Class KEYUTIL
class for RSA/ECC/DSA key utility
Defined in: keyutil-1.0.js.
| Constructor Attributes | Constructor Name and Description |
|---|---|
|
KEYUTIL()
KEYUTIL class is an update of former PKCS5PKEY class. |
| Field Attributes | Field Name and Description |
|---|---|
| <static> |
KEYUTIL.version
decrypt private key by shared key
version string of KEYUTIL class
|
| Method Attributes | Method Name and Description |
|---|---|
| <static> |
KEYUTIL.generateKeypair(alg, keylenOrCurve)
This method generates a key pair of public key algorithm.
|
| <static> |
KEYUTIL.getDecryptedKeyHex(sEncryptedPEM, passcode)
decrypt PEM formatted protected PKCS#5 private key with passcode
|
| <static> |
KEYUTIL.getDKFromPBES2Param(pPBES2, passcode)
get derived key from PBES2 parameters and passcode
This method derives a key from a passcode and a PBES2 parameter by
KEYUTIL.parsePBES2.
|
| <static> |
KEYUTIL.getJWK(keyinfo, nokid, nox5c, nox5t, nox5t2)
convert from certificate, public/private key object to RFC 7517 JSON Web Key(JWK)
This static method provides RFC 7517 JSON Web Key(JWK) JSON object from following argument types:
|
| <static> |
KEYUTIL.getJWKFromKey()
convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK) (DEPRECATED)
This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK) |
| <static> |
KEYUTIL.getKey(param, passcode, hextype)
get private or public key object from any arguments
This method gets private or public key object(RSAKey, KJUR.crypto.DSA or KJUR.crypto.ECDSA)
for RSA, DSA and ECC.
|
| <static> |
KEYUTIL.getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, hexadecimal)
the same function as OpenSSL EVP_BytsToKey to generate shared key and IV
|
| <static> |
KEYUTIL.getKeyFromCSRHex(csrHex)
get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
|
| <static> |
KEYUTIL.getKeyFromCSRPEM(csrPEM)
get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
|
| <static> |
KEYUTIL.getKeyFromEncryptedPKCS8PEM(pkcs8PEM, passcode)
get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key
|
| <static> |
KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex)
get RSAKey/DSA/ECDSA private key object from HEX plain PEM PKCS#8 private key
|
| <static> |
KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(pkcs8PEM)
get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key
|
| <static> |
KEYUTIL.getKeyID(obj)
get key ID by public key object for subject or authority key identifier
This static method generates a key identifier from a public key
by the method described in
RFC 5280 4.2.1.2.
|
| <static> |
KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode)
generate PBKDF2 key hexstring with specified passcode and information (DEPRECATED)
As for info, this uses following properties:
|
| <static> |
KEYUTIL.getPEM(keyObjOrHex, formatType, passwd, encAlg, hexType, ivsaltHex)
get PEM formatted private or public key file from a RSA/ECDSA/DSA key object
|
| <static> |
KEYUTIL.getPlainHexFromEncryptedPKCS8PEM(pkcs8PEM, passcode)
get plaintext hexadecimal PKCS#8 private key from encrypted PKCS#8 PEM private key
This will get a plaintext hexadecimal PKCS#8 private key from a
encrypted PKCS#8 PEM private key.
|
| <static> |
KEYUTIL.parseCSRHex(csrHex)
parse hexadecimal string of PKCS#10 CSR (certificate signing request)
Resulted associative array has following properties:
|
| <static> |
KEYUTIL.parseHexOfEncryptedPKCS8(passcode)
generate PBKDF2 key hexstring with specified passcode and information (DEPRECATED)
The associative array which is returned by this method has following properties:
|
| <static> |
KEYUTIL.parsePBES2(hP8Prv)
parse ASN.1 hexadecimal encrypted PKCS#8 private key and return as JSON
This method parses ASN.1 hexadecimal encrypted PKCS#8 private key and returns as
JSON object based on
RFC 8018.
|
| <static> |
KEYUTIL.parsePKCS5PEM(sEncryptedPEM)
parse PEM formatted passcode protected PKCS#5 private key
Resulted hash has following attributes.
