Forge

A native implementation of TLS in Javascript and tools to write crypto-base...

Crypto
digitalbazaar/forgedigitalbazaar.com/node-forge

README

Forge

npm package
Build Status

A native implementation of [TLS][] (and various other cryptographic tools) in
[JavaScript][].

Introduction

The Forge software is a fully native implementation of the [TLS][] protocol
in JavaScript, a set of cryptography utilities, and a set of tools for
developing Web Apps that utilize many network resources.

Performance

Forge is fast. Benchmarks against other popular JavaScript cryptography
libraries can be found here:

http://dominictarr.github.io/crypto-bench/
http://cryptojs.altervista.org/test/simulate-threading-speed_test.html

Documentation

Introduction
Performance
Installation
Testing
Contributing

API


Options

Transports


TLS
HTTP
SSH
XHR
Sockets

Ciphers


CIPHER
AES
DES
RC2

PKI


ED25519
RSA
RSA-KEM
X.509
PKCS#5
PKCS#7
PKCS#8
PKCS#10
PKCS#12
ASN.1

Message Digests


SHA1
SHA256
SHA384
SHA512
MD5
HMAC

Utilities


Prime
PRNG
Tasks
Utilities
Logging
Flash Networking Support

Other


Security Considerations
Library Background
Contact
Donations


Installation

Note: Please see the Security Considerations
section before using packaging systems and pre-built files.

Forge uses a [CommonJS][] module structure with a build process for browser
bundles. The older [0.6.x][] branch with standalone files is available but will
not be regularly updated.

Node.js


If you want to use forge with [Node.js][], it is available through npm:

https://www.npmjs.com/package/node-forge

Installation:

    npm install node-forge

You can then use forge as a regular module:

  1. ``` js
  2. var forge = require('node-forge');
  3. ```

The npm package includes pre-built forge.min.js, forge.all.min.js, and
prime.worker.min.js using the [UMD][] format.

jsDelivr CDN


To use it via jsDelivr include this in your html:

  1. ``` html
  2. <script src="https://cdn.jsdelivr.net/npm/node-forge@1.0.0/dist/forge.min.js"></script>
  3. ```

unpkg CDN


To use it via unpkg include this in your html:

  1. ``` html
  2. <script src="https://unpkg.com/node-forge@1.0.0/dist/forge.min.js"></script>
  3. ```

Development Requirements


The core JavaScript has the following requirements to build and test:

Building a browser bundle:
  Node.js
  npm
Testing
  Node.js
  npm
  Chrome, Firefox, Safari (optional)

Some special networking features can optionally use a Flash component.  See the
Flash README for details.

Building for a web browser


To create single file bundles for use with browsers run the following:

    npm install
    npm run build

This will create single non-minimized and minimized files that can be
included in the browser:

    dist/forge.js
    dist/forge.min.js

A bundle that adds some utilities and networking support is also available:

    dist/forge.all.js
    dist/forge.all.min.js

Include the file via:

  1. ``` html
  2. <script src="YOUR_SCRIPT_PATH/forge.js"></script>
  3. ```
or
  1. ``` html
  2. <script src="YOUR_SCRIPT_PATH/forge.min.js"></script>
  3. ```

The above bundles will synchronously create a global 'forge' object.

Note: These bundles will not include any WebWorker scripts (eg:
dist/prime.worker.js), so these will need to be accessible from the browser
if any WebWorkers are used.

Building a custom browser bundle


The build process uses [webpack][] and the config file
can be modified to generate a file or files that only contain the parts of
forge you need.

[Browserify][] override support is also present in package.json.

Testing

Prepare to run tests


    npm install

Running automated tests with Node.js


Forge natively runs in a [Node.js][] environment:

    npm test

Running automated tests with Headless Chrome


Automated testing is done via [Karma][]. By default it will run the tests with
Headless Chrome.

    npm run test-karma

Is 'mocha' reporter output too verbose? Other reporters are available. Try
'dots', 'progress', or 'tap'.

    npm run test-karma -- --reporters progress

By default [webpack][] is used. [Browserify][] can also be used.

    BUNDLER=browserify npm run test-karma

Running automated tests with one or more browsers


You can also specify one or more browsers to use.

    npm run test-karma -- --browsers Chrome,Firefox,Safari,ChromeHeadless

The reporter option and BUNDLER environment variable can also be used.

Running manual tests in a browser


Testing in a browser uses [webpack][] to combine forge and all tests and then
loading the result in a browser. A simple web server is provided that will
output the HTTP or HTTPS URLs to load. It also will start a simple Flash Policy
Server. Unit tests and older legacy tests are provided. Custom ports can be
used by running node tests/server.js manually.

To run the unit tests in a browser a special forge build is required:

    npm run test-build

To run legacy browser based tests the main forge build is required:

    npm run build

The tests are run with a custom server that prints out the URLs to use:

    npm run test-server

Running other tests


There are some other random tests and benchmarks available in the tests
directory.

Coverage testing


To perform coverage testing of the unit tests, run the following. The results
will be put in the coverage/ directory. Note that coverage testing can slow
down some tests considerably.

    npm install
    npm run coverage

Contributing

Any contributions (eg: PRs) that are accepted will be brought under the same
license used by the rest of the Forge project. This license allows Forge to
be used under the terms of either the BSD License or the GNU General Public
License (GPL) Version 2.

See: LICENSE

If a contribution contains 3rd party source code with its own license, it
may retain it, so long as that license is compatible with the Forge license.

API


Options


If at any time you wish to disable the use of native code, where available,
for particular forge features like its secure random number generator, you
may set the forge.options.usePureJavaScript flag to true . It is
not recommended that you set this flag as native code is typically more
performant and may have stronger security properties. It may be useful to
set this flag to test certain features that you plan to run in environments
that are different from your testing environment.

To disable native code when including forge in the browser:

  1. ``` js
  2. // run this *after* including the forge script
  3. forge.options.usePureJavaScript = true;
  4. ```

To disable native code when using Node.js:

  1. ``` js
  2. var forge = require('node-forge');
  3. forge.options.usePureJavaScript = true;
  4. ```

Transports


TLS


Provides a native javascript client and server-side [TLS][] implementation.

__Examples__

  1. ``` js
  2. // create TLS client
  3. var client = forge.tls.createConnection({
  4.   server: false,
  5.   caStore: /* Array of PEM-formatted certs or a CA store object */,
  6.   sessionCache: {},
  7.   // supported cipher suites in order of preference
  8.   cipherSuites: [
  9.     forge.tls.CipherSuites.TLS_RSA_WITH_AES_128_CBC_SHA,
  10.     forge.tls.CipherSuites.TLS_RSA_WITH_AES_256_CBC_SHA],
  11.   virtualHost: 'example.com',
  12.   verify: function(connection, verified, depth, certs) {
  13.     if(depth === 0) {
  14.       var cn = certs[0].subject.getField('CN').value;
  15.       if(cn !== 'example.com') {
  16.         verified = {
  17.           alert: forge.tls.Alert.Description.bad_certificate,
  18.           message: 'Certificate common name does not match hostname.'
  19.         };
  20.       }
  21.     }
  22.     return verified;
  23.   },
  24.   connected: function(connection) {
  25.     console.log('connected');
  26.     // send message to server
  27.     connection.prepare(forge.util.encodeUtf8('Hi server!'));
  28.     /* NOTE: experimental, start heartbeat retransmission timer
  29.     myHeartbeatTimer = setInterval(function() {
  30.       connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
  31.     }, 5*60*1000);*/
  32.   },
  33.   /* provide a client-side cert if you want
  34.   getCertificate: function(connection, hint) {
  35.     return myClientCertificate;
  36.   },
  37.   /* the private key for the client-side cert if provided */
  38.   getPrivateKey: function(connection, cert) {
  39.     return myClientPrivateKey;
  40.   },
  41.   tlsDataReady: function(connection) {
  42.     // TLS data (encrypted) is ready to be sent to the server
  43.     sendToServerSomehow(connection.tlsData.getBytes());
  44.     // if you were communicating with the server below, you'd do:
  45.     // server.process(connection.tlsData.getBytes());
  46.   },
  47.   dataReady: function(connection) {
  48.     // clear data from the server is ready
  49.     console.log('the server sent: ' +
  50.       forge.util.decodeUtf8(connection.data.getBytes()));
  51.     // close connection
  52.     connection.close();
  53.   },
  54.   /* NOTE: experimental
  55.   heartbeatReceived: function(connection, payload) {
  56.     // restart retransmission timer, look at payload
  57.     clearInterval(myHeartbeatTimer);
  58.     myHeartbeatTimer = setInterval(function() {
  59.       connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
  60.     }, 5*60*1000);
  61.     payload.getBytes();
  62.   },*/
  63.   closed: function(connection) {
  64.     console.log('disconnected');
  65.   },
  66.   error: function(connection, error) {
  67.     console.log('uh oh', error);
  68.   }
  69. });

