Class Index | File Index

Classes


Class KEYUTIL

class for RSA/ECC/DSA key utility
Defined in: keyutil-1.0.js.

Class Summary
Constructor Attributes Constructor Name and Description
 

KEYUTIL class is an update of former PKCS5PKEY class.
Field Summary
Field Attributes Field Name and Description
<static>  
KEYUTIL.version
decrypt private key by shared key version string of KEYUTIL class
Method Summary
Method Attributes Method Name and Description
<static>  
KEYUTIL.generateKeypair(alg, keylenOrCurve)
This method generates a key pair of public key algorithm.
<static>  
KEYUTIL.getDecryptedKeyHex(sEncryptedPEM, passcode)
decrypt PEM formatted protected PKCS#5 private key with passcode
<static>  
KEYUTIL.getJWKFromKey()
convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK) This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK)
<static>  
KEYUTIL.getKey(param, passcode, hextype)
get private or public key object from any arguments This method gets private or public key object(RSAKey, KJUR.crypto.DSA or KJUR.crypto.ECDSA) for RSA, DSA and ECC.
<static>  
KEYUTIL.getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, hexadecimal)
the same function as OpenSSL EVP_BytsToKey to generate shared key and IV
<static>  
KEYUTIL.getKeyFromCSRHex(csrHex)
get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
<static>  
KEYUTIL.getKeyFromCSRPEM(csrPEM)
get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
<static>  
KEYUTIL.getKeyFromEncryptedPKCS8PEM(pkcs8PEM, passcode)
get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key
<static>  
KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex)
get RSAKey/DSA/ECDSA private key object from HEX plain PEM PKCS#8 private key
<static>  
get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key
<static>  
KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode)
generate PBKDF2 key hexstring with specified passcode and information As for info, this uses following properties:
  • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
  • info.pkbdf2Iter - iteration count
Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
<static>  
KEYUTIL.getPEM(keyObjOrHex, formatType, passwd, encAlg, hexType, ivsaltHex)
get PEM formatted private or public key file from a RSA/ECDSA/DSA key object
NOTE1:
PKCS#5 encrypted private key protection algorithm supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
NOTE2:
OpenSSL supports
NOTE3:
Parameter "ivsaltHex" supported since jsrsasign 8.0.0 keyutil 1.2.0.
<static>  
KEYUTIL.parseCSRHex(csrHex)
parse hexadecimal string of PKCS#10 CSR (certificate signing request) Resulted associative array has following properties:
  • p8pubkeyhex - hexadecimal string of subject public key in PKCS#8
<static>  
KEYUTIL.parseHexOfEncryptedPKCS8(passcode)
generate PBKDF2 key hexstring with specified passcode and information The associative array which is returned by this method has following properties:
  • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
  • info.pkbdf2Iter - iteration count
  • info.ciphertext - hexadecimal string of encrypted private key
  • info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)
  • info.encryptionSchemeIV - initial vector for encryption algorithm
Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
<static>  
KEYUTIL.parsePKCS5PEM(sEncryptedPEM)
parse PEM formatted passcode protected PKCS#5 private key Resulted hash has following attributes.
<static>  
KEYUTIL.parsePlainPrivatePKCS8Hex(pkcs8PrvHex)
parse hexadecimal string of plain PKCS#8 private key Resulted associative array has following properties:
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • algparam - hexadecimal string of OID of ECC curve name or null
  • keyidx - string starting index of key in pkcs8PrvHex
<static>  
KEYUTIL.parsePublicPKCS8Hex(pkcs8PubHex)
parse hexadecimal string of PKCS#8 RSA/EC/DSA public key Resulted hash has following attributes.
<static>  
KEYUTIL.parsePublicRawRSAKeyHex(pubRawRSAHex)
parse hexadecimal string of plain PKCS#8 private key Resulted associative array has following properties:
  • n - hexadecimal string of public key
  • e - hexadecimal string of public exponent
Class Detail
KEYUTIL()

