Skip to content

Commit

Permalink
New release 1.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@YuryStrozhevsky
YuryStrozhevsky committed Mar 22, 2015
1 parent 07168ff commit ebea506
Show file tree
Hide file tree
Showing 18 changed files with 2,678 additions and 483 deletions.
16 changes: 10 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,24 +15,28 @@ Public Key Infrastructure (PKI) is the basis of how identity and key management

## Features of the library

* Fully object-oriented library. Inhiritence is using everywhere inside the lib;.
* Working with HTML5 data objects (ArrayBuffer, Uint8Array, Promises, WebCrypto, etc.).
* Fully object-oriented library. Inhiritence is using everywhere inside the lib;
* Working with HTML5 data objects (ArrayBuffer, Uint8Array, Promises, WebCrypto, etc.);
* Has a complete set of helpers for working with types like:
* GeneralName;
* RelativeDistinguishedName;
* Time;
* AlgorithmIdentifier;
* All types of ASN.1 strings, including "international" like UniversalString, UTF8String and BMPString (with help from [ASN1js][]);
* All extension types of X.509 certificates (BasicConstraints, CertificatePolicies, AuthorityKeyIdentifier etc.)
* All extension types of X.509 certificates (BasicConstraints, CertificatePolicies, AuthorityKeyIdentifier etc.);
* All "support types" for OCSP requests and responces;
* All "support types" for Time-Stamping Protocol (TSP) requests and responces.
* Has own certification chain verification engine, purelly made on JavaScript with help from Promises and WebCrypto latest standard implementation;
* All "support types" for Time-Stamping Protocol (TSP) requests and responces;
* **Has own certification chain verification engine, purelly made on JavaScript with help from Promises and WebCrypto latest standard implementation;**
* Working with **all** WebCrypto signature algorithms:
* RSASSA-PKCS1-v1_5;
* RSA-PSS;
* ECDSA;
* Working with all major PKI-related types ("minor" types are not mentioned here but there are huge number of such "minor types"):
* X.509 certificates:
* Parsing internal values;
* Getting/setting any internal values;
* Creatiion of a new X.509 certificate "from scratch";
* Internal certificate chain validation engine.
* **Internal certificate chain validation engine**;
* X.509 "certificate revocation lists" (CRLs):
* Parsing internal values;
* Getting/setting any internal values;
Expand Down
68 changes: 35 additions & 33 deletions examples/CMS Signed complex example/CMSSigned_complex_example.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,32 +248,37 @@
var publicKey;
var privateKey;

var hash_algorithm = "sha-1";
var hash_algorithm_oid = "1.3.14.3.2.26";
var signature_algorithm = "1.2.840.113549.1.1.5";

var hash_algorithm;
var hash_option = document.getElementById("hash_alg").value;
switch(hash_option)
{
case "alg_SHA1":
hash_algorithm = "sha-1";
hash_algorithm_oid = "1.3.14.3.2.26";
signature_algorithm = "1.2.840.113549.1.1.5";
break;
case "alg_SHA256":
hash_algorithm = "sha-256";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.1";
signature_algorithm = "1.2.840.113549.1.1.11";
break;
case "alg_SHA384":
hash_algorithm = "sha-384";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.2";
signature_algorithm = "1.2.840.113549.1.1.12";
break;
case "alg_SHA512":
hash_algorithm = "sha-512";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.3";
signature_algorithm = "1.2.840.113549.1.1.13";
break;
default:;
}

var signature_algorithm_name;
var sign_option = document.getElementById("sign_alg").value;
switch(sign_option)
{
case "alg_RSA15":
signature_algorithm_name = "RSASSA-PKCS1-V1_5";
break;
case "alg_RSA2":
signature_algorithm_name = "RSA-PSS";
break;
case "alg_ECDSA":
signature_algorithm_name = "ECDSA";
break;
default:;
}
Expand Down Expand Up @@ -343,16 +348,19 @@
parsedValue: key_usage // Parsed value for well-known extensions
}));
// #endregion

cert_simpl.signatureAlgorithm.algorithm_id = signature_algorithm;
cert_simpl.signature.algorithm_id = cert_simpl.signatureAlgorithm.algorithm_id; // Must be the same value
// #endregion

// #region Create a new key pair
sequence = sequence.then(
function()
{
return crypto.generateKey({ name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]), hash: { name: hash_algorithm } }, true, ["sign", "verify"]);
// #region Get default algorithm parameters for key generation
var algorithm = org.pkijs.getAlgorithmParameters(signature_algorithm_name, "generatekey");
if("hash" in algorithm.algorithm)
algorithm.algorithm.hash.name = hash_algorithm;
// #endregion

return crypto.generateKey(algorithm.algorithm, true, algorithm.usages);
}
);
// #endregion
Expand Down Expand Up @@ -384,7 +392,7 @@
sequence = sequence.then(
function()
{
return cert_simpl.sign(privateKey);
return cert_simpl.sign(privateKey, hash_algorithm);
},
function(error)
{
Expand Down Expand Up @@ -498,12 +506,6 @@
{
cms_signed_simpl = new org.pkijs.simpl.CMS_SIGNED_DATA({
version: 1,
digestAlgorithms: [
new org.pkijs.simpl.ALGORITHM_IDENTIFIER({
algorithm_id: hash_algorithm_oid,
algorithm_params: new org.pkijs.asn1.NULL()
}) // SHA-1
],
encapContentInfo: new org.pkijs.simpl.cms.EncapsulatedContentInfo({
eContentType: "1.2.840.113549.1.7.1", // "data" content type
eContent: new org.pkijs.asn1.OCTETSTRING({ value_hex: buffer })
Expand All @@ -514,15 +516,7 @@
sid: new org.pkijs.simpl.cms.IssuerAndSerialNumber({
issuer: cert_simpl.issuer,
serialNumber: cert_simpl.serialNumber
}),
digestAlgorithm: new org.pkijs.simpl.ALGORITHM_IDENTIFIER({
algorithm_id: hash_algorithm_oid,
algorithm_params: new org.pkijs.asn1.NULL()
}), // SHA-1
signatureAlgorithm: new org.pkijs.simpl.ALGORITHM_IDENTIFIER({
algorithm_id: "1.2.840.113549.1.1.1",
algorithm_params: new org.pkijs.asn1.NULL()
}), // RSA (PKCS #1 v1.5) key transport algorithm
})
})
],
certificates: [cert_simpl]
Expand All @@ -536,7 +530,7 @@
});
}

return cms_signed_simpl.sign(privateKey, 0);
return cms_signed_simpl.sign(privateKey, 0, hash_algorithm);
}
);
// #endregion
Expand Down Expand Up @@ -932,6 +926,14 @@
<option value="alg_SHA512">SHA-512</option>
</select>
</p>
<p>
<label for="sign_alg" style="font-weight:bold">Signature algorithm:</label>
<select id="sign_alg">
<option value="alg_RSA15">RSASSA-PKCS1-v1_5</option>
<option value="alg_RSA2">RSA-PSS</option>
<option value="alg_ECDSA">ECDSA</option>
</select>
</p>
<label for="new_signed_data" style="font-weight:bold;float:left;">CMS data + BASE-64 encoded new certificate + PKCS#8 private key:</label>
<textarea id="new_signed_data">&lt; New CSM signed data + new encoded certificate + PKCS#8 exported private key will be stored here &gt;</textarea>
</div>
Expand Down
50 changes: 33 additions & 17 deletions examples/CRL complex example/CRL_complex_example.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,32 +241,37 @@
var publicKey;
var privateKey;

var hash_algorithm = "sha-1";
var hash_algorithm_oid = "1.3.14.3.2.26";
var signature_algorithm = "1.2.840.113549.1.1.5";

var hash_algorithm;
var hash_option = document.getElementById("hash_alg").value;
switch(hash_option)
{
case "alg_SHA1":
hash_algorithm = "sha-1";
hash_algorithm_oid = "1.3.14.3.2.26";
signature_algorithm = "1.2.840.113549.1.1.5";
break;
case "alg_SHA256":
hash_algorithm = "sha-256";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.1";
signature_algorithm = "1.2.840.113549.1.1.11";
break;
case "alg_SHA384":
hash_algorithm = "sha-384";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.2";
signature_algorithm = "1.2.840.113549.1.1.12";
break;
case "alg_SHA512":
hash_algorithm = "sha-512";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.3";
signature_algorithm = "1.2.840.113549.1.1.13";
break;
default:;
}

var signature_algorithm_name;
var sign_option = document.getElementById("sign_alg").value;
switch(sign_option)
{
case "alg_RSA15":
signature_algorithm_name = "RSASSA-PKCS1-V1_5";
break;
case "alg_RSA2":
signature_algorithm_name = "RSA-PSS";
break;
case "alg_ECDSA":
signature_algorithm_name = "ECDSA";
break;
default:;
}
Expand Down Expand Up @@ -318,16 +323,19 @@
extnID: "2.5.29.20", // cRLNumber
extnValue: (new org.pkijs.asn1.INTEGER({ value: 2 })).toBER(false)
})];

crl_simpl.signatureAlgorithm.algorithm_id = signature_algorithm;
crl_simpl.signature.algorithm_id = signature_algorithm;
// #endregion

// #region Create a new key pair
sequence = sequence.then(
function()
{
return crypto.generateKey({ name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]), hash: { name: hash_algorithm } }, true, ["sign", "verify"]);
// #region Get default algorithm parameters for key generation
var algorithm = org.pkijs.getAlgorithmParameters(signature_algorithm_name, "generatekey");
if("hash" in algorithm.algorithm)
algorithm.algorithm.hash.name = hash_algorithm;
// #endregion

return crypto.generateKey(algorithm.algorithm, true, algorithm.usages);
}
);
// #endregion
Expand All @@ -353,7 +361,7 @@
sequence = sequence.then(
function()
{
return crl_simpl.sign(privateKey);
return crl_simpl.sign(privateKey, hash_algorithm);
},
function(error)
{
Expand Down Expand Up @@ -630,6 +638,14 @@
<option value="alg_SHA512">SHA-512</option>
</select>
</p>
<p>
<label for="sign_alg" style="font-weight:bold">Signature algorithm:</label>
<select id="sign_alg">
<option value="alg_RSA15">RSASSA-PKCS1-v1_5</option>
<option value="alg_RSA2">RSA-PSS</option>
<option value="alg_ECDSA">ECDSA</option>
</select>
</p>
<label for="new_signed_data" style="font-weight:bold;float:left;">BASE-64 encoded new certificate + PKCS#8 private key:</label>
<textarea id="new_signed_data">&lt; New encoded certificate + PKCS#8 exported private key will be stored here &gt;</textarea>
<a onclick="create_CRL();">Create</a>
Expand Down
61 changes: 37 additions & 24 deletions examples/Certificate complex example/X509_cert_complex_example.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,32 +340,37 @@
var publicKey;
var privateKey;

var hash_algorithm = "sha-1";
var hash_algorithm_oid = "1.3.14.3.2.26";
var signature_algorithm = "1.2.840.113549.1.1.5";

var hash_algorithm;
var hash_option = document.getElementById("hash_alg").value;
switch(hash_option)
{
case "alg_SHA1":
hash_algorithm = "sha-1";
hash_algorithm_oid = "1.3.14.3.2.26";
signature_algorithm = "1.2.840.113549.1.1.5";
break;
case "alg_SHA256":
hash_algorithm = "sha-256";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.1";
signature_algorithm = "1.2.840.113549.1.1.11";
break;
case "alg_SHA384":
hash_algorithm = "sha-384";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.2";
signature_algorithm = "1.2.840.113549.1.1.12";
break;
case "alg_SHA512":
hash_algorithm = "sha-512";
hash_algorithm_oid = "2.16.840.1.101.3.4.2.3";
signature_algorithm = "1.2.840.113549.1.1.13";
break;
default:;
}

var signature_algorithm_name;
var sign_option = document.getElementById("sign_alg").value;
switch(sign_option)
{
case "alg_RSA15":
signature_algorithm_name = "RSASSA-PKCS1-V1_5";
break;
case "alg_RSA2":
signature_algorithm_name = "RSA-PSS";
break;
case "alg_ECDSA":
signature_algorithm_name = "ECDSA";
break;
default:;
}
Expand Down Expand Up @@ -435,16 +440,19 @@
parsedValue: key_usage // Parsed value for well-known extensions
}));
// #endregion

cert_simpl.signatureAlgorithm.algorithm_id = signature_algorithm;
cert_simpl.signature.algorithm_id = cert_simpl.signatureAlgorithm.algorithm_id; // Must be the same value
// #endregion

// #region Create a new key pair
sequence = sequence.then(
function()
{
return crypto.generateKey({ name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]), hash: { name: hash_algorithm } }, true, ["sign", "verify"]);
// #region Get default algorithm parameters for key generation
var algorithm = org.pkijs.getAlgorithmParameters(signature_algorithm_name, "generatekey");
if("hash" in algorithm.algorithm)
algorithm.algorithm.hash.name = hash_algorithm;
// #endregion

return crypto.generateKey(algorithm.algorithm, true, algorithm.usages);
}
);
// #endregion
Expand Down Expand Up @@ -476,7 +484,7 @@
sequence = sequence.then(
function()
{
return cert_simpl.sign(privateKey);
return cert_simpl.sign(privateKey, hash_algorithm);
},
function(error)
{
Expand Down Expand Up @@ -668,21 +676,18 @@

// #region Put information about signature algorithm
var algomap = {
"1.2.840.113549.2.1": "MD2",
"1.2.840.113549.1.1.2": "MD2 with RSA",
"1.2.840.113549.2.5": "MD5",
"1.2.840.113549.1.1.4": "MD5 with RSA",
"1.3.14.3.2.26": "SHA1",
"1.2.840.10040.4.3": "SHA1 with DSA",
"1.2.840.10045.4.1": "SHA1 with ECDSA",
"1.2.840.10045.4.3.2": "SHA256 with ECDSA",
"1.2.840.10045.4.3.3": "SHA384 with ECDSA",
"1.2.840.10045.4.3.4": "SHA512 with ECDSA",
"1.2.840.113549.1.1.10": "RSA-PSS",
"1.2.840.113549.1.1.5": "SHA1 with RSA",
"2.16.840.1.101.3.4.2.4": "SHA224",
"1.2.840.113549.1.1.14": "SHA224 with RSA",
"2.16.840.1.101.3.4.2.1": "SHA256",
"1.2.840.113549.1.1.11": "SHA256 with RSA",
"2.16.840.1.101.3.4.2.2": "SHA384",
"1.2.840.113549.1.1.12": "SHA384 with RSA",
"2.16.840.1.101.3.4.2.3": "SHA512",
"1.2.840.113549.1.1.13": "SHA512 with RSA"
}; // array mapping of common algorithm OIDs and corresponding types

Expand Down Expand Up @@ -905,6 +910,14 @@
<option value="alg_SHA512">SHA-512</option>
</select>
</p>
<p>
<label for="sign_alg" style="font-weight:bold">Signature algorithm:</label>
<select id="sign_alg">
<option value="alg_RSA15">RSASSA-PKCS1-v1_5</option>
<option value="alg_RSA2">RSA-PSS</option>
<option value="alg_ECDSA">ECDSA</option>
</select>
</p>
<label for="new_signed_data" style="font-weight:bold;float:left;">BASE-64 encoded new certificate + PKCS#8 private key:</label>
<textarea id="new_signed_data">&lt; New encoded certificate + PKCS#8 exported private key will be stored here &gt;</textarea>
<a onclick="create_CERT();">Create</a>
Expand Down
Loading

0 comments on commit ebea506

Please sign in to comment.