|
| <static> |
KEYUTIL.parsePlainPrivatePKCS8Hex(pkcs8PrvHex)
parse hexadecimal string of plain PKCS#8 private key
Resulted associative array has following properties:
|
| <static> |
KEYUTIL.parsePublicPKCS8Hex(pkcs8PubHex)
parse hexadecimal string of PKCS#8 RSA/EC/DSA public key
Resulted hash has following attributes.
|
| <static> |
KEYUTIL.parsePublicRawRSAKeyHex(pubRawRSAHex)
parse hexadecimal string of plain PKCS#8 private key
Resulted associative array has following properties:
|
Class Detail
KEYUTIL()
KEYUTIL class is an update of former PKCS5PKEY class. KEYUTIL class has following features:
- key loading - KEYUTIL.getKey
-
- supports RSAKey and KJUR.crypto.{ECDSA,DSA} key object
- supports private key and public key
- supports encrypted and plain private key
- supports PKCS#1, PKCS#5 and PKCS#8 key
- supports public key in X.509 certificate
- key represented by JSON object
NOTE2: Encrypted PKCS#5 supports DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC
- exporting key - KEYUTIL.getPEM
-
KEYUTIL.getPEM method supports following formats:
- supports RSA/EC/DSA keys
- PKCS#1 plain RSA/EC/DSA private key
- PKCS#5 encrypted RSA/EC/DSA private key with DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC
- PKCS#8 plain RSA/EC/DSA private key
- PKCS#8 encrypted RSA/EC/DSA private key with PBKDF2_HmacSHA1_3DES
- keypair generation - KEYUTIL.generateKeypair
- generate key pair of RSAKey or KJUR.crypto.ECDSA.
- generate private key and convert it to PKCS#5 encrypted private key.
// 1. loading PEM private key var key = KEYUTIL.getKey(pemPKCS1PrivateKey); var key = KEYUTIL.getKey(pemPKCS5EncryptedPrivateKey, "passcode"); var key = KEYUTIL.getKey(pemPKCS5PlainRsaDssEcPrivateKey); var key = KEYUTIL.getKey(pemPKC85PlainPrivateKey); var key = KEYUTIL.getKey(pemPKC85EncryptedPrivateKey, "passcode"); // 2. loading PEM public key var key = KEYUTIL.getKey(pemPKCS8PublicKey); var key = KEYUTIL.getKey(pemX509Certificate); // 3. exporting private key var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS1PRV"); var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS5PRV", "passcode"); // DES-EDE3-CBC by default var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS5PRV", "passcode", "DES-CBC"); var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS8PRV"); var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS8PRV", "passcode"); // 4. exporting public key var pem = KEYUTIL.getPEM(publicKeyObj);
Field Detail
<static>
KEYUTIL.version
decrypt private key by shared key
version string of KEYUTIL class
Method Detail
<static>
{Array}
KEYUTIL.generateKeypair(alg, keylenOrCurve)
This method generates a key pair of public key algorithm.
The result will be an associative array which has following
parameters:
- prvKeyObj - RSAKey or ECDSA object of private key
- pubKeyObj - RSAKey or ECDSA object of public key
var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024);
var ecKeypair = KEYUTIL.generateKeypair("EC", "secp256r1");
- Parameters:
- {String} alg
- 'RSA' or 'EC'
- {Object} keylenOrCurve
- key length for RSA or curve name for EC
- Since:
- keyutil 1.0.1
- Returns:
- {Array} associative array of keypair which has prvKeyObj and pubKeyObj parameters
<static>
{String}
KEYUTIL.getDecryptedKeyHex(sEncryptedPEM, passcode)
decrypt PEM formatted protected PKCS#5 private key with passcode
- Parameters:
- {String} sEncryptedPEM
- PEM formatted protected passcode protected PKCS#5 private key
- {String} passcode
- passcode to decrypt private key (ex. 'password')
- Returns:
- {String} hexadecimal string of decrypted RSA priavte key
<static>
{string}
KEYUTIL.getDKFromPBES2Param(pPBES2, passcode)
get derived key from PBES2 parameters and passcode
This method derives a key from a passcode and a PBES2 parameter by
KEYUTIL.parsePBES2.
