- keymaster
Class representing an keymaster instance.
- initialize() ⇒
undefined Initialize the keymaster instance. Compiles the core WebAssembly System Interface (WASI) compliant WebAssembly binary.
- calcKeyUsage(KU) ⇒
string Creates the Key Usage comma-separated string from an object of NID parameters.
- cleanupReferences() ⇒
undefined Memory management for buffers
- writeString(memloc) ⇒
string Read UTF8 string from WASM memory location
- writeString(str) ⇒
number Write UTF8 string to WASM memory location
- writeUint32Array(uint32Array) ⇒
number Write an array of 32-bit unsigned integers to WASM memory location
- loadKey([key]) ⇒
number Load key from Buffer
- convertKey(settings) ⇒
string Convert key to serialization format
- createCertificate(settings) ⇒
string Create a certificate
- createCertificateSigningRequest(settings) ⇒
string Create a certificate signing request
Class representing an keymaster instance.
Kind: global class
- keymaster
- new keymaster()
- .subjectAlternativeName
- .keyHex ⇒
string - .keyUsage :
object - .extKeyUsage :
object
Create a keymaster instance.
The subject alternative name extension allows identities to be bound to the subject of the certificate.
https://tools.ietf.org/html/rfc5280#section-4.2.1.6
Kind: instance property of keymaster
The keyHex property is the current key in hexidecimal
Kind: instance property of keymaster
Returns: string - Current key in hexidecimal
The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
https://tools.ietf.org/html/rfc5280#section-4.2.1.3
Kind: instance namespace of keymaster
Properties
| Name | Type | Description |
|---|---|---|
| digitalSignature | Boolean |
Subject Public Key (SPK) is used for verifying digital signatures |
| nonRepudiation | Boolean |
SPK used to verify digital signatures |
| keyEncipherment | Boolean |
SPK used for enciphering private or secret keys |
| dataEncipherment | Boolean |
SPK used for enciphering raw user data w/o an intermediate symmetric cipher |
| keyAgreement | Boolean |
SPK used for key agreement, used with encipherOnly / decipherOnly |
| keyCertSign | Boolean |
SPK used for verifying signatures on public key certificates |
| cRLSign | Boolean |
SPK used for verifying signatures on certificate revocation lists |
| encipherOnly | Boolean |
If keyAgreement set, enciphering data while performing key agreement |
| decipherOnly | Boolean |
If keyAgreement set, deciphering data while performing key agreement |
This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes indicated in the key usage extension
https://tools.ietf.org/html/rfc5280#section-4.2.1.12 https://tools.ietf.org/html/rfc6071#section-2.4
Kind: instance namespace of keymaster
Properties
| Name | Type | Description |
|---|---|---|
| serverAuth | Boolean |
TLS WWW server authentication |
| clientAuth | Boolean |
TLS WWW server authentication |
| codeSigning | Boolean |
Signing of downloadable executable code |
| emailProtection | Boolean |
Email protection |
| timeStamping | Boolean |
Binding the hash of an object to a time |
| OCSPSigning | Boolean |
Signing OCSP responses |
| ipsecIKE | Boolean |
Used for IP Security (IPsec) and Internet Key Exchange (IKE) |
| msCodeInd | Boolean |
Microsoft Individual Code Signing (authenticode) |
| msCodeCom | Boolean |
Microsoft Commercial Code Signing (authenticode) |
| msCTLSign | Boolean |
Microsoft Trust List Signing |
| msEFS | Boolean |
Microsoft Encrypting File System |
Initialize the keymaster instance. Compiles the core WebAssembly System Interface (WASI) compliant WebAssembly binary.
Creates the Key Usage comma-separated string from an object of NID parameters.