KEYUTIL class is an update of former PKCS5PKEY class. KEYUTIL class has following features:
key loading - KEYUTIL.getKey
  • supports RSAKey and KJUR.crypto.{ECDSA,DSA} key object
  • supports private key and public key
  • supports encrypted and plain private key
  • supports PKCS#1, PKCS#5 and PKCS#8 key
  • supports public key in X.509 certificate
  • key represented by JSON object
NOTE1: Encrypted PKCS#8 only supports PBKDF2/HmacSHA1/3DES
NOTE2: Encrypted PKCS#5 supports DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC
exporting key - KEYUTIL.getPEM
KEYUTIL.getPEM method supports following formats:
  • supports RSA/EC/DSA keys
  • PKCS#1 plain RSA/EC/DSA private key
  • PKCS#5 encrypted RSA/EC/DSA private key with DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC
  • PKCS#8 plain RSA/EC/DSA private key
  • PKCS#8 encrypted RSA/EC/DSA private key with PBKDF2_HmacSHA1_3DES
keypair generation - KEYUTIL.generateKeypair
  • generate key pair of RSAKey or KJUR.crypto.ECDSA.
  • generate private key and convert it to PKCS#5 encrypted private key.
NOTE: KJUR.crypto.DSA is not yet supported.
// 1. loading PEM private key
var key = KEYUTIL.getKey(pemPKCS1PrivateKey);
var key = KEYUTIL.getKey(pemPKCS5EncryptedPrivateKey, "passcode");
var key = KEYUTIL.getKey(pemPKC85PlainPrivateKey);
var key = KEYUTIL.getKey(pemPKC85EncryptedPrivateKey, "passcode");
// 2. loading PEM public key
var key = KEYUTIL.getKey(pemPKCS8PublicKey);
var key = KEYUTIL.getKey(pemX509Certificate);
// 3. exporting private key
var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS1PRV");
var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS5PRV", "passcode"); // DES-EDE3-CBC by default
var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS5PRV", "passcode", "DES-CBC");
var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS8PRV");
var pem = KEYUTIL.getPEM(privateKeyObj, "PKCS8PRV", "passcode");
// 4. exporting public key
var pem = KEYUTIL.getPEM(publicKeyObj);
Field Detail
<static> KEYUTIL.version
decrypt private key by shared key version string of KEYUTIL class
Method Detail
<static> {Array} KEYUTIL.generateKeypair(alg, keylenOrCurve)
This method generates a key pair of public key algorithm. The result will be an associative array which has following parameters: NOTE1: As for RSA algoirthm, public exponent has fixed value '0x10001'. NOTE2: As for EC algorithm, supported names of curve are secp256r1, secp256k1 and secp384r1. NOTE3: DSA is not supported yet.
var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024);
var ecKeypair = KEYUTIL.generateKeypair("EC", "secp256r1");
Parameters:
{String} alg
'RSA' or 'EC'
{Object} keylenOrCurve
key length for RSA or curve name for EC
Since:
keyutil 1.0.1
Returns:
{Array} associative array of keypair which has prvKeyObj and pubKeyObj parameters

<static> {String} KEYUTIL.getDecryptedKeyHex(sEncryptedPEM, passcode)
decrypt PEM formatted protected PKCS#5 private key with passcode
Parameters:
{String} sEncryptedPEM
PEM formatted protected passcode protected PKCS#5 private key
{String} passcode
passcode to decrypt private key (ex. 'password')
Returns:
{String} hexadecimal string of decrypted RSA priavte key

<static> {Object} KEYUTIL.getJWKFromKey()
convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK) This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK)
kp1 = KEYUTIL.generateKeypair("EC", "P-256");
jwkPrv1 = KEYUTIL.getJWKFromKey(kp1.prvKeyObj);
jwkPub1 = KEYUTIL.getJWKFromKey(kp1.pubKeyObj);

kp2 = KEYUTIL.generateKeypair("RSA", 2048);
jwkPrv2 = KEYUTIL.getJWKFromKey(kp2.prvKeyObj);
jwkPub2 = KEYUTIL.getJWKFromKey(kp2.pubKeyObj);

// if you need RFC 7638 JWK thumprint as kid do like this:
jwkPub2.kid = KJUR.jws.JWS.getJWKthumbprint(jwkPub2);
Parameters:
{Object} RSAKey/KJUR.crypto.ECDSA
public/private key object
Since:
keyutil 1.0.13 jsrsasign 5.0.14
Returns:
{Object} JWK object