Currently following algorithms are supported:
- prf(psudorandom function) - hmacWithSHA1,SHA224,SHA256,SHA384,SHA512
- encryptionScheme - des-EDE3-CBC,aes128-CBC,aes256-CBC
pPBES2 = {
"prf": "hmacWithSHA256",
"salt": "1234567890abcdef",
"iter": 2048,
"encalg": "aes256-CBC",
"enciv": "12ab...",
"enc": "34cd..."
}
KEYUTIL.getDKFromPBES2Param(pPBES2, "passwd") → "3ab10fd..."
- Parameters:
- {object} pPBES2
- parsed PBES2 parameter by KEYUTIL.parsePBES2 method
- {string} passcode
- password to derive the key
- Since:
- jsrsasign 10.9.0 keyutil 1.3.0
- Returns:
- {string} hexadecimal string of derived key
- See:
- KEYUTIL.parsePBES2
<static>
{Object}
KEYUTIL.getJWK(keyinfo, nokid, nox5c, nox5t, nox5t2)
convert from certificate, public/private key object to RFC 7517 JSON Web Key(JWK)
This static method provides RFC 7517 JSON Web Key(JWK) JSON object from following argument types:
This static method provides RFC 7517 JSON Web Key(JWK) JSON object from following argument types:
-
JWK private key
- RSAKey or KJUR.crypto.{ECDSA,DSA} private key object
- PKCS#5 or PKCS#8 plain PEM private key
-
JWK public key
- RSAKey or KJUR.crypto.{ECDSA,DSA} public key object
- PKCS#5 or PKCS#8 PEM public key
- X509 certificate object
- PEM certificate
kp1 = KEYUTIL.generateKeypair("EC", "P-256");
jwkPrv1 = KEYUTIL.getJWK(kp1.prvKeyObj);
jwkPub1 = KEYUTIL.getJWK(kp1.pubKeyObj);
kp2 = KEYUTIL.generateKeypair("RSA", 2048);
jwkPrv2 = KEYUTIL.getJWK(kp2.prvKeyObj);
jwkPub2 = KEYUTIL.getJWK(kp2.pubKeyObj);
// from PEM certificate
KEYUTIL.getJWK("-----BEGIN CERTIFICATE...") →
{
kty: "EC", crv: "P-521", x: "...", y: "...",
x5c: ["MI..."],
x5t: "...",
"x5t#S256": "...",
kid: "..."
}
// from X509 object
x509obj = new X509("-----BEGIN CERTIFICATE...");
KEYUTIL.getJWK(x509obj) →
{
kty: "EC", crv: "P-521", x: "...", y: "...",
...
}
// from PEM certificate without kid, x5t and x5t#S256 (i.e. only x5c)
KEYUTIL.getJWK("-----BEGIN CERTIFICATE...", true, false, true, true) →
{
kty: "EC", crv: "P-521", x: "...", y: "...",
x5c: ["MI..."]
