brightspace / node-jwk-to-pem Goto Github PK
View Code? Open in Web Editor NEWConvert a json web key to a PEM for use by OpenSSL or crytpo
License: Apache License 2.0
Convert a json web key to a PEM for use by OpenSSL or crytpo
License: Apache License 2.0
import * as jwkToPem from 'jwk-to-pem';
const pem = jwkToPem(jwk);
get error : jwkToPem is not a function
why ?
I found this Golang library online https://play.golang.org/p/wr7dwBB_hs
My JWT Token signature is getting validated when I use the public key generated by the above golang routine but it is not getting validated when I use the pem generated by this library (I am using jwt.io to do the signature validation). When I debugged the key I found that the golang library has some extra string in the pem key. Can you throw some light on this, Why is there a difference ?
There is an extra MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
in the GoLang method.
Key generated using this library
------------BEGIN PUBLIC KEY-----
MIIBCgKCAQEAtVKUtcx/n9rt5afY/2WFNvU6PlFMggCatsZ3l4RjKxH0jgdLq6CS
cb0P3ZGXYbPzXvmmLiWZizpb+h0
Key generated by GoLang.
------------BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVKUtcx/n9rt5afY/2WF
NvU6PlFMggCatsZ3l4RjKxH0jgdLq6CScb0P3ZGXYbPzXvmmLiWZizpb+h0qup5j
I tried to generate the EC private key from JWK as below
var jwk = {
"kty": "EC",
"d": "A3v-2GnVmo--t1I4OrfSqZsM2lQn1tFZHJ2q1V-BIHU",
"use": "sig",
"crv": "P-256",
"kid": "test",
"x": "agVuKmM4y9qUk3r22iWXNISBQTtkS5Kn3916B1pLH2s",
"y": "PPhAQu_ztXJmi9VPFADWf6tfOogelcCWTGTcWvX1sSo",
"alg": "ES256"
};
var fs = require('fs');
var PrivateKeyPem = jwkToPem(jwk, {private: true});
var PublicKeyPem = jwkToPem(jwk);
var PrivateKeyPemFile = __dirname + '/data/PrivateKeyPemTestJWK.pem';
var PublicKeyPemFile = __dirname + '/data/PublicKeyPemTestJWK.pem';
This is the private key get generated
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgA3v+2GnVmo++t1I4
OrfSqZsM2lQn1tFZHJ2q1V+BIHWgCgYIKoZIzj0DAQehRANCAARqBW4qYzjL2pST
evbaJZc0hIFBO2RLkqff3XoHWksfazz4QELv87VyZovVTxQA1n+rXzqIHpXAlkxk
3Fr19bEq
-----END PRIVATE KEY-----
It does not matches with the private key that I generated from the openssl command. Openssl private key's header and footer have the -----BEGIN EC PRIVATE KEY----- and -----END EC PRIVATE KEY-----.
When I used this private key to verify using sshpk npm library, its giving this error -
KeyParseError: Failed to parse (unnamed) as a valid pem format key: Expected 0xa1: got 0xa0
Please advice on this.
I can create an MR if necessary. Looks like we're seeing a red flag here via Snyk and should be an easy dependency update :)
@calvinmetcalf I should be able to remove my local definitions now, yes? (indutny/elliptic@54cfa9c)
Thank you for this awesome package.
I think it would be nice to support the oid string as value for the crv
property in EC type jwk. So both the following examples are supported.
jwkToPem({kty: 'EC', crv: 'P-256', x: '...', y: '...'});
jwkToPem({kty: 'EC', crv: '1.2.840.10045.3.1.7', x: '...', y: '...'});
I see that you are already mapping the friendly names to oids. A possible solution might be to add aliases for the same.
Can this package please provide .d.ts files?
Would you consider accepting an ES256 JWK as input and returning a PEM private key? The format I'm thinking of for the jwk would be:
{
alg: 'ES256',
crv: 'P-256',
kty: 'EC',
d: 'base64url-encoded-private-key-d-value-blah'
}
v2.0.3 includes asn1.js@5 when v2.0.2 would include asn1.js@4
This introduces a breaking change for node-jwk-to-pem
as well as the code in the dependency is now ES6 (i.e. it uses const
which makes older build pipelines choke) when previously it would be using ES5 syntax only.
See: indutny/asn1.js#99 for the same issue happening with asn1.js
itself.
Tools like https://mkjwk.org/ generate private keys with just d
, e
and n
values. The dp
, dq
and qi
values can be computed from these. I have a pretty cludgey tool I wrote in Java to compute these in advance, but I'm curious if you can suggest a cleaner method.
JWk to PEM is taking time to convert
It takes approx ~2.5 sec to convert JWK to PEM when private option is enabled.
const pem = jwkToPem(jwkSet, { private: true });
This process is making the overall request slower than expected.
Hello,
Is it possible to add option that disables key validation for EC keys?
I am running the code in AWS Lambda and for some reason converting JWK to PEM with this library can take a lot of time (several seconds). I assume that the validation is the biggest cause for that?
asn1.js uses Buffer() constructor which has been deprecated from nodejs 12. update is required for the package as it has been fixed from 5.3.0.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.