7.1.1 release

ChangeLog.txt

@@ -1,6 +1,31 @@
 
 ChangeLog for jsrsasign
 
+* Changes from 7.0.0 to 7.1.1 (2017-Mar-10)
+  - CRITICAL BUG FIX: KJUR.asn1.x509.Certificate.sign() and
+    KJUR.asn1.x509.X509Util.newCertPEM() have always 
+    signed signatures with SHA1withRSA algorithm regardless
+    of any specified signature algorithm. This issue was 
+    fixed in this release.
+  - asn1x509 1.0.19 to 1.0.20
+    - Certificate
+      - sign() critical bug fix
+        sign() was always sign with SHA1withRSA regardless of
+        specified any other signature algorithm.
+        This fixes #240 and #241 by @helfloryd.
+    - AlgorithmIdentifier
+      - set algorithm parameter to NULL automatically by default 
+        for "*withRSA" algorithm.
+      - document update
+    - newCertPEM
+      - fix document
+  - x509 1.1.11 to 1.1.12
+    - X509.verifySignature static method added
+  - ext/rng.js
+    - fix #228 from @dzaman. window.crypto.random fix
+  - crypto 1.1.11 to 1.1.12
+    - minor document fix
+
 * Changes from 7.0.0 to 7.1.0 (2017-Jan-21)
   - minor update for loading private/public key
     - support added: PKCS#5 DSA/ECC hexacedimal string of private key
@@ -13,7 +38,7 @@ ChangeLog for jsrsasign
   - pkcs5pkey 1.0.7 to 1.1.0
     - make PKCS5PKEY.getHexFromPEM deprecated
     - move from getHexFromPEM to ASN1HEX.pemToHex
-  - rsapem 1.1.1 to 1.1.2
+  - rsapem 1.1.1 to 1.2.0
     - refactoring codes
     - readPKCS5PubKeyHex added
     - readPKCS8PubKeyHex added

api/files.html

@@ -576,7 +576,7 @@ <h2><a href="symbols/src/asn1x509-1.0.js.html">asn1x509-1.0.js</a></h2>
 
 
 						<dt class="heading">Version:</dt>
-							<dd>1.0.20 (2017-Jan-14)</dd>
+							<dd>1.0.21 (2017-Mar-03)</dd>
 
 
 
@@ -614,7 +614,7 @@ <h2><a href="symbols/src/crypto-1.1.js.html">crypto-1.1.js</a></h2>
 
 
 						<dt class="heading">Version:</dt>
-							<dd>1.1.11 (2016-Dec-25)</dd>
+							<dd>1.1.12 (2017-Jan-31)</dd>
 
 
 
@@ -823,7 +823,7 @@ <h2><a href="symbols/src/x509-1.1.js.html">x509-1.1.js</a></h2>
 
 
 						<dt class="heading">Version:</dt>
-							<dd>x509 1.1.11 (2017-Jan-21)</dd>
+							<dd>x509 1.1.12 (2017-Mar-12)</dd>
 
 
 

api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html

@@ -473,7 +473,9 @@ <h1 class="classTitle">
 								<b><a href="../symbols/KJUR.asn1.x509.AlgorithmIdentifier.html#constructor">KJUR.asn1.x509.AlgorithmIdentifier</a></b>(params)
 							</div>
 							<div class="description">AlgorithmIdentifier ASN.1 structure class
-</div>
+The 'params' argument is an associative array and has following parameters:
+<ul>
+<li>name: algorithm name (MANDATORY, ex.</div>
 						</td>
 					</tr>
 				</tbody>
@@ -519,13 +521,29 @@ <h1 class="classTitle">
 
 				<div class="description">
 					AlgorithmIdentifier ASN.1 structure class
-
+The 'params' argument is an associative array and has following parameters:
+<ul>
+<li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
+<li>asn1params: explicitly specify ASN.1 object for algorithm.
+(OPTION)</li>
+<li>paramempty: set algorithm parameter to NULL by force.
+If paramempty is false, algorithm parameter will be set automatically.
+If algorithm name is "rsaEncryption" or "*withRSA" such as "SHA1withRSA", 
+algorithm parameter will be set to NULL by default.
+(OPTION, DEFAULT = false)</li>
+</ul>
 
 				</div>
 
 
 
-				<pre class="code">algId1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});</pre>
+				<pre class="code">algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
+// set parameter to NULL authomatically if algorithm name is "*withRSA".
+algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"});
+// set parameter to NULL authomatically if algorithm name is "rsaEncryption".
+algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"});
+// SHA256withRSA and set parameter empty by force
+algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true});</pre>
 
 
 

api/symbols/KJUR.asn1.x509.Certificate.html

@@ -789,7 +789,7 @@ <h4>EXAMPLES</h4>
 
 
 
-					<pre class="code">var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
+					<pre class="code">var cert = new KJUR.asn1.x509.Certificate({tbscertobj: tbs, prvkeyobj: prvKey});
 cert.sign();</pre>
 
 

api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html

@@ -692,6 +692,13 @@ <h4>EXAMPLE</h4>
 							</dl>
 
 
+							<dl class="detailList">
+							<dt class="heading">Deprecated:</dt>
+							<dt>
+								from jsrsasign 7.1.1 asn1x509 1.0.20.
+							</dt>
+							</dl>
+
 