<static> {Object} KEYUTIL.getKey(param, passcode, hextype)
get private or public key object from any arguments This method gets private or public key object(RSAKey, KJUR.crypto.DSA or KJUR.crypto.ECDSA) for RSA, DSA and ECC. Arguments for this methods depends on a key format you specify. Following key representations are supported. Please note following limitation on encrypted keys: NOTE1: RFC 7517 JSON Web Key(JWK) support for RSA/ECC private/public key from jsrsasign 4.8.1.
NOTE2: X509v1 support is added since jsrsasign 5.0.11.
EXAMPLE
// 1. loading private key from PEM string
keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY...");
keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY..., "passcode");
keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...");
keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...", "passcode");
// 2. loading public key from PEM string
keyObj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
keyObj = KEYUTIL.getKey("-----BEGIN X509 CERTIFICATE...");
// 3. loading hexadecimal PKCS#5/PKCS#8 key
keyObj = KEYUTIL.getKey("308205c1...", null, "pkcs8pub");
keyObj = KEYUTIL.getKey("3082048b...", null, "pkcs5prv");
// 4. loading JSON Web Key(JWK)
keyObj = KEYUTIL.getKey({kty: "RSA", n: "0vx7...", e: "AQAB"});
keyObj = KEYUTIL.getKey({kty: "EC", crv: "P-256", 
                         x: "MKBC...", y: "4Etl6...", d: "870Mb..."});
// 5. bare hexadecimal key
keyObj = KEYUTIL.getKey({n: "75ab..", e: "010001"});
Parameters:
{Object} param
parameter to get key object. see description in detail.
{String} passcode
(OPTION) parameter to get key object. see description in detail.
{String} hextype
(OPTOIN) parameter to get key object. see description in detail.
Since:
keyutil 1.0.0
Returns:
{Object} RSAKey, KJUR.crypto.ECDSA or KJUR.crypto.ECDSA object

<static> {Hash} KEYUTIL.getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, hexadecimal)
the same function as OpenSSL EVP_BytsToKey to generate shared key and IV
Parameters:
{String} algName
name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
{String} passcode
passcode to decrypt private key (ex. 'password')
{String} hexadecimal
string of IV. heading 8 bytes will be used for passcode salt
Returns:
{Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..})

<static> {Object} KEYUTIL.getKeyFromCSRHex(csrHex)
get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
Parameters:
{String} csrHex
hexadecimal string of PKCS#10 CSR
Since:
keyutil 1.0.5
Returns:
{Object} RSAKey/DSA/ECDSA public key object

<static> {Object} KEYUTIL.getKeyFromCSRPEM(csrPEM)
get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
Parameters:
{String} csrPEM
PEM formatted PKCS#10 CSR string
Since:
keyutil 1.0.5
Returns:
{Object} RSAKey/DSA/ECDSA public key object

<static> {Object} KEYUTIL.getKeyFromEncryptedPKCS8PEM(pkcs8PEM, passcode)
get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key
Parameters:
{String} pkcs8PEM
string of PEM formatted PKCS#8 private key
{String} passcode
passcode string to decrypt key
Since:
pkcs5pkey 1.0.5
Returns:
{Object} RSAKey or KJUR.crypto.ECDSA private key object

<static> {Object} KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex)
get RSAKey/DSA/ECDSA private key object from HEX plain PEM PKCS#8 private key
Parameters:
{String} prvKeyHex
hexadecimal string of plain PKCS#8 private key
Since:
pkcs5pkey 1.0.5
Returns:
{Object} RSAKey or KJUR.crypto.{DSA,ECDSA} private key object

<static> {Object} KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(pkcs8PEM)
get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key
Parameters:
{String} pkcs8PEM
string of plain PEM formatted PKCS#8 private key
Since:
pkcs5pkey 1.0.5
Returns:
{Object} RSAKey or KJUR.crypto.ECDSA private key object

<static> {String} KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode)
generate PBKDF2 key hexstring with specified passcode and information As for info, this uses following properties: Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
// to convert plain PKCS#5 private key to encrypted PKCS#8 private
// key with PBKDF2 with TripleDES
% openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
Parameters:
{Array} info
result of parseHexOfEncryptedPKCS8 which has preference of PKCS#8 file
{String} passcode
passcode to decrypto private key
Since:
pkcs5pkey 1.0.3
Returns:
{String} hexadecimal string of PBKDF2 key