Kind: global function
Returns: string - The comma-separated list of NIDs
| Param | Type | Description |
|---|---|---|
| KU | object |
Object with NID as parameters. |
Memory management for buffers
Read UTF8 string from WASM memory location
Kind: global function
Returns: string - UTF8 string
| Param | Type | Description |
|---|---|---|
| memloc | number |
Memory offset pointer |
Write UTF8 string to WASM memory location
Kind: global function
Returns: number - Memory offset pointer
| Param | Type | Description |
|---|---|---|
| str | string |
String to write to memory location |
Write an array of 32-bit unsigned integers to WASM memory location
Kind: global function
Returns: number - Memory offset pointer
| Param | Type | Description |
|---|---|---|
| uint32Array | Uint32Array |
array of 32-bit unsigned integers to write to wasm memory |
Load key from Buffer
Kind: global function
Returns: number - Memory offset pointer
| Param | Type | Default | Description |
|---|---|---|---|
| [key] | buffer | arrayBuffer | string | Array.<string> | Object |
buffer |
Buffer to load |
Convert key to serialization format
Kind: global function
Returns: string - String representation of formatted key
| Param | Type | Default | Description |
|---|---|---|---|
| settings | Object |
The configuration object to tell OpenSSL how to format the key | |
| [settings.key] | buffer | arrayBuffer | string | Array.<string> | Object |
|
Key, default is current instance key. If not null, replaces key. |
| [settings.curve] | number |
NID_secp256k1 |
Numerical ID (NID) for the Elliptic Curve (EC) to use |
| [settings.outputtype] | number |
NID_X9_62_id_ecPublicKey |
NID for OpenSSL output type |
| [settings.outformat] | number |
V_ASN1_BIT_STRING |
NID for OpenSSL output format |
| [settings.compressed] | number |
POINT_CONVERSION_UNCOMPRESSED |
Which X9.62 (ECDSA) form, for encoding an EC point |
| [settings.password] | string |
null |
Password to use |
Create a certificate
Kind: global function
Returns: string - String representation of certificate
| Param | Type | Default | Description |
|---|---|---|---|
| settings | Object |
The configuration object to tell OpenSSL how to format the key | |
| [settings.key] | buffer | arrayBuffer | string | Array.<string> | Object |
|
Key, default is current instance key. If not null, replaces key. |
| [settings.curve] | number |
NID_secp256k1 |
Numerical ID (NID) for the Elliptic Curve (EC) to use |
| [settings.compressed] | number |
POINT_CONVERSION_UNCOMPRESSED |
Which X9.62 (ECDSA) form, for encoding an EC point |
| [settings.password] | string |
null |
Password to use |
| [settings.notBefore] | number |
0 |
Certificate validity start in seconds from current system time |
| [settings.notAfter] | number |
31536000 |
Certificate validity stop in seconds from current system time |
| [settings.version] | number |
3 |
Certificate version |
| [settings.issuer] | string |
"C=US, ST=VA, L=DZM, O=MyOrg, OU=dev, CN=ISSUER" |
Certificate issuer csv Distinguished Name (DN) string |
| [settings.name] | string |
"C=US, ST=VA, L=DZM, O=MyOrg, OU=dev, CN=NAME" |
Certificate name csv Distinguished Name (DN) string |
| [settings.id] | number |
0 |
Certificate ID number |
| settings.basicConstraints | Object |
Basic constraints on this certificate | |
| settings.basicConstraints.CA | Boolean |
The subject of the cert is a CA | |
| settings.basicConstraints.pathlen | number |
The max depth of valid cert paths that include cert | |
| [settings.keyUsage] | Object | string |
this.keyUsage |
Key usage extensions. |
| [settings.extKeyUsage] | Object | string |
this.extKeyUsage |
Extended Key usage extensions. |
| [settings.subjectAlternativeName] | Object |
Object with properties enumerating SAN (additional host names) for certificate | |
| [settings.subjectKeyIdentifier] | string |
"hash"" |
Either hash per https://tools.ietf.org/html/rfc3280#section-4.2.1.2 or a hex string (strongly discouraged). |
| [settings.authorityKeyIdentifier] | string |
"keyid:always" |
https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html Can be either 'keyid', 'issuer', or both, each with optional value 'always' |
| [settings.friendlyName] | string |
null |
Friendly Name for Microsoft .p12 |
| [settings.certificateSigningRequest] | string |
null |
CSR as a string |
| [settings.outformat] | number |
NID_x509Certificate |
NID for the output format |
| [settings.caPEM] | number |
|
PEM of Certificate Authority for signing |
| [settings.caCertificate] | number |
|
CA Certificate |
Create a certificate signing request
Kind: global function
Returns: string - String representation of certificate
| Param | Type | Default | Description |
|---|---|---|---|
| settings | Object |
The configuration object to tell OpenSSL how to format the key | |
| [settings.key] | buffer | arrayBuffer | string | Array.<string> | Object |
|
Key, default is current instance key. If not null, replaces key. |
| [settings.curve] | number |
NID_secp256k1 |
Numerical ID (NID) for the Elliptic Curve (EC) to use |
| [settings.compressed] | number |
POINT_CONVERSION_UNCOMPRESSED |
Which X9.62 (ECDSA) form, for encoding an EC point |
| [settings.password] | string |
null |
Password to use |
| [settings.version] | number |
3 |
Certificate version |
| [settings.name] | string |
"C=US, ST=VA, L=DZM, O=MyOrg, OU=dev, CN=NAME" |
Certificate name csv Distinguished Name (DN) string |
| [settings.id] | number |
0 |
Certificate ID number |
| settings.basicConstraints | Object |
Basic constraints on this certificate | |
| [settings.keyUsage] | Object | string |
this.keyUsage |
Key usage extensions. |
| [settings.extKeyUsage] | Object | string |
this.extKeyUsage |
Extended Key usage extensions. |
| [settings.subjectAlternativeName] | Object |
Object with properties enumerating SAN (additional host names) for certificate | |
| [settings.subjectKeyIdentifier] | string |
"hash" |
Either hash per https://tools.ietf.org/html/rfc3280#section-4.2.1.2 or a hex string (strongly discouraged). |
Range Check Private Key
Kind: static function
| Param | Type | Default | Description |
|---|---|---|---|
| privateKey | buffer | arrayBuffer | string | Array.<string> | Object |
Private Key to compare | |
| [min] | string |
0 |
Minimum value as a hex string |
| [max] | string |
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140" |
Maximum value as a hex string |