 
 

api/symbols/KJUR.asn1.x509.TBSCertList.html

@@ -512,7 +512,7 @@ <h4>EXAMPLE</h4></div>
 							<td class="nameDescription">
 								<div class="fixedFont"><b><a href="../symbols/KJUR.asn1.x509.TBSCertList.html#addRevokedCert">addRevokedCert</a></b>(snParam, timeParam)
 								</div>
-								<div class="description">add revoked certficate by parameter
+								<div class="description">add revoked certificate by parameter
 </div>
 							</td>
 						</tr>
@@ -660,7 +660,7 @@ <h4>EXAMPLE</h4>
 
 					</div>
 					<div class="description">
-						add revoked certficate by parameter
+						add revoked certificate by parameter
 
 
 

api/symbols/KJUR.asn1.x509.X509Util.html

@@ -619,19 +619,18 @@ <h1 class="classTitle">
 private key using 'cakey' parameter or
 hexa decimal signature value by 'sighex' parameter.
 
-NOTE: When using DSA or ECDSA CA signing key,
-use 'paramempty' in 'sigalg' to ommit parameter field
-of AlgorithmIdentifer. In case of RSA, parameter
-NULL will be specified by default.
+NOTE: Algorithm parameter of AlgorithmIdentifier will
+be set automatically by default. ({@see KJUR.asn1.x509.AlgorithmIdentifier})
+from jsrsasign 7.1.1 asn1x509 1.0.20.
 
 
 					</div>
 
 
 
-					<pre class="code">var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-{ serial: {int: 4},
-  sigalg: {name: 'SHA1withECDSA', paramempty: true},
+					<pre class="code">var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+  serial: {int: 4},
+  sigalg: {name: 'SHA1withECDSA'},
   issuer: {str: '/C=US/O=a'},
   notbefore: {'str': '130504235959Z'},
   notafter: {'str': '140504235959Z'},
@@ -644,9 +643,9 @@ <h1 class="classTitle">
   cakey: [prvkey, pass]}
 );
 // -- or --
-var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-{ serial: {int: 1},
-  sigalg: {name: 'SHA1withRSA', paramempty: true},
+var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+  serial: {int: 1},
+  sigalg: {name: 'SHA1withRSA'},
   issuer: {str: '/C=US/O=T1'},
   notbefore: {'str': '130504235959Z'},
   notafter: {'str': '140504235959Z'},
@@ -656,9 +655,9 @@ <h1 class="classTitle">
 );
 // for the issuer and subject field, another
 // representation is also available
-var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-{ serial: {int: 1},
-  sigalg: {name: 'SHA1withRSA', paramempty: true},
+var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+  serial: {int: 1},
+  sigalg: {name: 'SHA256withRSA'},
   issuer: {C: "US", O: "T1"},
   notbefore: {'str': '130504235959Z'},
   notafter: {'str': '140504235959Z'},

api/symbols/KJUR.crypto.Cipher.html

@@ -709,7 +709,7 @@ <h1 class="classTitle">
 
 					<pre class="code">
 KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj) &rarr; "1abc2d..."
-KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj, "RSAOAEP) &rarr; "23ab02..."</pre>
+KJUR.crypto.Cipher.encrypt("aaa", pubRSAKeyObj, "RSAOAEP") &rarr; "23ab02..."</pre>
 
 
 

api/symbols/X509.html

@@ -940,6 +940,17 @@ <h1 class="classTitle">
 							</td>
 						</tr>
 
+						<tr>
+							<td class="attributes">&lt;static&gt; &nbsp;</td>
+							<td class="nameDescription">
+								<div class="fixedFont">X509.<b><a href="../symbols/X509.html#.verifySignature">verifySignature</a></b>(hCert, pubKey)
+								</div>
+								<div class="description">verifies signature value by public key
+This method verifies signature value of hexadecimal string of 
+X.509 certificate by specified public key object.</div>
+							</td>
+						</tr>
+
 					</tbody>
 				</table>
 
@@ -3117,6 +3128,69 @@ <h1 class="classTitle">
 
 
 
+					<hr />
+
+					<a name=".verifySignature"> </a>
+					<div class="fixedFont">&lt;static&gt; 
+
+					<span class="light">{Boolean}</span>
+					<span class="light">X509.</span><b>verifySignature</b>(hCert, pubKey)
+
+					</div>
+					<div class="description">
+						verifies signature value by public key
+This method verifies signature value of hexadecimal string of 
+X.509 certificate by specified public key object.
+
+
+					</div>
+
+
+
+					<pre class="code">pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
+hCert = ASN1HEX.pemToHex(pemCert);
+isValid = X509.verifySignature(hCert, pubKey);</pre>
+
+
+
+
+							<dl class="detailList">
+							<dt class="heading">Parameters:</dt>
+
+								<dt>
+									<span class="light fixedFont">{String}</span> <b>hCert</b>
+
+								</dt>
+								<dd>hexadecimal string of X.509 certificate binary</dd>
+
+								<dt>
+									<span class="light fixedFont">{Object}</span> <b>pubKey</b>
+
+								</dt>
+								<dd>public key object</dd>
+
+							</dl>
+
+
+
+							<dl class="detailList">
+							<dt class="heading">Since:</dt>
+								<dd>jsrsasign 7.1.1 x509 1.1.12</dd>
+							</dl>
+							</dl>
+
+
+
+							<dl class="detailList">
+							<dt class="heading">Returns:</dt>
+
+								<dd><span class="light fixedFont">{Boolean}</span> true if signature value is valid otherwise false</dd>
+
+							</dl>
+
+
+
+