<static> KEYUTIL.getPEM(keyObjOrHex, formatType, passwd, encAlg, hexType, ivsaltHex)
get PEM formatted private or public key file from a RSA/ECDSA/DSA key object
NOTE1:
PKCS#5 encrypted private key protection algorithm supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
NOTE2:
OpenSSL supports
NOTE3:
Parameter "ivsaltHex" supported since jsrsasign 8.0.0 keyutil 1.2.0.
KEUUTIL.getPEM(publicKey) => generates PEM PKCS#8 public key 
KEUUTIL.getPEM(privateKey, "PKCS1PRV") => generates PEM PKCS#1 plain private key
KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass") => generates PEM PKCS#5 encrypted private key 
                                                         with DES-EDE3-CBC (DEFAULT)
KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass", "DES-CBC") => generates PEM PKCS#5 encrypted 
                                                                private key with DES-CBC
KEUUTIL.getPEM(privateKey, "PKCS8PRV") => generates PEM PKCS#8 plain private key
KEUUTIL.getPEM(privateKey, "PKCS8PRV", "pass") => generates PEM PKCS#8 encrypted private key
                                                     with PBKDF2_HmacSHA1_3DES
Parameters:
{Object} keyObjOrHex
key object RSAKey, KJUR.crypto.ECDSA or KJUR.crypto.DSA to encode to
{String} formatType
(OPTION) output format type of "PKCS1PRV", "PKCS5PRV" or "PKCS8PRV" for private key
{String} passwd
(OPTION) password to protect private key
{String} encAlg
(OPTION) encryption algorithm for PKCS#5. currently supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
{String} hexType
(OPTION) type of hex string (ex. pkcs5prv, pkcs8prv)
{String} ivsaltHex
hexadecimal string of IV and salt (default generated random IV)
Since:
keyutil 1.0.4

<static> {Array} KEYUTIL.parseCSRHex(csrHex)
parse hexadecimal string of PKCS#10 CSR (certificate signing request) Resulted associative array has following properties:
Parameters:
{String} csrHex
hexadecimal string of PKCS#10 CSR
Since:
keyutil 1.0.5
Returns:
{Array} associative array of parsed CSR

<static> {Array} KEYUTIL.parseHexOfEncryptedPKCS8(passcode)
generate PBKDF2 key hexstring with specified passcode and information The associative array which is returned by this method has following properties: Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
// to convert plain PKCS#5 private key to encrypted PKCS#8 private
// key with PBKDF2 with TripleDES
% openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
Parameters:
{String} passcode
passcode to decrypto private key
Since:
pkcs5pkey 1.0.3
Returns:
{Array} info associative array of PKCS#8 parameters

<static> {Hash} KEYUTIL.parsePKCS5PEM(sEncryptedPEM)
parse PEM formatted passcode protected PKCS#5 private key Resulted hash has following attributes.
Parameters:
{String} sEncryptedPEM
PEM formatted protected passcode protected PKCS#5 private key
Returns:
{Hash} hash of key information

<static> {Array} KEYUTIL.parsePlainPrivatePKCS8Hex(pkcs8PrvHex)
parse hexadecimal string of plain PKCS#8 private key Resulted associative array has following properties:
Parameters:
{String} pkcs8PrvHex
hexadecimal string of PKCS#8 plain private key
Since:
pkcs5pkey 1.0.5
Returns:
{Array} associative array of parsed key

<static> {Hash} KEYUTIL.parsePublicPKCS8Hex(pkcs8PubHex)
parse hexadecimal string of PKCS#8 RSA/EC/DSA public key Resulted hash has following attributes.
Parameters:
{String} pkcs8PubHex
hexadecimal string of PKCS#8 public key
Returns:
{Hash} hash of key information

<static> {Array} KEYUTIL.parsePublicRawRSAKeyHex(pubRawRSAHex)
parse hexadecimal string of plain PKCS#8 private key Resulted associative array has following properties:
Parameters:
{String} pubRawRSAHex
hexadecimal string of ASN.1 encoded PKCS#8 public key
Since:
pkcs5pkey 1.0.5
Returns:
{Array} associative array of parsed key

© 2012-2017 Kenji Urushima, All rights reserved
Documentation generated by JsDoc Toolkit 2.4.0