  71. // start the handshake process
  72. client.handshake();

  74. // when encrypted TLS data is received from the server, process it
  75. client.process(encryptedBytesFromServer);

  77. // create TLS server
  78. var server = forge.tls.createConnection({
  79.   server: true,
  80.   caStore: /* Array of PEM-formatted certs or a CA store object */,
  81.   sessionCache: {},
  82.   // supported cipher suites in order of preference
  83.   cipherSuites: [
  84.     forge.tls.CipherSuites.TLS_RSA_WITH_AES_128_CBC_SHA,
  85.     forge.tls.CipherSuites.TLS_RSA_WITH_AES_256_CBC_SHA],
  86.   // require a client-side certificate if you want
  87.   verifyClient: true,
  88.   verify: function(connection, verified, depth, certs) {
  89.     if(depth === 0) {
  90.       var cn = certs[0].subject.getField('CN').value;
  91.       if(cn !== 'the-client') {
  92.         verified = {
  93.           alert: forge.tls.Alert.Description.bad_certificate,
  94.           message: 'Certificate common name does not match expected client.'
  95.         };
  96.       }
  97.     }
  98.     return verified;
  99.   },
  100.   connected: function(connection) {
  101.     console.log('connected');
  102.     // send message to client
  103.     connection.prepare(forge.util.encodeUtf8('Hi client!'));
  104.     /* NOTE: experimental, start heartbeat retransmission timer
  105.     myHeartbeatTimer = setInterval(function() {
  106.       connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
  107.     }, 5*60*1000);*/
  108.   },
  109.   getCertificate: function(connection, hint) {
  110.     return myServerCertificate;
  111.   },
  112.   getPrivateKey: function(connection, cert) {
  113.     return myServerPrivateKey;
  114.   },
  115.   tlsDataReady: function(connection) {
  116.     // TLS data (encrypted) is ready to be sent to the client
  117.     sendToClientSomehow(connection.tlsData.getBytes());
  118.     // if you were communicating with the client above you'd do:
  119.     // client.process(connection.tlsData.getBytes());
  120.   },
  121.   dataReady: function(connection) {
  122.     // clear data from the client is ready
  123.     console.log('the client sent: ' +
  124.       forge.util.decodeUtf8(connection.data.getBytes()));
  125.     // close connection
  126.     connection.close();
  127.   },
  128.   /* NOTE: experimental
  129.   heartbeatReceived: function(connection, payload) {
  130.     // restart retransmission timer, look at payload
  131.     clearInterval(myHeartbeatTimer);
  132.     myHeartbeatTimer = setInterval(function() {
  133.       connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
  134.     }, 5*60*1000);
  135.     payload.getBytes();
  136.   },*/
  137.   closed: function(connection) {
  138.     console.log('disconnected');
  139.   },
  140.   error: function(connection, error) {
  141.     console.log('uh oh', error);
  142.   }
  143. });

  145. // when encrypted TLS data is received from the client, process it
  146. server.process(encryptedBytesFromClient);
  147. ```

Connect to a TLS server using node's net.Socket:

  1. ``` js
  2. var socket = new net.Socket();

  4. var client = forge.tls.createConnection({
  5.   server: false,
  6.   verify: function(connection, verified, depth, certs) {
  7.     // skip verification for testing
  8.     console.log('[tls] server certificate verified');
  9.     return true;
  10.   },
  11.   connected: function(connection) {
  12.     console.log('[tls] connected');
  13.     // prepare some data to send (note that the string is interpreted as
  14.     // 'binary' encoded, which works for HTTP which only uses ASCII, use
  15.     // forge.util.encodeUtf8(str) otherwise
  16.     client.prepare('GET / HTTP/1.0\r\n\r\n');
  17.   },
  18.   tlsDataReady: function(connection) {
  19.     // encrypted data is ready to be sent to the server
  20.     var data = connection.tlsData.getBytes();
  21.     socket.write(data, 'binary'); // encoding should be 'binary'
  22.   },
  23.   dataReady: function(connection) {
  24.     // clear data from the server is ready
  25.     var data = connection.data.getBytes();
  26.     console.log('[tls] data received from the server: ' + data);
  27.   },
  28.   closed: function() {
  29.     console.log('[tls] disconnected');
  30.   },
  31.   error: function(connection, error) {
  32.     console.log('[tls] error', error);
  33.   }
  34. });

  36. socket.on('connect', function() {
  37.   console.log('[socket] connected');
  38.   client.handshake();
  39. });
  40. socket.on('data', function(data) {
  41.   client.process(data.toString('binary')); // encoding should be 'binary'
  42. });
  43. socket.on('end', function() {
  44.   console.log('[socket] disconnected');
  45. });

  47. // connect to google.com
  48. socket.connect(443, 'google.com');

  50. // or connect to gmail's imap server (but don't send the HTTP header above)
  51. //socket.connect(993, 'imap.gmail.com');
  52. ```


HTTP


Provides a native [JavaScript][] mini-implementation of an http client that
uses pooled sockets.

__Examples__

  1. ``` js
  2. // create an HTTP GET request
  3. var request = forge.http.createRequest({method: 'GET', path: url.path});

  5. // send the request somewhere
  6. sendSomehow(request.toString());

  8. // receive response
  9. var buffer = forge.util.createBuffer();
  10. var response = forge.http.createResponse();
  11. var someAsyncDataHandler = function(bytes) {
  12.   if(!response.bodyReceived) {
  13.     buffer.putBytes(bytes);
  14.     if(!response.headerReceived) {
  15.       if(response.readHeader(buffer)) {
  16.         console.log('HTTP response header: ' + response.toString());
  17.       }
  18.     }
  19.     if(response.headerReceived && !response.bodyReceived) {
  20.       if(response.readBody(buffer)) {
  21.         console.log('HTTP response body: ' + response.body);
  22.       }
  23.     }
  24.   }
  25. };
  26. ```


SSH


Provides some SSH utility functions.

__Examples__

  1. ``` js
  2. // encodes (and optionally encrypts) a private RSA key as a Putty PPK file
  3. forge.ssh.privateKeyToPutty(privateKey, passphrase, comment);

  5. // encodes a public RSA key as an OpenSSH file
  6. forge.ssh.publicKeyToOpenSSH(key, comment);

  8. // encodes a private RSA key as an OpenSSH file
  9. forge.ssh.privateKeyToOpenSSH(privateKey, passphrase);

  11. // gets the SSH public key fingerprint in a byte buffer
  12. forge.ssh.getPublicKeyFingerprint(key);

  14. // gets a hex-encoded, colon-delimited SSH public key fingerprint
  15. forge.ssh.getPublicKeyFingerprint(key, {encoding: 'hex', delimiter: ':'});
  16. ```


XHR


Provides an XmlHttpRequest implementation using forge.http as a backend.

__Examples__

  1. ``` js
  2. // TODO
  3. ```


Sockets


Provides an interface to create and use raw sockets provided via Flash.

__Examples__

  1. ``` js
  2. // TODO
  3. ```

Ciphers


CIPHER


Provides a basic API for block encryption and decryption. There is built-in
support for the ciphers: [AES][], [3DES][], and [DES][], and for the modes
of operation: [ECB][], [CBC][], [CFB][], [OFB][], [CTR][], and [GCM][].

These algorithms are currently supported:

AES-ECB
AES-CBC
AES-CFB
AES-OFB
AES-CTR
AES-GCM
3DES-ECB
3DES-CBC
DES-ECB
DES-CBC

When using an [AES][] algorithm, the key size will determine whether
AES-128, AES-192, or AES-256 is used (all are supported). When a [DES][]
algorithm is used, the key size will determine whether [3DES][] or regular
[DES][] is used. Use a [3DES][] algorithm to enforce Triple-DES.