}
- Parameters:
- {Object or string} keyinfo
- public/private key object, PEM key or PEM certificate
- {boolean} nokid
- set true if you don't need kid (OPTION, DEFAULT=undefined)
- {boolean} nox5c
- set true if you don't need x5c of certificate (OPTION, DEFAULT=undefined)
- {boolean} nox5t
- set true if you don't need x5t of certificate (OPTION, DEFAULT=undefined)
- {boolean} nox5t2
- set true if you don't need x5c#S256 of certificate (OPTION, DEFAULT=undefined)
- Since:
- keyutil 1.2.5 jsrsasign 10.5.1
- Returns:
- {Object} JWK object
<static>
{Object}
KEYUTIL.getJWKFromKey()
convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK) (DEPRECATED)
This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK)
This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK)
kp1 = KEYUTIL.generateKeypair("EC", "P-256");
jwkPrv1 = KEYUTIL.getJWKFromKey(kp1.prvKeyObj);
jwkPub1 = KEYUTIL.getJWKFromKey(kp1.pubKeyObj);
kp2 = KEYUTIL.generateKeypair("RSA", 2048);
jwkPrv2 = KEYUTIL.getJWKFromKey(kp2.prvKeyObj);
jwkPub2 = KEYUTIL.getJWKFromKey(kp2.pubKeyObj);
// if you need RFC 7638 JWK thumprint as kid do like this:
jwkPub2.kid = KJUR.jws.JWS.getJWKthumbprint(jwkPub2);
- Parameters:
- {Object} RSAKey/KJUR.crypto.ECDSA
- public/private key object
- Deprecated:
- since jsrsasign 10.5.1 keyutil 1.2.5 please use getJWK method
- Since:
- keyutil 1.0.13 jsrsasign 5.0.14
- Returns:
- {Object} JWK object
- See:
- KEYUTIL.getJWK
<static>
{Object}
KEYUTIL.getKey(param, passcode, hextype)
get private or public key object from any arguments
This method gets private or public key object(RSAKey, KJUR.crypto.DSA or KJUR.crypto.ECDSA)
for RSA, DSA and ECC.
Arguments for this methods depends on a key format you specify.
Following key representations are supported.
NOTE2: X509v1 support is added since jsrsasign 5.0.11.
- ECC private/public key object(as is): param=KJUR.crypto.ECDSA
- DSA private/public key object(as is): param=KJUR.crypto.DSA
- RSA private/public key object(as is): param=RSAKey
- ECC private key parameters: param={d: d, curve: curveName}
- RSA private key parameters: param={n: n, e: e, d: d, p: p, q: q, dp: dp, dq: dq, co: co}
NOTE: Each value shall be hexadecimal string of key spec. - DSA private key parameters: param={p: p, q: q, g: g, y: y, x: x}
NOTE: Each value shall be hexadecimal string of key spec. - ECC public key parameters: param={xy: xy, curve: curveName}
NOTE: ECC public key 'xy' shall be concatination of "04", x-bytes-hex and y-bytes-hex. - DSA public key parameters: param={p: p, q: q, g: g, y: y}
NOTE: Each value shall be hexadecimal string of key spec. - RSA public key parameters: param={n: n, e: e}
- X.509v1/v3 PEM certificate (RSA/DSA/ECC): param=pemString
- PKCS#8 hexadecimal RSA/ECC public key: param=pemString, null, "pkcs8pub"
- PKCS#8 PEM RSA/DSA/ECC public key: param=pemString
- PKCS#5 plain hexadecimal RSA private key: param=hexString, null, "pkcs5prv"
- PKCS#5 plain PEM RSA/DSA/EC private key: param=pemString
- PKCS#8 plain PEM RSA/EC private key: param=pemString
- PKCS#5 encrypted PEM RSA/DSA/EC private key: param=pemString, passcode
- PKCS#8 encrypted PEM RSA/EC private key: param=pemString, passcode
- Encrypted PKCS#8 only supports PBKDF2/HmacSHA1/3DES
- Encrypted PKCS#5 supports DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC
- JWT plain ECC private/public key
- JWT plain RSA public key
- JWT plain RSA private key with P/Q/DP/DQ/COEFF
- JWT plain RSA private key without P/Q/DP/DQ/COEFF (since jsrsasign 5.0.0)
NOTE2: X509v1 support is added since jsrsasign 5.0.11.
EXAMPLE
// 1. loading private key from PEM string
keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY...");
keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY..., "passcode");
keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...");
keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...", "passcode");
keyObj = KEYUTIL.getKey("-----BEGIN EC PARAMETERS...-----BEGIN EC PRIVATE KEY...");
// 2. loading public key from PEM string
keyObj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
keyObj = KEYUTIL.getKey("-----BEGIN X509 CERTIFICATE...");
// 3. loading hexadecimal PKCS#5/PKCS#8 key
keyObj = KEYUTIL.getKey("308205c1...", null, "pkcs8pub");
keyObj = KEYUTIL.getKey("3082048b...", null, "pkcs5prv");
// 4. loading JSON Web Key(JWK)
keyObj = KEYUTIL.getKey({kty: "RSA", n: "0vx7...", e: "AQAB"});
keyObj = KEYUTIL.getKey({kty: "EC", crv: "P-256",
x: "MKBC...", y: "4Etl6...", d: "870Mb..."});
// 5. bare hexadecimal key
keyObj = KEYUTIL.getKey({n: "75ab..", e: "010001"});
- Parameters:
- {Object} param
- parameter to get key object. see description in detail.
