Skip to content

Core API

dweller long gone edited this page May 22, 2026 · 1 revision

Core API

The Core API is exposed by PvkGadgetsCore. It is UI-independent and is available from both @pkistudio/pvkgadgets and @pkistudio/pvkgadgets/core.

import { PvkGadgetsCore } from '@pkistudio/pvkgadgets';

const algorithms = await PvkGadgetsCore.getSupportedKeyAlgorithms();
const keyPair = await PvkGadgetsCore.generateKeyPair(algorithms[0].id);

console.log(keyPair.privateKeyDer.byteLength);
console.log(keyPair.publicKeyDer?.byteLength);

Key Generation

Use getSupportedKeyAlgorithms() to detect what the current browser can generate through WebCrypto.

Use generateKeyPair(algorithmId) to generate key material. Returned key material is DER encoded:

  • private key: PKCS#8 DER.
  • public key: SPKI DER when the algorithm exports one.

Supported algorithms depend on the browser and may include RSA, EC, Ed25519, and X25519.

Key Recognition

Private Key Gadgets recognizes labels such as RSA 2048, EC P-256, Ed25519, and X25519 from DER AlgorithmIdentifier data.

This keeps algorithm display derived from key material instead of from separate UI state.

SubjectDN DER

The Core API can create SubjectDN DER from LDAP-style text such as:

CN=example.com, O=Example, C=JP

SubjectDN data is stored as RDNSequence DER. The browser app uses the same DER as the source for CSR and self-signed certificate generation.

CSR DER

The Core API can create PKCS#10 CSR DER from private key material and SubjectDN DER.

CSR signing supports RSA and EC signing keys with SHA-256, SHA-384, or SHA-512 hash choices.

Self-Signed Certificate DER

The Core API can create self-signed X.509 certificate DER from private key material and SubjectDN DER.

Certificate generation supports RSA and EC signing keys with SHA-256, SHA-384, or SHA-512 hash choices. The browser app exposes validity days and KeyUsage selection.

Certificate Matching

The Core API checks whether a certificate public key matches key material.

When possible, matching uses public key DER comparison. When no PublicKey item is present, the app can verify a signing key by signing and verifying test data for supported signing keys.

PEM and DER Helpers

The Core API converts DER objects to PEM blocks and parses PEM blocks back to DER.

Common PEM block labels include:

  • PRIVATE KEY
  • PUBLIC KEY
  • CERTIFICATE
  • CERTIFICATE REQUEST

PKCS#12 Convenience

PvkGadgetsCore also exposes PKCS#12 read and write behavior used by the app. The standalone helpers are documented in PKCS#12 API.

Clone this wiki locally