__Examples__

  1. ``` js
  2. // generate a random key and IV
  3. // Note: a key size of 16 bytes will use AES-128, 24 => AES-192, 32 => AES-256
  4. var key = forge.random.getBytesSync(16);
  5. var iv = forge.random.getBytesSync(16);

  7. /* alternatively, generate a password-based 16-byte key
  8. var salt = forge.random.getBytesSync(128);
  9. var key = forge.pkcs5.pbkdf2('password', salt, numIterations, 16);
  10. */

  12. // encrypt some bytes using CBC mode
  13. // (other modes include: ECB, CFB, OFB, CTR, and GCM)
  14. // Note: CBC and ECB modes use PKCS#7 padding as default
  15. var cipher = forge.cipher.createCipher('AES-CBC', key);
  16. cipher.start({iv: iv});
  17. cipher.update(forge.util.createBuffer(someBytes));
  18. cipher.finish();
  19. var encrypted = cipher.output;
  20. // outputs encrypted hex
  21. console.log(encrypted.toHex());

  23. // decrypt some bytes using CBC mode
  24. // (other modes include: CFB, OFB, CTR, and GCM)
  25. var decipher = forge.cipher.createDecipher('AES-CBC', key);
  26. decipher.start({iv: iv});
  27. decipher.update(encrypted);
  28. var result = decipher.finish(); // check 'result' for true/false
  29. // outputs decrypted hex
  30. console.log(decipher.output.toHex());

  32. // decrypt bytes using CBC mode and streaming
  33. // Performance can suffer for large multi-MB inputs due to buffer
  34. // manipulations. Stream processing in chunks can offer significant
  35. // improvement. CPU intensive update() calls could also be performed with
  36. // setImmediate/setTimeout to avoid blocking the main browser UI thread (not
  37. // shown here). Optimal block size depends on the JavaScript VM and other
  38. // factors. Encryption can use a simple technique for increased performance.
  39. var encryptedBytes = encrypted.bytes();
  40. var decipher = forge.cipher.createDecipher('AES-CBC', key);
  41. decipher.start({iv: iv});
  42. var length = encryptedBytes.length;
  43. var chunkSize = 1024 * 64;
  44. var index = 0;
  45. var decrypted = '';
  46. do {
  47.   decrypted += decipher.output.getBytes();
  48.   var buf = forge.util.createBuffer(encryptedBytes.substr(index, chunkSize));
  49.   decipher.update(buf);
  50.   index += chunkSize;
  51. } while(index < length);
  52. var result = decipher.finish();
  53. assert(result);
  54. decrypted += decipher.output.getBytes();
  55. console.log(forge.util.bytesToHex(decrypted));

  57. // encrypt some bytes using GCM mode
  58. var cipher = forge.cipher.createCipher('AES-GCM', key);
  59. cipher.start({
  60.   iv: iv, // should be a 12-byte binary-encoded string or byte buffer
  61.   additionalData: 'binary-encoded string', // optional
  62.   tagLength: 128 // optional, defaults to 128 bits
  63. });
  64. cipher.update(forge.util.createBuffer(someBytes));
  65. cipher.finish();
  66. var encrypted = cipher.output;
  67. var tag = cipher.mode.tag;
  68. // outputs encrypted hex
  69. console.log(encrypted.toHex());
  70. // outputs authentication tag
  71. console.log(tag.toHex());

  73. // decrypt some bytes using GCM mode
  74. var decipher = forge.cipher.createDecipher('AES-GCM', key);
  75. decipher.start({
  76.   iv: iv,
  77.   additionalData: 'binary-encoded string', // optional
  78.   tagLength: 128, // optional, defaults to 128 bits
  79.   tag: tag // authentication tag from encryption
  80. });
  81. decipher.update(encrypted);
  82. var pass = decipher.finish();
  83. // pass is false if there was a failure (eg: authentication tag didn't match)
  84. if(pass) {
  85.   // outputs decrypted hex
  86.   console.log(decipher.output.toHex());
  87. }
  88. ```

Using forge in Node.js to match openssl's "enc" command line tool (Note: OpenSSL "enc" uses a non-standard file format with a custom key derivation function and a fixed iteration count of 1, which some consider less secure than alternatives such as OpenPGP/GnuPG):

  1. ``` js
  2. var forge = require('node-forge');
  3. var fs = require('fs');

  5. // openssl enc -des3 -in input.txt -out input.enc
  6. function encrypt(password) {
  7.   var input = fs.readFileSync('input.txt', {encoding: 'binary'});

  9.   // 3DES key and IV sizes
  10.   var keySize = 24;
  11.   var ivSize = 8;

  13.   // get derived bytes
  14.   // Notes:
  15.   // 1. If using an alternative hash (eg: "-md sha1") pass
  16.   //   "forge.md.sha1.create()" as the final parameter.
  17.   // 2. If using "-nosalt", set salt to null.
  18.   var salt = forge.random.getBytesSync(8);
  19.   // var md = forge.md.sha1.create(); // "-md sha1"
  20.   var derivedBytes = forge.pbe.opensslDeriveBytes(
  21.     password, salt, keySize + ivSize/*, md*/);
  22.   var buffer = forge.util.createBuffer(derivedBytes);
  23.   var key = buffer.getBytes(keySize);
  24.   var iv = buffer.getBytes(ivSize);

  26.   var cipher = forge.cipher.createCipher('3DES-CBC', key);
  27.   cipher.start({iv: iv});
  28.   cipher.update(forge.util.createBuffer(input, 'binary'));
  29.   cipher.finish();

  31.   var output = forge.util.createBuffer();

  33.   // if using a salt, prepend this to the output:
  34.   if(salt !== null) {
  35.     output.putBytes('Salted__'); // (add to match openssl tool output)
  36.     output.putBytes(salt);
  37.   }
  38.   output.putBuffer(cipher.output);

  40.   fs.writeFileSync('input.enc', output.getBytes(), {encoding: 'binary'});
  41. }

  43. // openssl enc -d -des3 -in input.enc -out input.dec.txt
  44. function decrypt(password) {
  45.   var input = fs.readFileSync('input.enc', {encoding: 'binary'});

  47.   // parse salt from input
  48.   input = forge.util.createBuffer(input, 'binary');
  49.   // skip "Salted__" (if known to be present)
  50.   input.getBytes('Salted__'.length);
  51.   // read 8-byte salt
  52.   var salt = input.getBytes(8);

  54.   // Note: if using "-nosalt", skip above parsing and use
  55.   // var salt = null;

  57.   // 3DES key and IV sizes
  58.   var keySize = 24;
  59.   var ivSize = 8;

  61.   var derivedBytes = forge.pbe.opensslDeriveBytes(
  62.     password, salt, keySize + ivSize);
  63.   var buffer = forge.util.createBuffer(derivedBytes);
  64.   var key = buffer.getBytes(keySize);
  65.   var iv = buffer.getBytes(ivSize);

  67.   var decipher = forge.cipher.createDecipher('3DES-CBC', key);
  68.   decipher.start({iv: iv});
  69.   decipher.update(input);
  70.   var result = decipher.finish(); // check 'result' for true/false

  72.   fs.writeFileSync(
  73.     'input.dec.txt', decipher.output.getBytes(), {encoding: 'binary'});
  74. }
  75. ```


AES


Provides [AES][] encryption and decryption in [CBC][], [CFB][], [OFB][],
[CTR][], and [GCM][] modes. See CIPHER for examples.


DES


Provides [3DES][] and [DES][] encryption and decryption in [ECB][] and
[CBC][] modes. See CIPHER for examples.


RC2


__Examples__

  1. ``` js
  2. // generate a random key and IV
  3. var key = forge.random.getBytesSync(16);
  4. var iv = forge.random.getBytesSync(8);

  6. // encrypt some bytes
  7. var cipher = forge.rc2.createEncryptionCipher(key);
  8. cipher.start(iv);
  9. cipher.update(forge.util.createBuffer(someBytes));
  10. cipher.finish();
  11. var encrypted = cipher.output;
  12. // outputs encrypted hex
  13. console.log(encrypted.toHex());

  15. // decrypt some bytes
  16. var cipher = forge.rc2.createDecryptionCipher(key);
  17. cipher.start(iv);
  18. cipher.update(encrypted);
  19. cipher.finish();
  20. // outputs decrypted hex
  21. console.log(cipher.output.toHex());
  22. ```

PKI

Provides [X.509][] certificate support, ED25519 key generation and
signing/verifying, and RSA public and private key encoding, decoding,
encryption/decryption, and signing/verifying.


ED25519


Special thanks to [TweetNaCl.js][] for providing the bulk of the implementation.

__Examples__

  1. ``` js
  2. var ed25519 = forge.pki.ed25519;

  4. // generate a random ED25519 keypair
  5. var keypair = ed25519.generateKeyPair();
  6. // `keypair.publicKey` is a node.js Buffer or Uint8Array
  7. // `keypair.privateKey` is a node.js Buffer or Uint8Array

  9. // generate a random ED25519 keypair based on a random 32-byte seed
  10. var seed = forge.random.getBytesSync(32);
  11. var keypair = ed25519.generateKeyPair({seed: seed});

  13. // generate a random ED25519 keypair based on a "password" 32-byte seed
  14. var password = 'Mai9ohgh6ahxee0jutheew0pungoozil';
  15. var seed = new forge.util.ByteBuffer(password, 'utf8');
  16. var keypair = ed25519.generateKeyPair({seed: seed});

  18. // sign a UTF-8 message
  19. var signature = ED25519.sign({
  20.   message: 'test',
  21.   // also accepts `binary` if you want to pass a binary string
  22.   encoding: 'utf8',
  23.   // node.js Buffer, Uint8Array, forge ByteBuffer, binary string
  24.   privateKey: privateKey
  25. });
  26. // `signature` is a node.js Buffer or Uint8Array

  28. // sign a message passed as a buffer
  29. var signature = ED25519.sign({
  30.   // also accepts a forge ByteBuffer or Uint8Array
  31.   message: Buffer.from('test', 'utf8'),
  32.   privateKey: privateKey
  33. });

  35. // sign a message digest (shorter "message" == better performance)
  36. var md = forge.md.sha256.create();
  37. md.update('test', 'utf8');
  38. var signature = ED25519.sign({
  39.   md: md,
  40.   privateKey: privateKey
  41. });

  43. // verify a signature on a UTF-8 message
  44. var verified = ED25519.verify({
  45.   message: 'test',
  46.   encoding: 'utf8',
  47.   // node.js Buffer, Uint8Array, forge ByteBuffer, or binary string
  48.   signature: signature,
  49.   // node.js Buffer, Uint8Array, forge ByteBuffer, or binary string
  50.   publicKey: publicKey
  51. });
  52. // `verified` is true/false

  54. // sign a message passed as a buffer
  55. var verified = ED25519.verify({
  56.   // also accepts a forge ByteBuffer or Uint8Array
  57.   message: Buffer.from('test', 'utf8'),
  58.   // node.js Buffer, Uint8Array, forge ByteBuffer, or binary string
  59.   signature: signature,
  60.   // node.js Buffer, Uint8Array, forge ByteBuffer, or binary string
  61.   publicKey: publicKey
  62. });

  64. // verify a signature on a message digest
  65. var md = forge.md.sha256.create();
  66. md.update('test', 'utf8');
  67. var verified = ED25519.verify({
  68.   md: md,
  69.   // node.js Buffer, Uint8Array, forge ByteBuffer, or binary string
  70.   signature: signature,
  71.   // node.js Buffer, Uint8Array, forge ByteBuffer, or binary string
  72.   publicKey: publicKey
  73. });
  74. ```


RSA


__Examples__

  1. ``` js
  2. var rsa = forge.pki.rsa;

  4. // generate an RSA key pair synchronously
  5. // *NOT RECOMMENDED*: Can be significantly slower than async and may block
  6. // JavaScript execution. Will use native Node.js 10.12.0+ API if possible.
  7. var keypair = rsa.generateKeyPair({bits: 2048, e: 0x10001});

  9. // generate an RSA key pair asynchronously (uses web workers if available)
  10. // use workers: -1 to run a fast core estimator to optimize # of workers
  11. // *RECOMMENDED*: Can be significantly faster than sync. Will use native
  12. // Node.js 10.12.0+ or WebCrypto API if possible.
  13. rsa.generateKeyPair({bits: 2048, workers: 2}, function(err, keypair) {
  14.   // keypair.privateKey, keypair.publicKey
  15. });

  17. // generate an RSA key pair in steps that attempt to run for a specified period
  18. // of time on the main JS thread
  19. var state = rsa.createKeyPairGenerationState(2048, 0x10001);
  20. var step = function() {
  21.   // run for 100 ms
  22.   if(!rsa.stepKeyPairGenerationState(state, 100)) {
  23.     setTimeout(step, 1);
  24.   }
  25.   else {
  26.     // done, turn off progress indicator, use state.keys
  27.   }
  28. };
  29. // turn on progress indicator, schedule generation to run
  30. setTimeout(step);

  32. // sign data with a private key and output DigestInfo DER-encoded bytes
  33. // (defaults to RSASSA PKCS#1 v1.5)
  34. var md = forge.md.sha1.create();
  35. md.update('sign this', 'utf8');
  36. var signature = privateKey.sign(md);

  38. // verify data with a public key
  39. // (defaults to RSASSA PKCS#1 v1.5)
  40. var verified = publicKey.verify(md.digest().bytes(), signature);

  42. // sign data using RSASSA-PSS where PSS uses a SHA-1 hash, a SHA-1 based
  43. // masking function MGF1, and a 20 byte salt
  44. var md = forge.md.sha1.create();
  45. md.update('sign this', 'utf8');
  46. var pss = forge.pss.create({
  47.   md: forge.md.sha1.create(),
  48.   mgf: forge.mgf.mgf1.create(forge.md.sha1.create()),
  49.   saltLength: 20
  50.   // optionally pass 'prng' with a custom PRNG implementation
  51.   // optionalls pass 'salt' with a forge.util.ByteBuffer w/custom salt
  52. });
  53. var signature = privateKey.sign(md, pss);

  55. // verify RSASSA-PSS signature
  56. var pss = forge.pss.create({
  57.   md: forge.md.sha1.create(),
  58.   mgf: forge.mgf.mgf1.create(forge.md.sha1.create()),
  59.   saltLength: 20
  60.   // optionally pass 'prng' with a custom PRNG implementation
  61. });
  62. var md = forge.md.sha1.create();
  63. md.update('sign this', 'utf8');
  64. publicKey.verify(md.digest().getBytes(), signature, pss);

  66. // encrypt data with a public key (defaults to RSAES PKCS#1 v1.5)
  67. var encrypted = publicKey.encrypt(bytes);

  69. // decrypt data with a private key (defaults to RSAES PKCS#1 v1.5)
  70. var decrypted = privateKey.decrypt(encrypted);

  72. // encrypt data with a public key using RSAES PKCS#1 v1.5
  73. var encrypted = publicKey.encrypt(bytes, 'RSAES-PKCS1-V1_5');

  75. // decrypt data with a private key using RSAES PKCS#1 v1.5
  76. var decrypted = privateKey.decrypt(encrypted, 'RSAES-PKCS1-V1_5');

  78. // encrypt data with a public key using RSAES-OAEP
  79. var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP');

  81. // decrypt data with a private key using RSAES-OAEP
  82. var decrypted = privateKey.decrypt(encrypted, 'RSA-OAEP');

  84. // encrypt data with a public key using RSAES-OAEP/SHA-256
  85. var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP', {
  86.   md: forge.md.sha256.create()
  87. });

  89. // decrypt data with a private key using RSAES-OAEP/SHA-256
  90. var decrypted = privateKey.decrypt(encrypted, 'RSA-OAEP', {
  91.   md: forge.md.sha256.create()
  92. });

  94. // encrypt data with a public key using RSAES-OAEP/SHA-256/MGF1-SHA-1
  95. // compatible with Java's RSA/ECB/OAEPWithSHA-256AndMGF1Padding
  96. var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP', {
  97.   md: forge.md.sha256.create(),
  98.   mgf1: {
  99.     md: forge.md.sha1.create()
  100.   }
  101. });

  103. // decrypt data with a private key using RSAES-OAEP/SHA-256/MGF1-SHA-1
  104. // compatible with Java's RSA/ECB/OAEPWithSHA-256AndMGF1Padding
  105. var decrypted = privateKey.decrypt(encrypted, 'RSA-OAEP', {
  106.   md: forge.md.sha256.create(),
  107.   mgf1: {
  108.     md: forge.md.sha1.create()
  109.   }
  110. });

  112. ```


RSA-KEM


__Examples__

  1. ``` js
  2. // generate an RSA key pair asynchronously (uses web workers if available)
  3. // use workers: -1 to run a fast core estimator to optimize # of workers
  4. forge.rsa.generateKeyPair({bits: 2048, workers: -1}, function(err, keypair) {
  5.   // keypair.privateKey, keypair.publicKey
  6. });

  8. // generate and encapsulate a 16-byte secret key
  9. var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
  10. var kem = forge.kem.rsa.create(kdf1);
  11. var result = kem.encrypt(keypair.publicKey, 16);
  12. // result has 'encapsulation' and 'key'

