Skip to content

gianlucafrei/MiniCertificates

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
__tests__
__tests__
 
 
build/src
build/src
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
README.md
README.md
 
 
demo.js
demo.js
 
 
jest.config.js
jest.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sizeReport.js
sizeReport.js
 
 
tsconfig.json
tsconfig.json
 
 
tsconfig.release.json
tsconfig.release.json
 
 
tslint.json
tslint.json
 
 

Repository files navigation

MiniCertificates

This is a proof of concept. Don't use this library in a real-world application.

What is a mini certificate

MiniCertificates work like normal public key certificates but are much smaller. For a 100bit security level, a public key certificate can be less than 100 bytes in size. MiniCertificates only support ECDSA keys. This is because when using ECDSA, you can recover the public key if you have a signature and message.

How does it work

Unlike a normal public key certificate, the key itself is not stored in a MiniCertificate. To verify the validity of a certificate, the verifier first needs to recover the public key from a signature, and can then check if the signature of the MiniCertificate is valid.

Size of the certificate

The size of the certificate depends on the cipher suite used and length of the username. This tables lists all supported suites and the sizes of the keys, signature and certificates in bytes.

Suite Secret Key Public Key Certificate
p192 24 24 84
p256 32 32 100

How to use this library

npm install gianlucafrei/MiniCertificates

All inputs are strings. All outputs are hexdecimal numbers as strings.

var minicert = require('./build/src/main.js');
var mc = new minicert('p256', minicert.insecureRandom);

// Create key pair for the issuer of the certificate
var caSecret = mc.newPrivateKey();
var caPublic = mc.computePublicKeyFromPrivateKey(caSecret);
console.log("CA secret: " + caSecret);
console.log("CA public: " + caPublic);

// Create key pair for user
var userSecret = mc.newPrivateKey();
var userPublic = mc.computePublicKeyFromPrivateKey(userSecret);

// Sign the certificate
var username = "pirate";
var validityStart = mc.now();
var validityEnd = mc.plus(validityStart)
var certificate = mc.signCertificate(username, userPublic, validityStart, validityEnd, caSecret);
console.log("Certificate value: " + certificate);

// user signs a message
var message = "This is a message";
var signature = mc.sign(message, userSecret);
console.log("Signature value: " + signature);

// Test the validity of the signature with the certificate
var expectedUser = "pirate";
var isValid = mc.verifySignatureWithCertificate(expectedUser, message, signature, certificate, caPublic);
console.log("Is a valid signature: " + isValid);

About

Very very small public key certificates

Topics

cryptography proof-of-concept certificate-generation

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages