ݺߣ

ݺߣShare a Scribd company logo

introduction to jsrsasign

Kenji Urushima
Kenji Urushima

jsrsasign is a opensource free pure JavaScript cryptographic library. This slide shows its features such like RSA/ECDSA signing, PKCS#1/8 private/public key, ASN.1, certificate, JWT/JWS/JWK for introduction.

1 of 41
Downloaded 23 times
introduction?to jsrsasign pure?JavaScript?cryptographic?library slide?r1.0?(2016?Sep?3?for?jsrsasign?5.0.15) press key or right bottom buttons to move slides https://kjur.github.io/jsrsasign @kjur / Kenji Urushima
Table?of?Contents Overview How to use or install RSA/DSA/ECDSA public key cryptography Cryptographic Hash (SHA1/SHA2/MD5/RIPEMD160) Message Authentication Code (HmacSHA1/SHA2/MD5) short ASN.1 introduction ASN1HEX: simple ASN.1 parser X509: simple X.509 certi cate parser generate and encode ASN.1 JSON Web Key/Signature/Token (JWK/JWS/JWT) Tools, Demos, Tutorials and API Docs
Overview The "jsrsasign" ( ) is a open source free cryptograhic library implemented by pure JavaScript. It supports a lot of features such as following: strong RSA/DSA/ECDSA key utility RSA/DSA/ECDSA digital signature message authentication code(MAC) hash (MD5,RIPEMD,SHA1,SHA2) simple ASN.1 parser ASN.1 object generator X.509 certi cate and CRL PKCS#1/5/8 private/public key PKCS#10/CSR CMS SignedData RFC 3161 TimeStamp CAdES long term signature JWS (JSON Web Signatures) JWT (JSON Web Token) JWK (JSON Web Key) string utility https://kjur.github.io/jsrsasign/
Overview?(cont'd) well-documented "jsrsasign" has rich and so that you can learn easily. many samples and tools "jsrsasign" provides many samples and tools. easy installation "jsrsasign" can be easily installed by "git clone", bower and npm. There is no dependency to other package or module. works on most of browsers and Node.js "jsrsasign" doesn't require any special feature of JavaScript on the browser such like W3C Web Crypto or Promise. This works on most of browsers and Node.js as if old one. MIT license "jsrsasign" is licensed under "MIT License" which is short and permissive for developers convenience. API reference tutorial
jsrsasign?architecture
How?to?use?or?install For bower: For Node.js: O course, you can use git: Or to use it in your web page, add following in your HTML: % bower install jsrsasign % npm install -g jsrsasign (for global installation) % git clone https://github.com/kjur/jsrsasign.git <script src=/slideshow/introduction-to-jsrsasign/65680143/"https:/kjur.github.io/jsrsasign/jsrsasign- latest-all-min.js"></script>
RSA/DSA/ECDSA?public?key cryptography
KEYUTIL?class:?Features supports RSA/DSA/ECC algorithm generateKeypair() for RSA/ECC getKey(): key loader PKCS#1/5 plain/encryptped private/public PEM/HEX key PKCS#8 plain/encryptped private/public PEM/HEX key X.509 PEM certi cate public/private RFC 7517 JSON Web Key (JWK) getPEM() to get plain/encrypted private/public PKCS#1/5/8 PEM getJWKFromKey() to get RFC 7517 JSON Web Key (JWK)
KEYUTIL.generateKeypair() generateKeypair method can be used to generate RSA/ECC key pair. // RSA keypair = KEYUTIL.generateKeypair("RSA", 2048); // ECC keypair = KEYUTIL.generateKeypair("EC", "secp256r1"); // // private key object: keypair.prvKeyObj // public key object: keypair.pubKeyObj
KEYUTIL.getKey() getKey method can load a lot of format of public and private key such as PKCS#1/5/8 or JWK very easily. // PKCS#8 public key pub = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); // public key from X.509 certi cate pub = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); // PKCS#8 encrypted private with password prv = KEYUTIL.getKey("-----BEGIN ENCRYPTED PRIVATE KEY...", "pass");
sign?data sign a data with your private key using Signature object as like Java JCE. // load private key prv = KEYUTIL.getKey("-----BEGIN ENCRYPTED PRIVATE KEY...", "pass"); // generate Signature object sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"}); // set private key for sign sig.init(prv); // update data sig.updateString("aaa"); // calclate signature sigHex = sig.sign();
verify?signature sign a data with your private key using Signature object as like Java JCE. // load public key pub = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); // generate Signature object sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"}); // set private key for sign sig.init(pub); // update data sig.updateString("aaa"); // verify signature isValid = sig.verify(sigValueHex);
Cryptographic?Hash SHA1/SHA2/MD5/RIPEMD160
calculate?hash?by MessageDigest?class calculate hash using MessageDigest class just like Java JCE // generate MessageDigest object for SHA384 md = new KJUR.crypto.MessageDigest({alg: "sha384"}); // append data for hash md.updateString("aaa"); // calculate hash nally mdHex = md.digest(); // or use Util class in short. These three will get the same result. mdHex = KJUR.crypto.Util.sha384("aaa"); mdHex = KJUR.crypto.Util.hashString("aaa","sha384"); mdHex = KJUR.crypto.Util.hashHex("616161","sha384");
Message?Authentication?Code (HmacSHA1/SHA2/MD5)
calculate?Mac?by?Mac?class calculate message authentication code by Mac class just like Java JCE // generate Mac class mac = new KJUR.crypto.Mac({alg: "HmacSHA256", pass: "pass"}); // append data for Mac mac.updateString('aaa'); // get Mac value macHex = md.doFinal(); pass parameter supports some value formats like this: hexadecimal {hex: "616161"} UTF-8 {utf8: "|"} Base64 {b64: "Mi02/+...a=="} Base64URL {b64u: "Mi02_-...a"}
short?ASN.1?introduction
short?ASN.1?introduction ASN.1 is a binary encording of structured data consists of a data type tag(T), byte length(L) and value(V). ASN.1 encoding is used in network protocol or format such like X.509 certi cate, private/public key formats, S/MIME data, digital time stamp, Radius. FEATURE1: variable length data exceeds int or long. FEATURE2: structured data is also available.
short?ASN.1?introduction (cont'd) Structured data can be represented by SEQUENCE or SET.
ASN1HEX simple?ASN.1?parser?for?hexadecimal?string
ASN1HEX?basic?methods ASN1HEX methods can be used for getting tag, length or value of ASN.1 object of hexadecimal string at speci ed position.
ASN1HEX?basic?methods (cont'd) get a list of indexes of child elements.
ASN1HEX?for?decendant element To refer a decendant element of nested structured ASN.1, use "nthList" which represent indexes for each nested layer. This is very useful to specify a deep nested element such like subject name of X.509 certi cate. getDecendantHexTLVByNthList(s,0,[0,0]) "020104" getDecendantHexLByNthList(s,0,[0,0]) "01" getDecendantHexVByNthList(s,0,[0,0]) "04" getDecendantIndexByNthList(s,0,[0,0]) 8
X509 simple?X.509?certificate?parser?as?ASN.1
X509?class Basic?fields?and?extensions?can?be?get?by?X509?class. x = new X509(); x.readCertPEM(sCertPEM); hex = X.509.pemToHex(sCertPEM); // get subject subject = x.getSubjectString(); // return like "/C=US/O=OTEST" // get subjectAltName san = X.509.getExtSubjectAltName(hex); // return like ["example.com", "example.org"] There are a lot of methods to get elds and extensions. Please see in detail.manual
generate?and?encode?ASN.1
generate?and?encode?ASN.1?(cont'd) Classes for ASN.1 primitives and structured types, as well as X.509 certi cate, CRL, CSR, CMS signed data, digital time stamp and CAdES are de ned in jsrsasign. i1 = new KJUR.asn1.DERInteger({int: 234}); s1 = new KJUR.asn1.DERUTF8String({str: 'Tokyo'}}); seq = new KJUR.asn1.DERSequence({array: [i1, s1]}); hex = seq.getEncodedHex(); Please see in detail. It's very similar to BoucyCastle or IAIK Java ASN.1 classes. However, there is much more easy way... manual
generate?and?encode?ASN.1?using newObject It's very easy to generate complicated ASN.1 object by ASN1Util.newObject var hex = new KJUR.asn1.ASN1Util.newObject( {seq: [// SEQUENCE {int: 234},// INTEGER {utf8str: 'Tokyo'}// UTF8String ]} ).getEncodedHex();
get?PEM?of?X.509?certificate?by X509Util.newCertPEM It's very easy to generate PEM of X.509 certi cate by . pem = new KJUR.asn1.x509.X509Util.newCertPEM({ serial: {int: 4}, sigalg: {name: 'SHA256withECDSA', paramempty: true}, issuer: {str: '/C=US/O=CA1'}, notbefore: {str: '130504235959Z'}, notafter: {str: '140504235959Z'}, subject: {str: '/C=US/O=T1'}, sbjpubkey: "-----BEGIN PUBLIC KEY...", ext: [ {basicConstraints: {cA: true, critical: true}}, {keyUsage: {bin: '11'}}, ], cakey: ["-----BEGIN PRIVATE KEY...", "pass"] }); X509Util.newCertPEM
get?PEM?of?PKCS#10/CSRT?by CSRUtil.newCSRPEM It's very easy to generate PEM of CSR(certi cate signing request) by . kp = KEYUTIL.generateKeypair("RSA", 2048); pem = new KJUR.asn1.csr.CSRUtil.newCSRPEM({ subject: {str: '/C=US/O=Test/CN=example.com'}, sbjpubkey: kp.pubKeyObj, sigalg: "SHA256withRSA", sbjprvkey: kp.prvKeyObj }); CSRUtil.newCSRPEM
JWK JWS JWT
JWK?(JSON?Web?Key) jsrsasign can load and export RFC 7517 JSON Web Key (JWK). // load JWK jwkPub = {kty: "EC", crv: "P-256", x: "f830J3..." ...}; keyObj = KEYUTIL.getKey(jwkPub); // export to JWK kp = KEYUTIL.generateKeypair("RSA", 2048); jwkPrv = KEYUTIL.getJWKFromKey(kp.prvKeyObj); jwkPub = KEYUTIL.getJWKFromKey(kp.pubKeyObj);
JWS?(JSON?Web?Signatures) jsrsasign can sign and verify RFC 7515 JSON Web Signatures (JWS). // sign JWS header = {alg: "HS256"}; payload = {fruit: "orange"}; jws = KJUR.jws.JWS.sign("HS256", header, payload, {utf8: "secret"}); // eyJhbGciOiJIUzI1NiJ9.eyJmcnVpdCI6Im9yYW5nZSJ9. // qbIF5WMbXYMFMh_UXjL2CGts5KPVU7yF7AbOdoyoPZI // verify JWS isValid = KJUR.jws.JWS.verify(jws, {utf8: "secret"}, ["HS256"]); This result can also be veri ed at .jwt.io
JWS?signature?generation?flow
JWT?(JSON?Web?Token) jsrsasign can sign and verify RFC 7519 JSON Web Token (JWT). // sign JWT header = {alg: "HS256", typ: "JWT"}; payload = {sub: "123456789", name: "John Doe", admin: true}; jwt = KJUR.jws.JWS.sign("HS256", header, payload, {utf8: "secret"}); // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY // 3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95 // OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ // verify JWT isValid = KJUR.jws.JWS.verifyJWT(jwt, {utf8: "secret"}, { alg: ["HS256"], sub: ["John Doe"] }); This result can also be veri ed at .jwt.io
jsrsasign?at?jwt.io site have kindly listed jsrsasign. jwt.io provides JWT validator which uses . jwt.io old version of jsrsasign 4.1.5
Tools,?Demos,?Tutorials?and?API Docs
Tools?and?demos jsrsasign provides a lot of tools which use jsrsasign as example. Please see the as for onliene tools. Also see as for Node tools. As for demonstrations, please see . this list list this list
Tutorials jsrsasign provides to make it easy to learn jsrsasign programming. tutorial documents
API?Reference jsrsasign provides detailed document. API reference also has examples. API Reference
Thank?you?for?your?attention.

