",
}

生成密钥对

使用指定的算法和参数，生成非对称加密密钥对。

X509.keypair(
    algorithmType: String, 
    algorithmParameters: String | Integer
) : Promise<KeyPair>

const response = await X509.keypair('ECC')

console.log(response)

构造X509Name

用于构造使用者(subject)或颁发者(issuer)信息，commonName是必须的。

方法

X509.X509Name(commonName: String) : X509Name

示例

const subject = X509.X509Name('name.com');

//extend field
subject.org('orgname')
    .org_unit('Unit')
    .email('[email protected]')
    .state('State')
    .country('CN')
    .location('City');

构造SubjectAltNames

构造SAN信息，用于签发多域名证书。

方法

X509.SubjectAltNames(values: Array = []) : SubjectAltNames

示例

const subjectAltNames = X509
    .SubjectAltNames()
    .add('name.com')
    .add('*.name.com')
    .add(['*.loc.name.com', '*.sev.name.com'])

const subjectAltNames = X509.SubjectAltNames(['*.loc.name.com', '*.sev.name.com'])

const subjectAltNames = X509.SubjectAltNames(['*.loc.name.com', '*.sev.name.com'])
    .add('*.name.com')

构造证书签发信息

构造证书前发信息，默认不签发为CA证书，证书有效期365天，可自行设置。

方法

X509.X509CertificateInfo(
    subject: X509Name | null, 
    subjectAltNames: SubjectAltNames | null
) : X509CertificateInfo

示例

const certificateInfo = X509.X509CertificateInfo(subject, subjectAltNames)
    .isCa(false)
    .days(90);

生成CSR

使用指定算法和参数生成证书签发请求(CSR)，至少要提供subject，可提供subjectAltNames。

方法

X509.csr(
    algorithmType: String, 
    algorithmParameters: String | Integer, 
    subject: X509Name, 
    subjectAltNames: SubjectAltNames | null
) : Promise<CSRResponse>

示例

//CSR with CommonName only
const subject = X509.X509Name('name.com');
const response = await X509.csr('ECC', 'P-384', subject, null)

console.log(response)


//CSR with CommonName, SAN and other fields

const subjectAltNames = X509.SubjectAltNames();
subjectAltNames.add('name.com')
    .add('*.name.com')
    .add(['*.loc.name.com', '*.sev.name.com'])

const response = await X509.csr('ECC', 'P-384', subject, subjectAltNames)

console.log(response)

自签名证书

使用指定算法和参数生成签发自签名证书(Self-Signed-Certificate)。

方法

X509.selfSignedCertificate(
    algorithmType: String, 
    algorithmParameters: String | Integer, 
    x509CertificateInfo: X509CertificateInfo
): Promise<SignResponse>

示例

const certificateInfo = X509.X509CertificateInfo(subject, subjectAltNames)
    .isCa(false)  //设置为true可签发为CA证书，CA证书可以对其他CSR或公钥进行签发
    .days(days)

const response = await X509.selfSignedCertificate('ECC', 'P-384', certificateInfo)

console.log(response)

颁发证书

使用CA证书和CA私钥，对CSR或者公钥进行签发。

方法

X509.issue(
    csrOrPublicKey: String, 
    x509CertificateInfo: X509CertificateInfo,
    caCertificate: String, 
    caPrivateKey: String
): Promise<IssueResponse>

csrOrPublicKey/caCertificate/caPrivateKey 值均为PEM格式：

-----BEGIN xxxx-----
内容
-----END xxxx-----

csrOrPublicKey支持csr或publicKey

csrOrPublicKey为publicKey时，x509CertificateInfo需要提供subject

csrOrPublicKey为csr时，x509CertificateInfo自动从csr获取subject,subjectAltNames以及publicKey

示例

const certificateInfo = X509.X509CertificateInfo()
    .isCa(false)
    .days(days)

const response = await X509.issue(csr, certificateInfo, caCertificate, caPrivateKey)

console.log(response)

常用对象

KeyPair {
    private_key: string,
    public_key: string
}

X509Name {
    org(org:string) : X509Name,
    org_unit(unit:string) : X509Name,
    country(countryCode:string) : X509Name,
    state(stateName:string) : X509Name,
    location(locationName:string) : X509Name,
    street(streetName:string) : X509Name,
    email(emailAddress:string) : X509Name,
    all(): Object
}

SubjectAltNames {
    add(name: string): SubjectAltNames,
    clear(): SubjectAltNames,
    isEmpty(): Boolean,
    all(): Object
}

CSRResponse {
    csr: sring,
    private_key: sring,
    public_key: sring,
}

X509CertificateInfo {
    isCa(value: Boolean | undefined): X509CertificateInfo | Boolean,
    serialNumber(value: Array | Uint8Array | undefined): X509CertificateInfo | Array,
    keyUsage(value: KeyUsage | undefined): X509CertificateInfo | KeyUsage,
    extendedKeyUsage(value: Array | undefined): X509CertificateInfo | Array,
    days(value: Integer | undefined): X509CertificateInfo | Integer,
    subject: X509Name | null,
    subjectAltNames: SubjectAltNames | null
}

SignResponse {
    cer: sring,
    private_key: sring,
    public_key: sring,
}

IssueResponse {
    cer: sring
}

Name		Name	Last commit message	Last commit date
Latest commit History 30 Commits
dist		dist
src		src
.eslintignore		.eslintignore
.eslintrc.js		.eslintrc.js
.gitignore		.gitignore
CNAME		CNAME
README.md		README.md
package-lock.json		package-lock.json
package.json		package.json
webpack.config.js		webpack.config.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

开始

支持算法

枚举

生成密钥对

构造X509Name

方法

示例

构造SubjectAltNames

方法

示例

构造证书签发信息

方法

示例

生成CSR

方法

示例

自签名证书

方法

示例

颁发证书

方法

示例

常用对象

About

Releases

Packages

Languages

sometiny/x509js

Folders and files

Latest commit

History

Repository files navigation

开始

支持算法

枚举

生成密钥对

构造X509Name

方法

示例

构造SubjectAltNames

方法

示例

构造证书签发信息

方法

示例

生成CSR

方法

示例

自签名证书

方法

示例

颁发证书

方法

示例

常用对象

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages