@kjur / Kenji Urushima
press ← ↑ → ↓ ESC key or right bottom buttons to move slides
古い日本語スライドはコチラ
The "jsrsasign" (https://kjur.github.io/jsrsasign/) is a open source free cryptograhic library implemented by pure JavaScript. It supports a lot of features such as following:
|
|
% bower install jsrsasignFor Node.js:
% npm install -g jsrsasign (for global installation)Of course, you can use git:
% git clone https://github.com/kjur/jsrsasign.gitOr to use it in your web page, add following in your HTML:
<script src="https://kjur.github.io/jsrsasign/jsrsasign-all-min.js"></script>
generateKeypair method can be used to generate RSA/ECC key pair.
getKey method can load a lot of format of public and private key such as PKCS#1/5/8 or JWK very easily.
sign a data with your private key using Signature object as like Java JCE.
sign a data with your private key using Signature object as like Java JCE.
calculate hash using MessageDigest class just like Java JCE
calculate message authentication code by Mac class just like Java JCE
pass parameter supports some value formats like this:
hexadecimal | {hex: "616161"} |
UTF-8 | {utf8: "東京"} |
Base64 | {b64: "Mi02/+...a=="} |
Base64URL | {b64u: "Mi02_-...a"} |
ASN.1 is a binary encoding of structured data consists of a data type tag(T), byte length(L) and value(V).
ASN.1 encoding is used in network protocol or format such like X.509 certificate, private/public key formats, S/MIME data, digital time stamp, Radius.
Structured data can be represented by SEQUENCE or SET.
ASN1HEX methods can be used for getting tag, length or value of ASN.1 object of hexadecimal string at specified position.
get a list of indexes of child elements.
To refer a descendant element of nested structured ASN.1, use "List" which represent indexes for each nested layer. This is very useful to specify a deep nested element such like subject name of X.509 certificate.
SEQUENCE idx=0 SET [0] idx=4 INTEGER 4 [0,0] idx=8 ← You want to refer INTEGER 31 [0,1] idx=14 SET [1] UTF8STRING "aaa" [1,0] IA5STRING "bbb" [1,1]
getTLVbyList(s,0,[0,0]) → "020104" | getVbyList(s,0,[0,0]) → "04" |
getIdxbyList(s,0,[0,0]) → 8 | getLbyList(s,0,[0,0]) → "01" |
There are a lot of methods to get fields and extensions.
Please see
manual
in detail.
Classes for ASN.1 primitives and structured types, as well as X.509 certificate, CRL, CSR, CMS signed data, digital time stamp and CAdES are defined in jsrsasign.
Please see
manual in detail.
It's very similar to BouncyCastle or IAIK Java ASN.1 classes.
However, there is much more easy way...
It's very easy to generate complicated ASN.1 object by ASN1Util.newObject
It's very easy to generate PEM of X.509 certificate by X509Util.newCertPEM.
It's very easy to generate PEM of CSR(certificate signing request) by CSRUtil.newCSRPEM.
It's very easy to generate OCSP request by OCSPUtil.getRequestHex.
You can save this as binary and send it to OCSP responder like this:
jsrsasign can load and export RFC 7517 JSON Web Key (JWK).
jsrsasign can sign and verify RFC 7515 JSON Web Signatures (JWS).
jsrsasign can sign and verify RFC 7519 JSON Web Token (JWT).
jwt.io site have kindly listed jsrsasign. jwt.io provides JWT validator which uses old version of jsrsasign 4.1.5.
jsrsasign supports IETF JWS-JS Internet Draft, a parallel signature of JWS. This figure shows how to generate JWS-JS.
generate and verify JWS-JS.
This generates a RSA key pair and save its private key as PEM.
|
jsrsasign provides a lot of tools which use jsrsasign as example.
Please see the this list as for online tools.
Also see list
as for Node tools.
As for demonstrations, please see
this list.
|
|
jsrsasign provides tutorial documents to make it easy to learn jsrsasign programming.
|
|
jsrsasign provides detailed
API Reference
document. API reference also has examples.
|
kjur.github.io/jsrsasign
jwt.io T-shirt and me at Senso-ji temple at Tokyo