- {String} passcode
- (OPTION) parameter to get key object. see description in detail.
- {String} hextype
- (OPTOIN) parameter to get key object. see description in detail.
- Since:
- keyutil 1.0.0
- Returns:
- {Object} RSAKey, KJUR.crypto.ECDSA or KJUR.crypto.ECDSA object
<static>
{Hash}
KEYUTIL.getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, hexadecimal)
the same function as OpenSSL EVP_BytsToKey to generate shared key and IV
- Parameters:
- {String} algName
- name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
- {String} passcode
- passcode to decrypt private key (ex. 'password')
- {String} hexadecimal
- string of IV. heading 8 bytes will be used for passcode salt
- Returns:
- {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..})
<static>
{Object}
KEYUTIL.getKeyFromCSRHex(csrHex)
get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
- Parameters:
- {String} csrHex
- hexadecimal string of PKCS#10 CSR
- Since:
- keyutil 1.0.5
- Returns:
- {Object} RSAKey/DSA/ECDSA public key object
<static>
{Object}
KEYUTIL.getKeyFromCSRPEM(csrPEM)
get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
- Parameters:
- {String} csrPEM
- PEM formatted PKCS#10 CSR string
- Since:
- keyutil 1.0.5
- Returns:
- {Object} RSAKey/DSA/ECDSA public key object
<static>
{Object}
KEYUTIL.getKeyFromEncryptedPKCS8PEM(pkcs8PEM, passcode)
get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key
- Parameters:
- {String} pkcs8PEM
- string of PEM formatted PKCS#8 private key
- {String} passcode
- passcode string to decrypt key
- Since:
- pkcs5pkey 1.0.5
- Returns:
- {Object} RSAKey or KJUR.crypto.ECDSA private key object
<static>
{Object}
KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex)
get RSAKey/DSA/ECDSA private key object from HEX plain PEM PKCS#8 private key
- Parameters:
- {String} prvKeyHex
- hexadecimal string of plain PKCS#8 private key
- Since:
- pkcs5pkey 1.0.5
- Returns:
- {Object} RSAKey or KJUR.crypto.{DSA,ECDSA} private key object
<static>
{Object}
KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(pkcs8PEM)
get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key
- Parameters:
- {String} pkcs8PEM
- string of plain PEM formatted PKCS#8 private key
- Since:
- pkcs5pkey 1.0.5
- Returns:
- {Object} RSAKey or KJUR.crypto.ECDSA private key object
<static>
KEYUTIL.getKeyID(obj)
get key ID by public key object for subject or authority key identifier
This static method generates a key identifier from a public key
by the method described in
RFC 5280 4.2.1.2. Subject Key Identifier (1).
pubkeyobj = KEYUTIL.getKey(...); KEYTUTIL.getKey(pubkeyobj) → "a612..."
- Parameters:
- {Object} obj
- RSAKey/KJUR.crypto.ECDSA,DSA public key object or public key PEM string
- Since:
- keyutil 1.2.2 jsrsasign 5.0.16
- Returns:
- hexadecimal string of public key identifier
<static>
{String}
KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode)
generate PBKDF2 key hexstring with specified passcode and information (DEPRECATED)
As for info, this uses following properties:
- info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
- info.pkbdf2Iter - iteration count
- keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
- encryptionScheme = des-EDE3-CBC(i.e. TripleDES
// to convert plain PKCS#5 private key to encrypted PKCS#8 private // key with PBKDF2 with TripleDES % openssl pkcs8 -in plain_p5.pem -topk8 -v2 des3 -out encrypted_p8.pem
- Parameters:
- {Array} info
- result of parseHexOfEncryptedPKCS8 which has preference of PKCS#8 file
- {String} passcode
- passcode to decrypto private key
- Deprecated:
- since jsrsasign 10.9.0 keyutil 1.3.0. Use KEYUTIL.getDKFromPBES2Param instead.