  14. // encrypt some bytes
  15. var iv = forge.random.getBytesSync(12);
  16. var someBytes = 'hello world!';
  17. var cipher = forge.cipher.createCipher('AES-GCM', result.key);
  18. cipher.start({iv: iv});
  19. cipher.update(forge.util.createBuffer(someBytes));
  20. cipher.finish();
  21. var encrypted = cipher.output.getBytes();
  22. var tag = cipher.mode.tag.getBytes();

  24. // send 'encrypted', 'iv', 'tag', and result.encapsulation to recipient

  26. // decrypt encapsulated 16-byte secret key
  27. var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
  28. var kem = forge.kem.rsa.create(kdf1);
  29. var key = kem.decrypt(keypair.privateKey, result.encapsulation, 16);

  31. // decrypt some bytes
  32. var decipher = forge.cipher.createDecipher('AES-GCM', key);
  33. decipher.start({iv: iv, tag: tag});
  34. decipher.update(forge.util.createBuffer(encrypted));
  35. var pass = decipher.finish();
  36. // pass is false if there was a failure (eg: authentication tag didn't match)
  37. if(pass) {
  38.   // outputs 'hello world!'
  39.   console.log(decipher.output.getBytes());
  40. }

  42. ```


X.509


__Examples__

  1. ``` js
  2. var pki = forge.pki;

  4. // convert a PEM-formatted public key to a Forge public key
  5. var publicKey = pki.publicKeyFromPem(pem);

  7. // convert a Forge public key to PEM-format
  8. var pem = pki.publicKeyToPem(publicKey);

  10. // convert an ASN.1 SubjectPublicKeyInfo to a Forge public key
  11. var publicKey = pki.publicKeyFromAsn1(subjectPublicKeyInfo);

  13. // convert a Forge public key to an ASN.1 SubjectPublicKeyInfo
  14. var subjectPublicKeyInfo = pki.publicKeyToAsn1(publicKey);

  16. // gets a SHA-1 RSAPublicKey fingerprint a byte buffer
  17. pki.getPublicKeyFingerprint(key);

  19. // gets a SHA-1 SubjectPublicKeyInfo fingerprint a byte buffer
  20. pki.getPublicKeyFingerprint(key, {type: 'SubjectPublicKeyInfo'});

  22. // gets a hex-encoded, colon-delimited SHA-1 RSAPublicKey public key fingerprint
  23. pki.getPublicKeyFingerprint(key, {encoding: 'hex', delimiter: ':'});

  25. // gets a hex-encoded, colon-delimited SHA-1 SubjectPublicKeyInfo public key fingerprint
  26. pki.getPublicKeyFingerprint(key, {
  27.   type: 'SubjectPublicKeyInfo',
  28.   encoding: 'hex',
  29.   delimiter: ':'
  30. });

  32. // gets a hex-encoded, colon-delimited MD5 RSAPublicKey public key fingerprint
  33. pki.getPublicKeyFingerprint(key, {
  34.   md: forge.md.md5.create(),
  35.   encoding: 'hex',
  36.   delimiter: ':'
  37. });

  39. // creates a CA store
  40. var caStore = pki.createCaStore([/* PEM-encoded cert */, ...]);

  42. // add a certificate to the CA store
  43. caStore.addCertificate(certObjectOrPemString);

  45. // gets the issuer (its certificate) for the given certificate
  46. var issuerCert = caStore.getIssuer(subjectCert);

  48. // verifies a certificate chain against a CA store
  49. pki.verifyCertificateChain(caStore, chain, customVerifyCallback);

  51. // signs a certificate using the given private key
  52. cert.sign(privateKey);

  54. // signs a certificate using SHA-256 instead of SHA-1
  55. cert.sign(privateKey, forge.md.sha256.create());

  57. // verifies an issued certificate using the certificates public key
  58. var verified = issuer.verify(issued);

  60. // generate a keypair and create an X.509v3 certificate
  61. var keys = pki.rsa.generateKeyPair(2048);
  62. var cert = pki.createCertificate();
  63. cert.publicKey = keys.publicKey;
  64. // alternatively set public key from a csr
  65. //cert.publicKey = csr.publicKey;
  66. // NOTE: serialNumber is the hex encoded value of an ASN.1 INTEGER.
  67. // Conforming CAs should ensure serialNumber is:
  68. // - no more than 20 octets
  69. // - non-negative (prefix a '00' if your value starts with a '1' bit)
  70. cert.serialNumber = '01';
  71. cert.validity.notBefore = new Date();
  72. cert.validity.notAfter = new Date();
  73. cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
  74. var attrs = [{
  75.   name: 'commonName',
  76.   value: 'example.org'
  77. }, {
  78.   name: 'countryName',
  79.   value: 'US'
  80. }, {
  81.   shortName: 'ST',
  82.   value: 'Virginia'
  83. }, {
  84.   name: 'localityName',
  85.   value: 'Blacksburg'
  86. }, {
  87.   name: 'organizationName',
  88.   value: 'Test'
  89. }, {
  90.   shortName: 'OU',
  91.   value: 'Test'
  92. }];
  93. cert.setSubject(attrs);
  94. // alternatively set subject from a csr
  95. //cert.setSubject(csr.subject.attributes);
  96. cert.setIssuer(attrs);
  97. cert.setExtensions([{
  98.   name: 'basicConstraints',
  99.   cA: true
  100. }, {
  101.   name: 'keyUsage',
  102.   keyCertSign: true,
  103.   digitalSignature: true,
  104.   nonRepudiation: true,
  105.   keyEncipherment: true,
  106.   dataEncipherment: true
  107. }, {
  108.   name: 'extKeyUsage',
  109.   serverAuth: true,
  110.   clientAuth: true,
  111.   codeSigning: true,
  112.   emailProtection: true,
  113.   timeStamping: true
  114. }, {
  115.   name: 'nsCertType',
  116.   client: true,
  117.   server: true,
  118.   email: true,
  119.   objsign: true,
  120.   sslCA: true,
  121.   emailCA: true,
  122.   objCA: true
  123. }, {
  124.   name: 'subjectAltName',
  125.   altNames: [{
  126.     type: 6, // URI
  127.     value: 'http://example.org/webid#me'
  128.   }, {
  129.     type: 7, // IP
  130.     ip: '127.0.0.1'
  131.   }]
  132. }, {
  133.   name: 'subjectKeyIdentifier'
  134. }]);
  135. /* alternatively set extensions from a csr
  136. var extensions = csr.getAttribute({name: 'extensionRequest'}).extensions;
  137. // optionally add more extensions
  138. extensions.push.apply(extensions, [{
  139.   name: 'basicConstraints',
  140.   cA: true
  141. }, {
  142.   name: 'keyUsage',
  143.   keyCertSign: true,
  144.   digitalSignature: true,
  145.   nonRepudiation: true,
  146.   keyEncipherment: true,
  147.   dataEncipherment: true
  148. }]);
  149. cert.setExtensions(extensions);
  150. */
  151. // self-sign certificate
  152. cert.sign(keys.privateKey);

  154. // convert a Forge certificate to PEM
  155. var pem = pki.certificateToPem(cert);

  157. // convert a Forge certificate from PEM
  158. var cert = pki.certificateFromPem(pem);

  160. // convert an ASN.1 X.509x3 object to a Forge certificate
  161. var cert = pki.certificateFromAsn1(obj);

  163. // convert a Forge certificate to an ASN.1 X.509v3 object
  164. var asn1Cert = pki.certificateToAsn1(cert);
  165. ```


PKCS#5


Provides the password-based key-derivation function from [PKCS#5][].

__Examples__

  1. ``` js
  2. // generate a password-based 16-byte key
  3. // note an optional message digest can be passed as the final parameter
  4. var salt = forge.random.getBytesSync(128);
  5. var derivedKey = forge.pkcs5.pbkdf2('password', salt, numIterations, 16);

  7. // generate key asynchronously
  8. // note an optional message digest can be passed before the callback
  9. forge.pkcs5.pbkdf2('password', salt, numIterations, 16, function(err, derivedKey) {
  10.   // do something w/derivedKey
  11. });
  12. ```


PKCS#7


Provides cryptographically protected messages from [PKCS#7][].

__Examples__

  1. ``` js
  2. // convert a message from PEM
  3. var p7 = forge.pkcs7.messageFromPem(pem);
  4. // look at p7.recipients

  6. // find a recipient by the issuer of a certificate
  7. var recipient = p7.findRecipient(cert);

  9. // decrypt
  10. p7.decrypt(p7.recipients[0], privateKey);

  12. // create a p7 enveloped message
  13. var p7 = forge.pkcs7.createEnvelopedData();

  15. // add a recipient
  16. var cert = forge.pki.certificateFromPem(certPem);
  17. p7.addRecipient(cert);

  19. // set content
  20. p7.content = forge.util.createBuffer('Hello');

  22. // encrypt
  23. p7.encrypt();

  25. // convert message to PEM
  26. var pem = forge.pkcs7.messageToPem(p7);

  28. // create a degenerate PKCS#7 certificate container
  29. // (CRLs not currently supported, only certificates)
  30. var p7 = forge.pkcs7.createSignedData();
  31. p7.addCertificate(certOrCertPem1);
  32. p7.addCertificate(certOrCertPem2);
  33. var pem = forge.pkcs7.messageToPem(p7);

  35. // create PKCS#7 signed data with authenticatedAttributes
  36. // attributes include: PKCS#9 content-type, message-digest, and signing-time
  37. var p7 = forge.pkcs7.createSignedData();
  38. p7.content = forge.util.createBuffer('Some content to be signed.', 'utf8');
  39. p7.addCertificate(certOrCertPem);
  40. p7.addSigner({
  41.   key: privateKeyAssociatedWithCert,
  42.   certificate: certOrCertPem,
  43.   digestAlgorithm: forge.pki.oids.sha256,
  44.   authenticatedAttributes: [{
  45.     type: forge.pki.oids.contentType,
  46.     value: forge.pki.oids.data
  47.   }, {
  48.     type: forge.pki.oids.messageDigest
  49.     // value will be auto-populated at signing time
  50.   }, {
  51.     type: forge.pki.oids.signingTime,
  52.     // value can also be auto-populated at signing time
  53.     value: new Date()
  54.   }]
  55. });
  56. p7.sign();
  57. var pem = forge.pkcs7.messageToPem(p7);

  59. // PKCS#7 Sign in detached mode.
  60. // Includes the signature and certificate without the signed data.
  61. p7.sign({detached: true});

  63. ```


PKCS#8


__Examples__

  1. ``` js
  2. var pki = forge.pki;

  4. // convert a PEM-formatted private key to a Forge private key
  5. var privateKey = pki.privateKeyFromPem(pem);

  7. // convert a Forge private key to PEM-format
  8. var pem = pki.privateKeyToPem(privateKey);

  10. // convert an ASN.1 PrivateKeyInfo or RSAPrivateKey to a Forge private key
  11. var privateKey = pki.privateKeyFromAsn1(rsaPrivateKey);

  13. // convert a Forge private key to an ASN.1 RSAPrivateKey
  14. var rsaPrivateKey = pki.privateKeyToAsn1(privateKey);

  16. // wrap an RSAPrivateKey ASN.1 object in a PKCS#8 ASN.1 PrivateKeyInfo
  17. var privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);

  19. // convert a PKCS#8 ASN.1 PrivateKeyInfo to PEM
  20. var pem = pki.privateKeyInfoToPem(privateKeyInfo);

  22. // encrypts a PrivateKeyInfo using a custom password and
  23. // outputs an EncryptedPrivateKeyInfo
  24. var encryptedPrivateKeyInfo = pki.encryptPrivateKeyInfo(
  25.   privateKeyInfo, 'myCustomPasswordHere', {
  26.     algorithm: 'aes256', // 'aes128', 'aes192', 'aes256', '3des'
  27.   });

  29. // decrypts an ASN.1 EncryptedPrivateKeyInfo that was encrypted
  30. // with a custom password
  31. var privateKeyInfo = pki.decryptPrivateKeyInfo(
  32.   encryptedPrivateKeyInfo, 'myCustomPasswordHere');

  34. // converts an EncryptedPrivateKeyInfo to PEM
  35. var pem = pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);

  37. // converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format
  38. var encryptedPrivateKeyInfo = pki.encryptedPrivateKeyFromPem(pem);

  40. // wraps and encrypts a Forge private key and outputs it in PEM format
  41. var pem = pki.encryptRsaPrivateKey(privateKey, 'password');

  43. // encrypts a Forge private key and outputs it in PEM format using OpenSSL's
  44. // proprietary legacy format + encapsulated PEM headers (DEK-Info)
  45. var pem = pki.encryptRsaPrivateKey(privateKey, 'password', {legacy: true});

  47. // decrypts a PEM-formatted, encrypted private key
  48. var privateKey = pki.decryptRsaPrivateKey(pem, 'password');

  50. // sets an RSA public key from a private key
  51. var publicKey = pki.setRsaPublicKey(privateKey.n, privateKey.e);
  52. ```


PKCS#10


Provides certification requests or certificate signing requests (CSR) from
[PKCS#10][].

__Examples__

  1. ``` js
  2. // generate a key pair
  3. var keys = forge.pki.rsa.generateKeyPair(2048);

  5. // create a certification request (CSR)
  6. var csr = forge.pki.createCertificationRequest();
  7. csr.publicKey = keys.publicKey;
  8. csr.setSubject([{
  9.   name: 'commonName',
  10.   value: 'example.org'
  11. }, {
  12.   name: 'countryName',
  13.   value: 'US'
  14. }, {
  15.   shortName: 'ST',
  16.   value: 'Virginia'
  17. }, {
  18.   name: 'localityName',
  19.   value: 'Blacksburg'
  20. }, {
  21.   name: 'organizationName',
  22.   value: 'Test'
  23. }, {
  24.   shortName: 'OU',
  25.   value: 'Test'
  26. }]);
  27. // set (optional) attributes
  28. csr.setAttributes([{
  29.   name: 'challengePassword',
  30.   value: 'password'
  31. }, {
  32.   name: 'unstructuredName',
  33.   value: 'My Company, Inc.'
  34. }, {
  35.   name: 'extensionRequest',
  36.   extensions: [{
  37.     name: 'subjectAltName',
  38.     altNames: [{
  39.       // 2 is DNS type
  40.       type: 2,
  41.       value: 'test.domain.com'
  42.     }, {
  43.       type: 2,
  44.       value: 'other.domain.com',
  45.     }, {
  46.       type: 2,
  47.       value: 'www.domain.net'
  48.     }]
  49.   }]
  50. }]);

  52. // sign certification request
  53. csr.sign(keys.privateKey);

  55. // verify certification request
  56. var verified = csr.verify();

  58. // convert certification request to PEM-format
  59. var pem = forge.pki.certificationRequestToPem(csr);

  61. // convert a Forge certification request from PEM-format
  62. var csr = forge.pki.certificationRequestFromPem(pem);

  64. // get an attribute
  65. csr.getAttribute({name: 'challengePassword'});

  67. // get extensions array
  68. csr.getAttribute({name: 'extensionRequest'}).extensions;

  70. ```


PKCS#12


Provides the cryptographic archive file format from [PKCS#12][].

Note for Chrome/Firefox/iOS/similar users: If you have trouble importing
a PKCS#12 container, try using the TripleDES algorithm. It can be passed
to forge.pkcs12.toPkcs12Asn1 using the {algorithm: '3des'} option.

__Examples__

  1. ``` js
  2. // decode p12 from base64
  3. var p12Der = forge.util.decode64(p12b64);
  4. // get p12 as ASN.1 object
  5. var p12Asn1 = forge.asn1.fromDer(p12Der);
  6. // decrypt p12 using the password 'password'
  7. var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, 'password');
  8. // decrypt p12 using non-strict parsing mode (resolves some ASN.1 parse errors)
  9. var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, 'password');
  10. // decrypt p12 using literally no password (eg: Mac OS X/apple push)
  11. var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1);
  12. // decrypt p12 using an "empty" password (eg: OpenSSL with no password input)
  13. var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, '');
  14. // p12.safeContents is an array of safe contents, each of
  15. // which contains an array of safeBags

  17. // get bags by friendlyName
  18. var bags = p12.getBags({friendlyName: 'test'});
  19. // bags are key'd by attribute type (here "friendlyName")
  20. // and the key values are an array of matching objects
  21. var cert = bags.friendlyName[0];

  23. // get bags by localKeyId
  24. var bags = p12.getBags({localKeyId: buffer});
  25. // bags are key'd by attribute type (here "localKeyId")
  26. // and the key values are an array of matching objects
  27. var cert = bags.localKeyId[0];

  29. // get bags by localKeyId (input in hex)
  30. var bags = p12.getBags({localKeyIdHex: '7b59377ff142d0be4565e9ac3d396c01401cd879'});
  31. // bags are key'd by attribute type (here "localKeyId", *not* "localKeyIdHex")
  32. // and the key values are an array of matching objects
  33. var cert = bags.localKeyId[0];

  35. // get bags by type
  36. var bags = p12.getBags({bagType: forge.pki.oids.certBag});
  37. // bags are key'd by bagType and each bagType key's value
  38. // is an array of matches (in this case, certificate objects)
  39. var cert = bags[forge.pki.oids.certBag][0];

  41. // get bags by friendlyName and filter on bag type
  42. var bags = p12.getBags({
  43.   friendlyName: 'test',
  44.   bagType: forge.pki.oids.certBag
  45. });

  47. // get key bags
  48. var bags = p12.getBags({bagType: forge.pki.oids.keyBag});
  49. // get key
  50. var bag = bags[forge.pki.oids.keyBag][0];
  51. var key = bag.key;
  52. // if the key is in a format unrecognized by forge then
  53. // bag.key will be `null`, use bag.asn1 to get the ASN.1
  54. // representation of the key
  55. if(bag.key === null) {
  56.   var keyAsn1 = bag.asn1;
  57.   // can now convert back to DER/PEM/etc for export
  58. }

  60. // generate a p12 using AES (default)
  61. var p12Asn1 = forge.pkcs12.toPkcs12Asn1(
  62.   privateKey, certificateChain, 'password');

  64. // generate a p12 that can be imported by Chrome/Firefox/iOS
  65. // (requires the use of Triple DES instead of AES)
  66. var p12Asn1 = forge.pkcs12.toPkcs12Asn1(
  67.   privateKey, certificateChain, 'password',
  68.   {algorithm: '3des'});

  70. // base64-encode p12
  71. var p12Der = forge.asn1.toDer(p12Asn1).getBytes();
  72. var p12b64 = forge.util.encode64(p12Der);

  74. // create download link for p12
  75. var a = document.createElement('a');
  76. a.download = 'example.p12';
  77. a.setAttribute('href', 'data:application/x-pkcs12;base64,' + p12b64);
  78. a.appendChild(document.createTextNode('Download'));
  79. ```


ASN.1


Provides [ASN.1][] DER encoding and decoding.

__Examples__

  1. ``` js
  2. var asn1 = forge.asn1;

  4. // create a SubjectPublicKeyInfo
  5. var subjectPublicKeyInfo =
  6.   asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
  7.     // AlgorithmIdentifier
  8.     asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
  9.       // algorithm
  10.       asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
  11.         asn1.oidToDer(pki.oids['rsaEncryption']).getBytes()),
  12.       // parameters (null)
  13.       asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
  14.     ]),
  15.     // subjectPublicKey
  16.     asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [
  17.       // RSAPublicKey
  18.       asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
  19.         // modulus (n)
  20.         asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
  21.           _bnToBytes(key.n)),
  22.         // publicExponent (e)
  23.         asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
  24.           _bnToBytes(key.e))
  25.       ])
  26.     ])
  27.   ]);

  29. // serialize an ASN.1 object to DER format
  30. var derBuffer = asn1.toDer(subjectPublicKeyInfo);

  32. // deserialize to an ASN.1 object from a byte buffer filled with DER data
  33. var object = asn1.fromDer(derBuffer);

  35. // convert an OID dot-separated string to a byte buffer
  36. var derOidBuffer = asn1.oidToDer('1.2.840.113549.1.1.5');

  38. // convert a byte buffer with a DER-encoded OID to a dot-separated string
  39. console.log(asn1.derToOid(derOidBuffer));
  40. // output: 1.2.840.113549.1.1.5

  42. // validates that an ASN.1 object matches a particular ASN.1 structure and
  43. // captures data of interest from that structure for easy access
  44. var publicKeyValidator = {
  45.   name: 'SubjectPublicKeyInfo',
  46.   tagClass: asn1.Class.UNIVERSAL,
  47.   type: asn1.Type.SEQUENCE,
  48.   constructed: true,
  49.   captureAsn1: 'subjectPublicKeyInfo',
  50.   value: [{
  51.     name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
  52.     tagClass: asn1.Class.UNIVERSAL,
  53.     type: asn1.Type.SEQUENCE,
  54.     constructed: true,
  55.     value: [{
  56.       name: 'AlgorithmIdentifier.algorithm',
  57.       tagClass: asn1.Class.UNIVERSAL,
  58.       type: asn1.Type.OID,
  59.       constructed: false,
  60.       capture: 'publicKeyOid'
  61.     }]
  62.   }, {
  63.     // subjectPublicKey
  64.     name: 'SubjectPublicKeyInfo.subjectPublicKey',
  65.     tagClass: asn1.Class.UNIVERSAL,
  66.     type: asn1.Type.BITSTRING,
  67.     constructed: false,
  68.     value: [{
  69.       // RSAPublicKey
  70.       name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
  71.       tagClass: asn1.Class.UNIVERSAL,
  72.       type: asn1.Type.SEQUENCE,
  73.       constructed: true,
  74.       optional: true,
  75.       captureAsn1: 'rsaPublicKey'
  76.     }]
  77.   }]
  78. };

  80. var capture = {};
  81. var errors = [];
  82. if(!asn1.validate(
  83.   publicKeyValidator, subjectPublicKeyInfo, validator, capture, errors)) {
  84.   throw 'ASN.1 object is not a SubjectPublicKeyInfo.';
  85. }
  86. // capture.subjectPublicKeyInfo contains the full ASN.1 object
  87. // capture.rsaPublicKey contains the full ASN.1 object for the RSA public key
  88. // capture.publicKeyOid only contains the value for the OID
  89. var oid = asn1.derToOid(capture.publicKeyOid);
  90. if(oid !== pki.oids['rsaEncryption']) {
  91.   throw 'Unsupported OID.';
  92. }

  94. // pretty print an ASN.1 object to a string for debugging purposes
  95. asn1.prettyPrint(object);
  96. ```

Message Digests


SHA1


Provides [SHA-1][] message digests.

__Examples__

  1. ``` js
  2. var md = forge.md.sha1.create();
  3. md.update('The quick brown fox jumps over the lazy dog');
  4. console.log(md.digest().toHex());
  5. // output: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
  6. ```


SHA256


Provides [SHA-256][] message digests.

__Examples__

  1. ``` js
  2. var md = forge.md.sha256.create();
  3. md.update('The quick brown fox jumps over the lazy dog');
  4. console.log(md.digest().toHex());
  5. // output: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592
  6. ```


SHA384


Provides [SHA-384][] message digests.

__Examples__

  1. ``` js
  2. var md = forge.md.sha384.create();
  3. md.update('The quick brown fox jumps over the lazy dog');
  4. console.log(md.digest().toHex());
  5. // output: ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1
  6. ```


SHA512


Provides [SHA-512][] message digests.

__Examples__

  1. ``` js
  2. // SHA-512
  3. var md = forge.md.sha512.create();
  4. md.update('The quick brown fox jumps over the lazy dog');
  5. console.log(md.digest().toHex());
  6. // output: 07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6

  8. // SHA-512/224
  9. var md = forge.md.sha512.sha224.create();
  10. md.update('The quick brown fox jumps over the lazy dog');
  11. console.log(md.digest().toHex());
  12. // output: 944cd2847fb54558d4775db0485a50003111c8e5daa63fe722c6aa37

  14. // SHA-512/256
  15. var md = forge.md.sha512.sha256.create();
  16. md.update('The quick brown fox jumps over the lazy dog');
  17. console.log(md.digest().toHex());
  18. // output: dd9d67b371519c339ed8dbd25af90e976a1eeefd4ad3d889005e532fc5bef04d
  19. ```


MD5


Provides [MD5][] message digests.

__Examples__

  1. ``` js
  2. var md = forge.md.md5.create();
  3. md.update('The quick brown fox jumps over the lazy dog');
  4. console.log(md.digest().toHex());
  5. // output: 9e107d9d372bb6826bd81d3542a419d6
  6. ```


HMAC


Provides [HMAC][] w/any supported message digest algorithm.

__Examples__

  1. ``` js
  2. var hmac = forge.hmac.create();
  3. hmac.start('sha1', 'Jefe');
  4. hmac.update('what do ya want for nothing?');
  5. console.log(hmac.digest().toHex());
  6. // output: effcdf6ae5eb2fa2d27416d5f184df9c259a7c79
  7. ```

Utilities


Prime


Provides an API for generating large, random, probable primes.

__Examples__

  1. ``` js
  2. // generate a random prime on the main JS thread
  3. var bits = 1024;
  4. forge.prime.generateProbablePrime(bits, function(err, num) {
  5.   console.log('random prime', num.toString(16));
  6. });

  8. // generate a random prime using Web Workers (if available, otherwise
  9. // falls back to the main thread)
  10. var bits = 1024;
  11. var options = {
  12.   algorithm: {
  13.     name: 'PRIMEINC',
  14.     workers: -1 // auto-optimize # of workers
  15.   }
  16. };
  17. forge.prime.generateProbablePrime(bits, options, function(err, num) {
  18.   console.log('random prime', num.toString(16));
  19. });
  20. ```


PRNG


Provides a [Fortuna][]-based cryptographically-secure pseudo-random number
generator, to be used with a cryptographic function backend, e.g. [AES][]. An
implementation using [AES][] as a backend is provided. An API for collecting
entropy is given, though if window.crypto.getRandomValues is available, it will
be used automatically.

__Examples__

  1. ``` js
  2. // get some random bytes synchronously
  3. var bytes = forge.random.getBytesSync(32);
  4. console.log(forge.util.bytesToHex(bytes));

  6. // get some random bytes asynchronously
  7. forge.random.getBytes(32, function(err, bytes) {
  8.   console.log(forge.util.bytesToHex(bytes));
  9. });

  11. // collect some entropy if you'd like
  12. forge.random.collect(someRandomBytes);
  13. jQuery().mousemove(function(e) {
  14.   forge.random.collectInt(e.clientX, 16);
  15.   forge.random.collectInt(e.clientY, 16);
  16. });

  18. // specify a seed file for use with the synchronous API if you'd like
  19. forge.random.seedFileSync = function(needed) {
  20.   // get 'needed' number of random bytes from somewhere
  21.   return fetchedRandomBytes;
  22. };

  24. // specify a seed file for use with the asynchronous API if you'd like
  25. forge.random.seedFile = function(needed, callback) {
  26.   // get the 'needed' number of random bytes from somewhere
  27.   callback(null, fetchedRandomBytes);
  28. });

  30. // register the main thread to send entropy or a Web Worker to receive
  31. // entropy on demand from the main thread
  32. forge.random.registerWorker(self);

  34. // generate a new instance of a PRNG with no collected entropy
  35. var myPrng = forge.random.createInstance();
  36. ```


Tasks


Provides queuing and synchronizing tasks in a web application.

__Examples__

  1. ``` js
  2. // TODO
  3. ```


Utilities


Provides utility functions, including byte buffer support, base64,
bytes to/from hex, zlib inflate/deflate, etc.

__Examples__

  1. ``` js
  2. // encode/decode base64
  3. var encoded = forge.util.encode64(str);
  4. var str = forge.util.decode64(encoded);

  6. // encode/decode UTF-8
  7. var encoded = forge.util.encodeUtf8(str);
  8. var str = forge.util.decodeUtf8(encoded);

  10. // bytes to/from hex
  11. var bytes = forge.util.hexToBytes(hex);
  12. var hex = forge.util.bytesToHex(bytes);

  14. // create an empty byte buffer
  15. var buffer = forge.util.createBuffer();
  16. // create a byte buffer from raw binary bytes
  17. var buffer = forge.util.createBuffer(input, 'raw');
  18. // create a byte buffer from utf8 bytes
  19. var buffer = forge.util.createBuffer(input, 'utf8');

  21. // get the length of the buffer in bytes
  22. buffer.length();
  23. // put bytes into the buffer
  24. buffer.putBytes(bytes);
  25. // put a 32-bit integer into the buffer
  26. buffer.putInt32(10);
  27. // buffer to hex
  28. buffer.toHex();
  29. // get a copy of the bytes in the buffer
  30. bytes.bytes(/* count */);
  31. // empty this buffer and get its contents
  32. bytes.getBytes(/* count */);

  34. // convert a forge buffer into a Node.js Buffer
  35. // make sure you specify the encoding as 'binary'
  36. var forgeBuffer = forge.util.createBuffer();
  37. var nodeBuffer = Buffer.from(forgeBuffer.getBytes(), 'binary');

  39. // convert a Node.js Buffer into a forge buffer
  40. // make sure you specify the encoding as 'binary'
  41. var nodeBuffer = Buffer.from('CAFE', 'hex');
  42. var forgeBuffer = forge.util.createBuffer(nodeBuffer.toString('binary'));
  43. ```


Logging


Provides logging to a javascript console using various categories and
levels of verbosity.

__Examples__

  1. ``` js
  2. // TODO
  3. ```


Flash Networking Support


The flash README provides details on rebuilding the
optional Flash component used for networking. It also provides details on
Policy Server support.

Security Considerations

When using this code please keep the following in mind:

- Cryptography is hard. Please review and test this code before depending on it
  for critical functionality.
- The nature of JavaScript is that execution of this code depends on trusting a
  very large set of JavaScript tools and systems. Consider runtime variations,
  runtime characteristics, runtime optimization, code optimization, code
  minimization, code obfuscation, bundling tools, possible bugs, the Forge code
  itself, and so on.
- If using pre-built bundles from [NPM][], another CDN, or similar, be aware
  someone else ran the tools to create those files.
- Use a secure transport channel such as [TLS][] to load scripts and consider
  using additional security mechanisms such as [Subresource Integrity][] script
  attributes.
- Use "native" functionality where possible. This can be critical when dealing
  with performance and random number generation. Note that the JavaScript
  random number algorithms should perform well if given suitable entropy.
- Understand possible attacks against cryptographic systems. For instance side
  channel and timing attacks may be possible due to the difficulty in
  implementing constant time algorithms in pure JavaScript.
- Certain features in this library are less susceptible to attacks depending on
  usage. This primarily includes features that deal with data format
  manipulation or those that are not involved in communication.

Library Background

https://digitalbazaar.com/2010/07/20/javascript-tls-1/
https://digitalbazaar.com/2010/07/20/javascript-tls-2/

Contact

Code: https://github.com/digitalbazaar/forge
Bugs: https://github.com/digitalbazaar/forge/issues
Email: support@digitalbazaar.com
IRC: [#forgejs][] on [Libera.Chat][] (people may also be on [freenode][] for
  historical reasons).

Donations

Financial support is welcome and helps contribute to futher development:

For [PayPal][] please send to paypal@digitalbazaar.com.
Something else? Please contact support@digitalbazaar.com.

[#forgejs]: https://webchat.freenode.net/?channels=#forgejs
[0.6.x]: https://github.com/digitalbazaar/forge/tree/0.6.x
[3DES]: https://en.wikipedia.org/wiki/Triple_DES
[AES]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
[ASN.1]: https://en.wikipedia.org/wiki/ASN.1
[Browserify]: http://browserify.org/
[CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
[CFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
[CTR]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
[CommonJS]: https://en.wikipedia.org/wiki/CommonJS
[DES]: https://en.wikipedia.org/wiki/Data_Encryption_Standard
[ECB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
[Fortuna]: https://en.wikipedia.org/wiki/Fortuna_(PRNG)
[GCM]: https://en.wikipedia.org/wiki/GCM_mode
[HMAC]: https://en.wikipedia.org/wiki/HMAC
[JavaScript]: https://en.wikipedia.org/wiki/JavaScript
[Karma]: https://karma-runner.github.io/
[Libera.Chat]: https://libera.chat/
[MD5]: https://en.wikipedia.org/wiki/MD5
[NPM]: https://www.npmjs.com/
[Node.js]: https://nodejs.org/
[OFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
[PKCS#10]: https://en.wikipedia.org/wiki/Certificate_signing_request
[PKCS#12]: https://en.wikipedia.org/wiki/PKCS_%E2%99%AF12
[PKCS#5]: https://en.wikipedia.org/wiki/PKCS
[PKCS#7]: https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
[PayPal]: https://www.paypal.com/
[RC2]: https://en.wikipedia.org/wiki/RC2
[SHA-1]: https://en.wikipedia.org/wiki/SHA-1
[SHA-256]: https://en.wikipedia.org/wiki/SHA-256
[SHA-384]: https://en.wikipedia.org/wiki/SHA-384
[SHA-512]: https://en.wikipedia.org/wiki/SHA-512
[Subresource Integrity]: https://www.w3.org/TR/SRI/
[TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security
[UMD]: https://github.com/umdjs/umd
[X.509]: https://en.wikipedia.org/wiki/X.509
[freenode]: https://freenode.net/
[unpkg]: https://unpkg.com/
[webpack]: https://webpack.github.io/
[TweetNaCl.js]: https://github.com/dchest/tweetnacl-js