Recommended

ImperativImperativ
Imperativ
KalleLina
?
CS403: Operating System : Lec 1 Introduction.pptx
CS403: Operating System : Lec 1 Introduction.pptxCS403: Operating System : Lec 1 Introduction.pptx
CS403: Operating System : Lec 1 Introduction.pptx
Guru Nanak Technical Institutions
?
Revoke-Obfuscation
Revoke-ObfuscationRevoke-Obfuscation
Revoke-Obfuscation
Daniel Bohannon
?
INFINITIV ohne und mit "zu" - ArbeitsblattINFINITIV ohne und mit "zu" - Arbeitsblatt
INFINITIV ohne und mit "zu" - Arbeitsblatt
Maria Vaz K?nig
?
Mobile Application Penetration Testing Giordano Giammaria
Mobile Application Penetration Testing Giordano GiammariaMobile Application Penetration Testing Giordano Giammaria
Mobile Application Penetration Testing Giordano Giammaria
Giammaria Giordano
?
UDA-Componentes RUP. ComboUDA-Componentes RUP. Combo
UDA-Componentes RUP. Combo
Ander Martinez
?
PASSIVERSATZFORMENPASSIVERSATZFORMEN
PASSIVERSATZFORMEN
Maria Vaz K?nig
?
Kotlin Ԅӻ
Kotlin Ԅӻ Kotlin Ԅӻ
Kotlin Ԅӻ
Shengyou Fan
?
⤹Force.com canvas
⤹Force.com canvas⤹Force.com canvas
⤹Force.com canvas
Hiroshi Nakamura
?
󥿩`?饤?եȥkȰ
󥿩`?饤?եȥkȰ󥿩`?饤?եȥkȰ
󥿩`?饤?եȥkȰ
Hiroshi Nakamura
?
ڣWebg㏊ webѥե`ޥ󥹸ƾ
ڣWebg㏊ webѥե`ޥ󥹸ƾڣWebg㏊ webѥե`ޥ󥹸ƾ
ڣWebg㏊ webѥե`ޥ󥹸ƾ
tzm_freedom
?
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLSqpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
Kenji Urushima
?
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
yoshimotot
?
3webg㏊ żg1
3webg㏊ żg13webg㏊ żg1
3webg㏊ żg1
tzm_freedom
?
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
Kenji Urushima
?
ƥ㏊ żgT 1
ƥ㏊ żgT 1ƥ㏊ żgT 1
ƥ㏊ żgT 1
Naoko Suzuki
?
Analytics CloudEmbulkʹäĥǩ`η
Analytics CloudEmbulkʹäĥǩ`ηAnalytics CloudEmbulkʹäĥǩ`η
Analytics CloudEmbulkʹäĥǩ`η
tzm_freedom
?
4webg㏊ żg2
4webg㏊ żg24webg㏊ żg2
4webg㏊ żg2
tzm_freedom
?
5webg㏊ żg3
5webg㏊ żg35webg㏊ żg3
5webg㏊ żg3
tzm_freedom
?
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓCertificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Kenji Urushima
?
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
?
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
William Lee
?
Elasticsearch And Apache Lucene For Apache Spark And MLlib
Elasticsearch And Apache Lucene For Apache Spark And MLlibElasticsearch And Apache Lucene For Apache Spark And MLlib
Elasticsearch And Apache Lucene For Apache Spark And MLlib
Jen Aman
?
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
Bangladesh Network Operators Group
?
Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21
Max Kleiner
?
maxbox starter72 multilanguage coding
maxbox starter72 multilanguage codingmaxbox starter72 multilanguage coding
maxbox starter72 multilanguage coding
Max Kleiner
?
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
Synack
?
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
Martin Kobetic
?
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
?
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
Laurent Bernaille
?

More Related Content

Viewers also liked (12)

⤹Force.com canvas
⤹Force.com canvas⤹Force.com canvas
⤹Force.com canvas
Hiroshi Nakamura
?
󥿩`?饤?եȥkȰ
󥿩`?饤?եȥkȰ󥿩`?饤?եȥkȰ
󥿩`?饤?եȥkȰ
Hiroshi Nakamura
?
ڣWebg㏊ webѥե`ޥ󥹸ƾ
ڣWebg㏊ webѥե`ޥ󥹸ƾڣWebg㏊ webѥե`ޥ󥹸ƾ
ڣWebg㏊ webѥե`ޥ󥹸ƾ
tzm_freedom
?
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLSqpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
Kenji Urushima
?
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
yoshimotot
?
3webg㏊ żg1
3webg㏊ żg13webg㏊ żg1
3webg㏊ żg1
tzm_freedom
?
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
Kenji Urushima
?
ƥ㏊ żgT 1
ƥ㏊ żgT 1ƥ㏊ żgT 1
ƥ㏊ żgT 1
Naoko Suzuki
?
Analytics CloudEmbulkʹäĥǩ`η
Analytics CloudEmbulkʹäĥǩ`ηAnalytics CloudEmbulkʹäĥǩ`η
Analytics CloudEmbulkʹäĥǩ`η
tzm_freedom
?
4webg㏊ żg2
4webg㏊ żg24webg㏊ żg2
4webg㏊ żg2
tzm_freedom
?
5webg㏊ żg3
5webg㏊ żg35webg㏊ żg3
5webg㏊ żg3
tzm_freedom
?
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓCertificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Kenji Urushima
?
⤹Force.com canvas
⤹Force.com canvas⤹Force.com canvas
⤹Force.com canvas
Hiroshi Nakamura
?
󥿩`?饤?եȥkȰ
󥿩`?饤?եȥkȰ󥿩`?饤?եȥkȰ
󥿩`?饤?եȥkȰ
Hiroshi Nakamura
?
ڣWebg㏊ webѥե`ޥ󥹸ƾ
ڣWebg㏊ webѥե`ޥ󥹸ƾڣWebg㏊ webѥե`ޥ󥹸ƾ
ڣWebg㏊ webѥե`ޥ󥹸ƾ
tzm_freedom
?
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLSqpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
qpstudy 2015.11.14 һiȤФե饨󥸥˥֪äƤۤSSL/TLS
Kenji Urushima
?
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
˽ϤǤĤޤŤ Oracle database 11g 12cؤΥåץ`ɤ Oracle Database 12c ™C@201...
yoshimotot
?
3webg㏊ żg1
3webg㏊ żg13webg㏊ żg1
3webg㏊ żg1
tzm_freedom
?
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
SSL/TLSOɥ饤 (JNSAWG gΰ?J^g㏊Y)
Kenji Urushima
?
ƥ㏊ żgT 1
ƥ㏊ żgT 1ƥ㏊ żgT 1
ƥ㏊ żgT 1
Naoko Suzuki
?
Analytics CloudEmbulkʹäĥǩ`η
Analytics CloudEmbulkʹäĥǩ`ηAnalytics CloudEmbulkʹäĥǩ`η
Analytics CloudEmbulkʹäĥǩ`η
tzm_freedom
?
4webg㏊ żg2
4webg㏊ żg24webg㏊ żg2
4webg㏊ żg2
tzm_freedom
?
5webg㏊ żg3
5webg㏊ żg35webg㏊ żg3
5webg㏊ żg3
tzm_freedom
?
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓCertificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Certificate TransparencyˤSSL`Щ`^_OȤn}hՓ
Kenji Urushima
?

Similar to introduction to jsrsasign (20)

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
?
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
William Lee
?
Elasticsearch And Apache Lucene For Apache Spark And MLlib
Elasticsearch And Apache Lucene For Apache Spark And MLlibElasticsearch And Apache Lucene For Apache Spark And MLlib
Elasticsearch And Apache Lucene For Apache Spark And MLlib
Jen Aman
?
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
Bangladesh Network Operators Group
?
Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21
Max Kleiner
?
maxbox starter72 multilanguage coding
maxbox starter72 multilanguage codingmaxbox starter72 multilanguage coding
maxbox starter72 multilanguage coding
Max Kleiner
?
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
Synack
?
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
Martin Kobetic
?
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
?
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
Laurent Bernaille
?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Paula Januszkiewicz
?
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & Encryption
Aaron Zauner
?
Spark with Elasticsearch - umd version 2014
Spark with Elasticsearch - umd version 2014Spark with Elasticsearch - umd version 2014
Spark with Elasticsearch - umd version 2014
Holden Karau
?
Node intro
Node introNode intro
Node intro
cloudhead
?
ECMAScript 2015
ECMAScript 2015ECMAScript 2015
ECMAScript 2015
Sebastian Pederiva
?
One Click Ownage Ferruh Mavituna (3)
One Click Ownage Ferruh Mavituna (3)One Click Ownage Ferruh Mavituna (3)
One Click Ownage Ferruh Mavituna (3)
Ferruh Mavituna
?
Blaise_UK_109_Max Kleiner_image2textAPI.pdf
Blaise_UK_109_Max Kleiner_image2textAPI.pdfBlaise_UK_109_Max Kleiner_image2textAPI.pdf
Blaise_UK_109_Max Kleiner_image2textAPI.pdf
breitschbreitsch
?
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
drewz lin
?
RESTful API In Node Js using Express
RESTful API In Node Js using Express RESTful API In Node Js using Express
RESTful API In Node Js using Express
Jeetendra singh
?
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
Wesley Charles Blake
?
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
?
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
William Lee
?
Elasticsearch And Apache Lucene For Apache Spark And MLlib
Elasticsearch And Apache Lucene For Apache Spark And MLlibElasticsearch And Apache Lucene For Apache Spark And MLlib
Elasticsearch And Apache Lucene For Apache Spark And MLlib
Jen Aman
?
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
Bangladesh Network Operators Group
?
Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21
Max Kleiner
?
maxbox starter72 multilanguage coding
maxbox starter72 multilanguage codingmaxbox starter72 multilanguage coding
maxbox starter72 multilanguage coding
Max Kleiner
?
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
Synack
?
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
Martin Kobetic
?
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
?
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
Laurent Bernaille
?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Paula Januszkiewicz
?
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & Encryption
Aaron Zauner
?
Spark with Elasticsearch - umd version 2014
Spark with Elasticsearch - umd version 2014Spark with Elasticsearch - umd version 2014
Spark with Elasticsearch - umd version 2014
Holden Karau
?
Node intro
Node introNode intro
Node intro
cloudhead
?
ECMAScript 2015
ECMAScript 2015ECMAScript 2015
ECMAScript 2015
Sebastian Pederiva
?
One Click Ownage Ferruh Mavituna (3)
One Click Ownage Ferruh Mavituna (3)One Click Ownage Ferruh Mavituna (3)
One Click Ownage Ferruh Mavituna (3)
Ferruh Mavituna
?
Blaise_UK_109_Max Kleiner_image2textAPI.pdf
Blaise_UK_109_Max Kleiner_image2textAPI.pdfBlaise_UK_109_Max Kleiner_image2textAPI.pdf
Blaise_UK_109_Max Kleiner_image2textAPI.pdf
breitschbreitsch
?
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
drewz lin
?
RESTful API In Node Js using Express
RESTful API In Node Js using Express RESTful API In Node Js using Express
RESTful API In Node Js using Express
Jeetendra singh
?
Automation with Packer and TerraForm
Automation with Packer and TerraFormAutomation with Packer and TerraForm
Automation with Packer and TerraForm
Wesley Charles Blake
?

Recently uploaded (20)

Emancipatory Information Retrieval (Invited Talk at UCC)
Emancipatory Information Retrieval (Invited Talk at UCC)Emancipatory Information Retrieval (Invited Talk at UCC)
Emancipatory Information Retrieval (Invited Talk at UCC)
Bhaskar Mitra
?
Don't just talk to AI, do more with AI: how to improve productivity with AI a...
Don't just talk to AI, do more with AI: how to improve productivity with AI a...Don't just talk to AI, do more with AI: how to improve productivity with AI a...
Don't just talk to AI, do more with AI: how to improve productivity with AI a...
All Things Open
?
The Best of Both Worlds: Hybrid Clustering with Delta Lake
The Best of Both Worlds: Hybrid Clustering with Delta LakeThe Best of Both Worlds: Hybrid Clustering with Delta Lake
The Best of Both Worlds: Hybrid Clustering with Delta Lake
carlyakerly1
?
CSUN 2025 - Interactive Charts for Everyone.pptx
CSUN 2025 - Interactive Charts for Everyone.pptxCSUN 2025 - Interactive Charts for Everyone.pptx
CSUN 2025 - Interactive Charts for Everyone.pptx
?ystein Moseng
?
Large Language Models vs Small Language Models
Large Language Models vs Small Language ModelsLarge Language Models vs Small Language Models
Large Language Models vs Small Language Models
Nathan Bijnens
?
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
All Things Open
?
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdfBest Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Hercules Hoists
?
Digital Nepal Framework 2.0: A Step Towards a Digitally Empowered Nepal
Digital Nepal Framework 2.0: A Step Towards a Digitally Empowered NepalDigital Nepal Framework 2.0: A Step Towards a Digitally Empowered Nepal
Digital Nepal Framework 2.0: A Step Towards a Digitally Empowered Nepal
ICT Frame Magazine Pvt. Ltd.
?
B2B SaaS - Reduce Churn using Proactive Support.pdf
B2B SaaS - Reduce Churn using Proactive Support.pdfB2B SaaS - Reduce Churn using Proactive Support.pdf
B2B SaaS - Reduce Churn using Proactive Support.pdf
Vijay Chandran
?
Comparative Analysis of Reasoning Techniques
Comparative Analysis of Reasoning TechniquesComparative Analysis of Reasoning Techniques
Comparative Analysis of Reasoning Techniques
HoussemEddineDEGHA
?
Google News Consideration for SEO | Google Search NYC
Google News Consideration for SEO | Google Search NYCGoogle News Consideration for SEO | Google Search NYC
Google News Consideration for SEO | Google Search NYC
Primary Position
?
DevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdfDevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdf
judy (fink) johnson
?
IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]
IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]
IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]
jamesfolkner123
?
Using Tags in Ansible Playbooks RHCE.pdf
Using Tags in Ansible Playbooks RHCE.pdfUsing Tags in Ansible Playbooks RHCE.pdf
Using Tags in Ansible Playbooks RHCE.pdf
RHCSA Guru
?
UiPath Automation Developer Associate Training Series 2025 - Session 7
UiPath Automation Developer Associate Training Series 2025 - Session 7UiPath Automation Developer Associate Training Series 2025 - Session 7
UiPath Automation Developer Associate Training Series 2025 - Session 7
DianaGray10
?
Create a Beautiful Terminal for Windows ?
Create a Beautiful Terminal for Windows ?Create a Beautiful Terminal for Windows ?
Create a Beautiful Terminal for Windows ?
Chris Wahl
?
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdfTaking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Precisely
?
TrustArc Webinar: Strategies for Future-Proofing Privacy for Healthcare
TrustArc Webinar: Strategies for Future-Proofing Privacy for HealthcareTrustArc Webinar: Strategies for Future-Proofing Privacy for Healthcare
TrustArc Webinar: Strategies for Future-Proofing Privacy for Healthcare
TrustArc
?
Women in Automation: Career Development & Leadership in Automation
Women in Automation: Career Development & Leadership in AutomationWomen in Automation: Career Development & Leadership in Automation
Women in Automation: Career Development & Leadership in Automation
UiPathCommunity
?
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdfPrecisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely
?
Emancipatory Information Retrieval (Invited Talk at UCC)
Emancipatory Information Retrieval (Invited Talk at UCC)Emancipatory Information Retrieval (Invited Talk at UCC)
Emancipatory Information Retrieval (Invited Talk at UCC)
Bhaskar Mitra
?
Don't just talk to AI, do more with AI: how to improve productivity with AI a...
Don't just talk to AI, do more with AI: how to improve productivity with AI a...Don't just talk to AI, do more with AI: how to improve productivity with AI a...
Don't just talk to AI, do more with AI: how to improve productivity with AI a...
All Things Open
?
The Best of Both Worlds: Hybrid Clustering with Delta Lake
The Best of Both Worlds: Hybrid Clustering with Delta LakeThe Best of Both Worlds: Hybrid Clustering with Delta Lake
The Best of Both Worlds: Hybrid Clustering with Delta Lake
carlyakerly1
?
CSUN 2025 - Interactive Charts for Everyone.pptx
CSUN 2025 - Interactive Charts for Everyone.pptxCSUN 2025 - Interactive Charts for Everyone.pptx
CSUN 2025 - Interactive Charts for Everyone.pptx
?ystein Moseng
?
Large Language Models vs Small Language Models
Large Language Models vs Small Language ModelsLarge Language Models vs Small Language Models
Large Language Models vs Small Language Models
Nathan Bijnens
?
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
All Things Open
?
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdfBest Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Hercules Hoists
?
Digital Nepal Framework 2.0: A Step Towards a Digitally Empowered Nepal
Digital Nepal Framework 2.0: A Step Towards a Digitally Empowered NepalDigital Nepal Framework 2.0: A Step Towards a Digitally Empowered Nepal
Digital Nepal Framework 2.0: A Step Towards a Digitally Empowered Nepal
ICT Frame Magazine Pvt. Ltd.
?
B2B SaaS - Reduce Churn using Proactive Support.pdf
B2B SaaS - Reduce Churn using Proactive Support.pdfB2B SaaS - Reduce Churn using Proactive Support.pdf
B2B SaaS - Reduce Churn using Proactive Support.pdf
Vijay Chandran
?
Comparative Analysis of Reasoning Techniques
Comparative Analysis of Reasoning TechniquesComparative Analysis of Reasoning Techniques
Comparative Analysis of Reasoning Techniques
HoussemEddineDEGHA
?
Google News Consideration for SEO | Google Search NYC
Google News Consideration for SEO | Google Search NYCGoogle News Consideration for SEO | Google Search NYC
Google News Consideration for SEO | Google Search NYC
Primary Position
?
DevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdfDevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdf
judy (fink) johnson
?
IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]
IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]
IObit Driver Booster Pro Crack 12.2.0 with License Key [2025]
jamesfolkner123
?
Using Tags in Ansible Playbooks RHCE.pdf
Using Tags in Ansible Playbooks RHCE.pdfUsing Tags in Ansible Playbooks RHCE.pdf
Using Tags in Ansible Playbooks RHCE.pdf
RHCSA Guru
?
UiPath Automation Developer Associate Training Series 2025 - Session 7
UiPath Automation Developer Associate Training Series 2025 - Session 7UiPath Automation Developer Associate Training Series 2025 - Session 7
UiPath Automation Developer Associate Training Series 2025 - Session 7
DianaGray10
?
Create a Beautiful Terminal for Windows ?
Create a Beautiful Terminal for Windows ?Create a Beautiful Terminal for Windows ?
Create a Beautiful Terminal for Windows ?
Chris Wahl
?
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdfTaking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Precisely
?
TrustArc Webinar: Strategies for Future-Proofing Privacy for Healthcare
TrustArc Webinar: Strategies for Future-Proofing Privacy for HealthcareTrustArc Webinar: Strategies for Future-Proofing Privacy for Healthcare
TrustArc Webinar: Strategies for Future-Proofing Privacy for Healthcare
TrustArc
?
Women in Automation: Career Development & Leadership in Automation
Women in Automation: Career Development & Leadership in AutomationWomen in Automation: Career Development & Leadership in Automation
Women in Automation: Career Development & Leadership in Automation
UiPathCommunity
?
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdfPrecisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely
?

introduction to jsrsasign

  • 1. introduction?to jsrsasign pure?JavaScript?cryptographic?library slide?r1.0?(2016?Sep?3?for?jsrsasign?5.0.15) press key or right bottom buttons to move slides https://kjur.github.io/jsrsasign @kjur / Kenji Urushima
  • 2. Table?of?Contents Overview How to use or install RSA/DSA/ECDSA public key cryptography Cryptographic Hash (SHA1/SHA2/MD5/RIPEMD160) Message Authentication Code (HmacSHA1/SHA2/MD5) short ASN.1 introduction ASN1HEX: simple ASN.1 parser X509: simple X.509 certi cate parser generate and encode ASN.1 JSON Web Key/Signature/Token (JWK/JWS/JWT) Tools, Demos, Tutorials and API Docs
  • 3. Overview The "jsrsasign" ( ) is a open source free cryptograhic library implemented by pure JavaScript. It supports a lot of features such as following: strong RSA/DSA/ECDSA key utility RSA/DSA/ECDSA digital signature message authentication code(MAC) hash (MD5,RIPEMD,SHA1,SHA2) simple ASN.1 parser ASN.1 object generator X.509 certi cate and CRL PKCS#1/5/8 private/public key PKCS#10/CSR CMS SignedData RFC 3161 TimeStamp CAdES long term signature JWS (JSON Web Signatures) JWT (JSON Web Token) JWK (JSON Web Key) string utility https://kjur.github.io/jsrsasign/
  • 4. Overview?(cont'd) well-documented "jsrsasign" has rich and so that you can learn easily. many samples and tools "jsrsasign" provides many samples and tools. easy installation "jsrsasign" can be easily installed by "git clone", bower and npm. There is no dependency to other package or module. works on most of browsers and Node.js "jsrsasign" doesn't require any special feature of JavaScript on the browser such like W3C Web Crypto or Promise. This works on most of browsers and Node.js as if old one. MIT license "jsrsasign" is licensed under "MIT License" which is short and permissive for developers convenience. API reference tutorial
  • 6. How?to?use?or?install For bower: For Node.js: O course, you can use git: Or to use it in your web page, add following in your HTML: % bower install jsrsasign % npm install -g jsrsasign (for global installation) % git clone https://github.com/kjur/jsrsasign.git <script src=/slideshow/introduction-to-jsrsasign/65680143/"https:/kjur.github.io/jsrsasign/jsrsasign- latest-all-min.js"></script>
  • 8. KEYUTIL?class:?Features supports RSA/DSA/ECC algorithm generateKeypair() for RSA/ECC getKey(): key loader PKCS#1/5 plain/encryptped private/public PEM/HEX key PKCS#8 plain/encryptped private/public PEM/HEX key X.509 PEM certi cate public/private RFC 7517 JSON Web Key (JWK) getPEM() to get plain/encrypted private/public PKCS#1/5/8 PEM getJWKFromKey() to get RFC 7517 JSON Web Key (JWK)
  • 9. KEYUTIL.generateKeypair() generateKeypair method can be used to generate RSA/ECC key pair. // RSA keypair = KEYUTIL.generateKeypair("RSA", 2048); // ECC keypair = KEYUTIL.generateKeypair("EC", "secp256r1"); // // private key object: keypair.prvKeyObj // public key object: keypair.pubKeyObj
  • 10. KEYUTIL.getKey() getKey method can load a lot of format of public and private key such as PKCS#1/5/8 or JWK very easily. // PKCS#8 public key pub = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); // public key from X.509 certi cate pub = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); // PKCS#8 encrypted private with password prv = KEYUTIL.getKey("-----BEGIN ENCRYPTED PRIVATE KEY...", "pass");
  • 11. sign?data sign a data with your private key using Signature object as like Java JCE. // load private key prv = KEYUTIL.getKey("-----BEGIN ENCRYPTED PRIVATE KEY...", "pass"); // generate Signature object sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"}); // set private key for sign sig.init(prv); // update data sig.updateString("aaa"); // calclate signature sigHex = sig.sign();
  • 12. verify?signature sign a data with your private key using Signature object as like Java JCE. // load public key pub = KEYUTIL.getKey("-----BEGIN CERTIFICATE..."); // generate Signature object sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"}); // set private key for sign sig.init(pub); // update data sig.updateString("aaa"); // verify signature isValid = sig.verify(sigValueHex);
  • 14. calculate?hash?by MessageDigest?class calculate hash using MessageDigest class just like Java JCE // generate MessageDigest object for SHA384 md = new KJUR.crypto.MessageDigest({alg: "sha384"}); // append data for hash md.updateString("aaa"); // calculate hash nally mdHex = md.digest(); // or use Util class in short. These three will get the same result. mdHex = KJUR.crypto.Util.sha384("aaa"); mdHex = KJUR.crypto.Util.hashString("aaa","sha384"); mdHex = KJUR.crypto.Util.hashHex("616161","sha384");
  • 16. calculate?Mac?by?Mac?class calculate message authentication code by Mac class just like Java JCE // generate Mac class mac = new KJUR.crypto.Mac({alg: "HmacSHA256", pass: "pass"}); // append data for Mac mac.updateString('aaa'); // get Mac value macHex = md.doFinal(); pass parameter supports some value formats like this: hexadecimal {hex: "616161"} UTF-8 {utf8: "|"} Base64 {b64: "Mi02/+...a=="} Base64URL {b64u: "Mi02_-...a"}
  • 18. short?ASN.1?introduction ASN.1 is a binary encording of structured data consists of a data type tag(T), byte length(L) and value(V). ASN.1 encoding is used in network protocol or format such like X.509 certi cate, private/public key formats, S/MIME data, digital time stamp, Radius. FEATURE1: variable length data exceeds int or long. FEATURE2: structured data is also available.
  • 19. short?ASN.1?introduction (cont'd) Structured data can be represented by SEQUENCE or SET.
  • 21. ASN1HEX?basic?methods ASN1HEX methods can be used for getting tag, length or value of ASN.1 object of hexadecimal string at speci ed position.
  • 22. ASN1HEX?basic?methods (cont'd) get a list of indexes of child elements.
  • 23. ASN1HEX?for?decendant element To refer a decendant element of nested structured ASN.1, use "nthList" which represent indexes for each nested layer. This is very useful to specify a deep nested element such like subject name of X.509 certi cate. getDecendantHexTLVByNthList(s,0,[0,0]) "020104" getDecendantHexLByNthList(s,0,[0,0]) "01" getDecendantHexVByNthList(s,0,[0,0]) "04" getDecendantIndexByNthList(s,0,[0,0]) 8
  • 25. X509?class Basic?fields?and?extensions?can?be?get?by?X509?class. x = new X509(); x.readCertPEM(sCertPEM); hex = X.509.pemToHex(sCertPEM); // get subject subject = x.getSubjectString(); // return like "/C=US/O=OTEST" // get subjectAltName san = X.509.getExtSubjectAltName(hex); // return like ["example.com", "example.org"] There are a lot of methods to get elds and extensions. Please see in detail.manual
  • 27. generate?and?encode?ASN.1?(cont'd) Classes for ASN.1 primitives and structured types, as well as X.509 certi cate, CRL, CSR, CMS signed data, digital time stamp and CAdES are de ned in jsrsasign. i1 = new KJUR.asn1.DERInteger({int: 234}); s1 = new KJUR.asn1.DERUTF8String({str: 'Tokyo'}}); seq = new KJUR.asn1.DERSequence({array: [i1, s1]}); hex = seq.getEncodedHex(); Please see in detail. It's very similar to BoucyCastle or IAIK Java ASN.1 classes. However, there is much more easy way... manual
  • 28. generate?and?encode?ASN.1?using newObject It's very easy to generate complicated ASN.1 object by ASN1Util.newObject var hex = new KJUR.asn1.ASN1Util.newObject( {seq: [// SEQUENCE {int: 234},// INTEGER {utf8str: 'Tokyo'}// UTF8String ]} ).getEncodedHex();
  • 29. get?PEM?of?X.509?certificate?by X509Util.newCertPEM It's very easy to generate PEM of X.509 certi cate by . pem = new KJUR.asn1.x509.X509Util.newCertPEM({ serial: {int: 4}, sigalg: {name: 'SHA256withECDSA', paramempty: true}, issuer: {str: '/C=US/O=CA1'}, notbefore: {str: '130504235959Z'}, notafter: {str: '140504235959Z'}, subject: {str: '/C=US/O=T1'}, sbjpubkey: "-----BEGIN PUBLIC KEY...", ext: [ {basicConstraints: {cA: true, critical: true}}, {keyUsage: {bin: '11'}}, ], cakey: ["-----BEGIN PRIVATE KEY...", "pass"] }); X509Util.newCertPEM
  • 30. get?PEM?of?PKCS#10/CSRT?by CSRUtil.newCSRPEM It's very easy to generate PEM of CSR(certi cate signing request) by . kp = KEYUTIL.generateKeypair("RSA", 2048); pem = new KJUR.asn1.csr.CSRUtil.newCSRPEM({ subject: {str: '/C=US/O=Test/CN=example.com'}, sbjpubkey: kp.pubKeyObj, sigalg: "SHA256withRSA", sbjprvkey: kp.prvKeyObj }); CSRUtil.newCSRPEM
  • 32. JWK?(JSON?Web?Key) jsrsasign can load and export RFC 7517 JSON Web Key (JWK). // load JWK jwkPub = {kty: "EC", crv: "P-256", x: "f830J3..." ...}; keyObj = KEYUTIL.getKey(jwkPub); // export to JWK kp = KEYUTIL.generateKeypair("RSA", 2048); jwkPrv = KEYUTIL.getJWKFromKey(kp.prvKeyObj); jwkPub = KEYUTIL.getJWKFromKey(kp.pubKeyObj);
  • 33. JWS?(JSON?Web?Signatures) jsrsasign can sign and verify RFC 7515 JSON Web Signatures (JWS). // sign JWS header = {alg: "HS256"}; payload = {fruit: "orange"}; jws = KJUR.jws.JWS.sign("HS256", header, payload, {utf8: "secret"}); // eyJhbGciOiJIUzI1NiJ9.eyJmcnVpdCI6Im9yYW5nZSJ9. // qbIF5WMbXYMFMh_UXjL2CGts5KPVU7yF7AbOdoyoPZI // verify JWS isValid = KJUR.jws.JWS.verify(jws, {utf8: "secret"}, ["HS256"]); This result can also be veri ed at .jwt.io
  • 35. JWT?(JSON?Web?Token) jsrsasign can sign and verify RFC 7519 JSON Web Token (JWT). // sign JWT header = {alg: "HS256", typ: "JWT"}; payload = {sub: "123456789", name: "John Doe", admin: true}; jwt = KJUR.jws.JWS.sign("HS256", header, payload, {utf8: "secret"}); // eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY // 3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95 // OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ // verify JWT isValid = KJUR.jws.JWS.verifyJWT(jwt, {utf8: "secret"}, { alg: ["HS256"], sub: ["John Doe"] }); This result can also be veri ed at .jwt.io
  • 36. jsrsasign?at?jwt.io site have kindly listed jsrsasign. jwt.io provides JWT validator which uses . jwt.io old version of jsrsasign 4.1.5
  • 38. Tools?and?demos jsrsasign provides a lot of tools which use jsrsasign as example. Please see the as for onliene tools. Also see as for Node tools. As for demonstrations, please see . this list list this list
  • 39. Tutorials jsrsasign provides to make it easy to learn jsrsasign programming. tutorial documents
  • 40. API?Reference jsrsasign provides detailed document. API reference also has examples. API Reference