- Since:
- pkcs5pkey 1.0.3
- Returns:
- {String} hexadecimal string of PBKDF2 key
<static>
KEYUTIL.getPEM(keyObjOrHex, formatType, passwd, encAlg, hexType, ivsaltHex)
get PEM formatted private or public key file from a RSA/ECDSA/DSA key object
- NOTE1:
- PKCS#5 encrypted private key protection algorithm supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
- NOTE2:
- OpenSSL supports
- NOTE3:
- Parameter "ivsaltHex" supported since jsrsasign 8.0.0 keyutil 1.2.0.
KEUUTIL.getPEM(publicKey) → generates PEM PKCS#8 public key
KEUUTIL.getPEM(privateKey) → generates PEM PKCS#8 plain private key by default
KEUUTIL.getPEM(privateKey, "PKCS1PRV") → generates PEM PKCS#1 plain private key
KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass") → generates PEM PKCS#5 encrypted private key
with DES-EDE3-CBC (DEFAULT)
KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass", "DES-CBC") → generates PEM PKCS#5 encrypted
private key with DES-CBC
KEUUTIL.getPEM(privateKey, "PKCS8PRV") → generates PEM PKCS#8 plain private key
KEUUTIL.getPEM(privateKey, "PKCS8PRV", "pass") → generates PEM PKCS#8 encrypted private key
with PBKDF2_HmacSHA1_3DES
- Parameters:
- {Object} keyObjOrHex
- key object RSAKey, KJUR.crypto.ECDSA or KJUR.crypto.DSA to encode to
- {String} formatType
- (OPTION) output format type of "PKCS1PRV", "PKCS5PRV" or "PKCS8PRV" for private key
- {String} passwd
- (OPTION) password to protect private key
- {String} encAlg
- (OPTION) encryption algorithm for PKCS#5. currently supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
- {String} hexType
- (OPTION) type of hex string (ex. pkcs5prv, pkcs8prv)
- {String} ivsaltHex
- hexadecimal string of IV and salt (default generated random IV)
- Since:
- keyutil 1.0.4
<static>
{string}
KEYUTIL.getPlainHexFromEncryptedPKCS8PEM(pkcs8PEM, passcode)
get plaintext hexadecimal PKCS#8 private key from encrypted PKCS#8 PEM private key
This will get a plaintext hexadecimal PKCS#8 private key from a
encrypted PKCS#8 PEM private key.
Currently following algorithms are supported:
- prf(psudorandom function) - hmacWithSHA1,SHA224,SHA256,SHA384,SHA512
- encryptionScheme - des-EDE3-CBC,aes128-CBC,aes256-CBC
pem = "-----BEGIN ENCRYPTED PRIVATE KEY..."; KEYUTIL.getPlainHexFromEncryptedPKCS8PEM(pem, "passwd") → "3082..."
- Parameters:
- {string} pkcs8PEM
- PEM string of encrypted PKCS#8 private key
- {string} passcode
- passcode to decrypt the private key
- Since:
- jsrsasign 10.9.0 keyutil 1.3.0
- Returns:
- {string} hexadecimal string of decrypted plaintext PKCS#8 private key
- See:
- KEYUTIL.parsePBES2
<static>
{Array}
KEYUTIL.parseCSRHex(csrHex)
parse hexadecimal string of PKCS#10 CSR (certificate signing request)
Resulted associative array has following properties:
- p8pubkeyhex - hexadecimal string of subject public key in PKCS#8
- Parameters:
- {String} csrHex
- hexadecimal string of PKCS#10 CSR
- Since:
- keyutil 1.0.5
- Returns:
- {Array} associative array of parsed CSR
<static>
{Array}
KEYUTIL.parseHexOfEncryptedPKCS8(passcode)
generate PBKDF2 key hexstring with specified passcode and information (DEPRECATED)
The associative array which is returned by this method has following properties:
- info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
- info.pkbdf2Iter - iteration count
- info.ciphertext - hexadecimal string of encrypted private key
- info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)
- info.encryptionSchemeIV - initial vector for encryption algorithm
- keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
- encryptionScheme = des-EDE3-CBC(i.e. TripleDES
// to convert plain PKCS#5 private key to encrypted PKCS#8 private // key with PBKDF2 with TripleDES % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
- Parameters:
- {String} passcode
- passcode to decrypto private key
- Deprecated:
- since jsrsasign 10.9.0 keyutil 1.3.0. Use KEYUTIL.parsePBES2 instead.
- Since:
- pkcs5pkey 1.0.3
- Returns:
- {Array} info associative array of PKCS#8 parameters
<static>
{object}
KEYUTIL.parsePBES2(hP8Prv)
parse ASN.1 hexadecimal encrypted PKCS#8 private key and return as JSON
This method parses ASN.1 hexadecimal encrypted PKCS#8 private key and returns as
JSON object based on
RFC 8018.
Currently following algorithms are supported:
- prf(psudorandom function) - hmacWithSHA1,SHA224,SHA256,SHA384,SHA512
- encryptionScheme - des-EDE3-CBC,aes128-CBC,aes256-CBC
KEYUTIL.parsePBES2("3082...") →
{
"prf": "hmacWithSHA256",
"salt": "1234567890abcdef",
"iter": 2048,
"encalg": "aes256-CBC",
"enciv": "12ab...",
"enc": "34cd..."
}
// to convert plain PKCS#5 private key to encrypted PKCS#8 private
// key with PBKDF2 with TripleDES
% openssl pkcs8 -in plain_p5.pem -topk8 -v2 des3 -out encrypted_p8.pem
- Parameters:
- {string} hP8Prv
- hexadecimal encrypted PKCS#8 private key
- Since:
- jsrsasign 10.9.0 keyutil 1.3.0
- Returns:
- {object} parsed PBES2 parameters JSON object
<static>
{Hash}
KEYUTIL.parsePKCS5PEM(sEncryptedPEM)
parse PEM formatted passcode protected PKCS#5 private key
Resulted hash has following attributes.
- cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')
- ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.
- type - asymmetric key algorithm name of private key described in PEM header.
- data - base64 encoded encrypted private key.
- Parameters:
- {String} sEncryptedPEM
- PEM formatted protected passcode protected PKCS#5 private key
- Returns:
- {Hash} hash of key information
<static>
{Array}
KEYUTIL.parsePlainPrivatePKCS8Hex(pkcs8PrvHex)
parse hexadecimal string of plain PKCS#8 private key
Resulted associative array has following properties:
- algoid - hexadecimal string of OID of asymmetric key algorithm
- algparam - hexadecimal string of OID of ECC curve name or null
- keyidx - string starting index of key in pkcs8PrvHex
- Parameters:
- {String} pkcs8PrvHex
- hexadecimal string of PKCS#8 plain private key
- Since:
- pkcs5pkey 1.0.5
- Returns:
- {Array} associative array of parsed key
<static>
{Hash}
KEYUTIL.parsePublicPKCS8Hex(pkcs8PubHex)
parse hexadecimal string of PKCS#8 RSA/EC/DSA public key
Resulted hash has following attributes.
- algoid - hexadecimal string of OID of asymmetric key algorithm
- algparam - hexadecimal string of OID of ECC curve name, parameter SEQUENCE of DSA or null
- key - hexadecimal string of public key
- Parameters:
- {String} pkcs8PubHex
- hexadecimal string of PKCS#8 public key
- Returns:
- {Hash} hash of key information
<static>
{Array}
KEYUTIL.parsePublicRawRSAKeyHex(pubRawRSAHex)
parse hexadecimal string of plain PKCS#8 private key
Resulted associative array has following properties:
- n - hexadecimal string of public key
- e - hexadecimal string of public exponent
- Parameters:
- {String} pubRawRSAHex
- hexadecimal string of ASN.1 encoded PKCS#8 public key
- Since:
- pkcs5pkey 1.0.5
- Returns:
- {Array} associative array of parsed key